From a3472930c03e481cc93668ac95004d881817c7e1 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Sat, 17 Oct 2009 16:25:28 +0100 Subject: mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) ) --- plugins/mod_tls.lua | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 79a74deb..8a450803 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -19,6 +19,9 @@ module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, if session.conn.starttls then session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); + if session.host and hosts[session.host].ssl_ctx_in then + session.conn.set_sslctx(hosts[session.host].ssl_ctx_in); + end session.conn.starttls(); session.log("info", "TLS negotiation started..."); session.secure = false; @@ -33,6 +36,9 @@ module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls, if session.conn.starttls then session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls })); session:reset_stream(); + if session.to_host and hosts[session.to_host].ssl_ctx_in then + session.conn.set_sslctx(hosts[session.to_host].ssl_ctx_in); + end session.conn.starttls(); session.log("info", "TLS negotiation started for incoming s2s..."); session.secure = false; -- cgit v1.2.3