From 4cc85dc0566faf031f8848d6ba19e658d9402eb7 Mon Sep 17 00:00:00 2001
From: Matthew Wild <mwild1@gmail.com>
Date: Wed, 7 Sep 2022 11:29:00 +0100
Subject: mod_c2s: Add session.ssl_cfg/ssl_ctx for direct TLS connections

---
 plugins/mod_c2s.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'plugins/mod_c2s.lua')

diff --git a/plugins/mod_c2s.lua b/plugins/mod_c2s.lua
index b80485f5..d6c8a7b8 100644
--- a/plugins/mod_c2s.lua
+++ b/plugins/mod_c2s.lua
@@ -11,9 +11,11 @@ module:set_global();
 local add_task = require "prosody.util.timer".add_task;
 local new_xmpp_stream = require "prosody.util.xmppstream".new;
 local nameprep = require "prosody.util.encodings".stringprep.nameprep;
+local certmanager = require "prosody.core.certmanager";
 local sessionmanager = require "prosody.core.sessionmanager";
 local statsmanager = require "prosody.core.statsmanager";
 local st = require "prosody.util.stanza";
+local pm_get_tls_config_at = require "core.portmanager".get_tls_config_at;
 local sm_new_session, sm_destroy_session = sessionmanager.new_session, sessionmanager.destroy_session;
 local uuid_generate = require "prosody.util.uuid".generate;
 local async = require "prosody.util.async";
@@ -308,6 +310,12 @@ function listener.onconnect(conn)
 		session.secure = true;
 		session.encrypted = true;
 
+		local server = conn:server();
+		local tls_config = pm_get_tls_config_at(server:ip(), server:serverport());
+		local autocert = certmanager.find_host_cert(session.conn:socket():getsniname());
+		session.ssl_cfg = autocert or tls_config;
+		session.ssl_ctx = conn:sslctx();
+
 		-- Check if TLS compression is used
 		local info = conn:ssl_info();
 		if type(info) == "table" then
-- 
cgit v1.2.3