From 31ac4804c2c3c6b12c53d64044a9cb7f6666314c Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Jan 2017 10:45:20 +0100 Subject: mod_tls: Only accept on outgoing s2s connections --- plugins/mod_tls.lua | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'plugins/mod_tls.lua') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 7eedb083..d9593b4c 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -124,9 +124,11 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end, 500); module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza - module:log("debug", "Proceeding with TLS on s2sout..."); - session:reset_stream(); - session.conn:starttls(session.ssl_ctx); - session.secure = false; - return true; + if session.type == "s2sout_unauthed" then + module:log("debug", "Proceeding with TLS on s2sout..."); + session:reset_stream(); + session.conn:starttls(session.ssl_ctx); + session.secure = false; + return true; + end end); -- cgit v1.2.3 From a5d48058fb1245ee6bf46abfbbf7ff373b166122 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 23 Jan 2017 10:46:42 +0100 Subject: mod_tls: Verify that TLS is available before proceeding --- plugins/mod_tls.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/mod_tls.lua') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index d9593b4c..5869b2a5 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -124,7 +124,7 @@ module:hook_stanza("http://etherx.jabber.org/streams", "features", function (ses end, 500); module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza - if session.type == "s2sout_unauthed" then + if session.type == "s2sout_unauthed" and can_do_tls(session) then module:log("debug", "Proceeding with TLS on s2sout..."); session:reset_stream(); session.conn:starttls(session.ssl_ctx); -- cgit v1.2.3