From 90215f635bf8fd031d3505d54a88aa0440bea29b Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Fri, 21 Jan 2022 18:42:38 +0100
Subject: mod_s2s: Retrieve TLS context for outgoing Direct TLS connections
 from mod_tls

So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.

A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
---
 plugins/mod_tls.lua | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'plugins/mod_tls.lua')

diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua
index a97f7027..f62032b6 100644
--- a/plugins/mod_tls.lua
+++ b/plugins/mod_tls.lua
@@ -79,7 +79,7 @@ end
 module:hook_global("config-reloaded", module.load);
 
 local function can_do_tls(session)
-	if not session.conn.starttls then
+	if session.conn and not session.conn.starttls then
 		if not session.secure then
 			session.log("debug", "Underlying connection does not support STARTTLS");
 		end
@@ -116,6 +116,11 @@ local function can_do_tls(session)
 	return session.ssl_ctx;
 end
 
+module:hook("s2sout-created", function (event)
+	-- Initialize TLS context for outgoing connections
+	can_do_tls(event.session);
+end);
+
 -- Hook <starttls/>
 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
 	local origin = event.origin;
-- 
cgit v1.2.3