From a2f8218a63e2ebbe04d1a0fc2a235af59c34f515 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Tue, 2 Aug 2022 19:26:26 +0200 Subject: mod_tls: Record STARTTLS state so it can be shown in Shell This field can be viewed using s2s:show(nil, "... starttls") even without any special support in mod_admin_shell, which can be added later to make it nicer. One can then assume that a TLS connection with an empty / nil starttls field means Direct TLS. --- plugins/mod_tls.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins/mod_tls.lua') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index fc35b1d0..380effe3 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -128,6 +128,7 @@ end); -- Hook module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) local origin = event.origin; + origin.starttls = "requested"; if can_do_tls(origin) then if origin.conn.block_reads then -- we need to ensure that no data is read anymore, otherwise we could end up in a situation where @@ -176,6 +177,7 @@ module:hook_tag("http://etherx.jabber.org/streams", "features", function (sessio module:log("debug", "%s is not offering TLS", session.to_host); return; end + session.starttls = "initiated"; session.sends2s(starttls_initiate); return true; end @@ -193,6 +195,7 @@ module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luachec if session.type == "s2sout_unauthed" and can_do_tls(session) then module:log("debug", "Proceeding with TLS on s2sout..."); session:reset_stream(); + session.starttls = "proceeding" session.conn:starttls(session.ssl_ctx, session.to_host); session.secure = false; return true; -- cgit v1.2.3