From 573c5bea616fdfc648f51427a7f3731b3da01c24 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 15 Jan 2014 21:57:15 +0100 Subject: mod_tls: Rename variables to be less confusing --- plugins/mod_tls.lua | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'plugins/mod_tls.lua') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 54c69873..6db02c2c 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -10,8 +10,8 @@ local config = require "core.configmanager"; local create_context = require "core.certmanager".create_context; local st = require "util.stanza"; -local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); -local secure_s2s_only = module:get_option("s2s_require_encryption"); +local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); +local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; @@ -20,8 +20,8 @@ local starttls_proceed = st.stanza("proceed", starttls_attr); local starttls_failure = st.stanza("failure", starttls_attr); local c2s_feature = st.stanza("starttls", starttls_attr); local s2s_feature = st.stanza("starttls", starttls_attr); -if secure_auth_only then c2s_feature:tag("required"):up(); end -if secure_s2s_only then s2s_feature:tag("required"):up(); end +if c2s_require_encryption then c2s_feature:tag("required"):up(); end +if s2s_require_encryption then s2s_feature:tag("required"):up(); end local global_ssl_ctx = prosody.global_ssl_ctx; -- cgit v1.2.3 From 410ab5d97b3b3fae6755c5bd3d6d4efb0842e9ee Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 15 Jan 2014 22:47:50 +0100 Subject: mod_tls: Let s2s_secure_auth override s2s_require_encryption and warn if they differ --- plugins/mod_tls.lua | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'plugins/mod_tls.lua') diff --git a/plugins/mod_tls.lua b/plugins/mod_tls.lua index 6db02c2c..2741b8d4 100644 --- a/plugins/mod_tls.lua +++ b/plugins/mod_tls.lua @@ -13,6 +13,12 @@ local st = require "util.stanza"; local c2s_require_encryption = module:get_option("c2s_require_encryption") or module:get_option("require_encryption"); local s2s_require_encryption = module:get_option("s2s_require_encryption"); local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false; +local s2s_secure_auth = module:get_option("s2s_secure_auth"); + +if s2s_secure_auth and s2s_require_encryption == false then + module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false"); + s2s_require_encryption = true; +end local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; local starttls_attr = { xmlns = xmlns_starttls }; -- cgit v1.2.3