Mercurial > prosody-hg
comparison plugins/mod_tls.lua @ 2625:03287c06d986
mod_tls: Refactor to simplify detection of whether we can do TLS on a connection
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Fri, 12 Feb 2010 21:57:46 +0000 |
| parents | 1d34b45dec15 |
| children | e79057cf2538 |
comparison
equal
deleted
inserted
replaced
| 2624:99b60dc15174 | 2625:03287c06d986 |
|---|---|
| 22 | 22 |
| 23 local global_ssl_ctx = prosody.global_ssl_ctx; | 23 local global_ssl_ctx = prosody.global_ssl_ctx; |
| 24 | 24 |
| 25 local host = hosts[module.host]; | 25 local host = hosts[module.host]; |
| 26 | 26 |
| 27 local function can_do_tls(session) | |
| 28 if session.type == "c2s_unauthed" then | |
| 29 return session.username and session.conn.starttls and host.ssl_ctx_in; | |
| 30 elseif session.type == "s2sin_unauthed" then | |
| 31 return origin.to_host and origin.conn.starttls and host.ssl_ctx_in; | |
| 32 end | |
| 33 return false; | |
| 34 end | |
| 35 | |
| 27 -- Hook <starttls/> | 36 -- Hook <starttls/> |
| 28 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) | 37 module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event) |
| 29 local origin = event.origin; | 38 local origin = event.origin; |
| 30 if origin.conn.starttls then | 39 if can_do_tls(origin) then |
| 31 (origin.sends2s or origin.send)(starttls_proceed); | 40 (origin.sends2s or origin.send)(starttls_proceed); |
| 32 origin:reset_stream(); | 41 origin:reset_stream(); |
| 33 local host = origin.to_host or origin.host; | 42 local host = origin.to_host or origin.host; |
| 34 local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx; | 43 local ssl_ctx = host and hosts[host].ssl_ctx_in or global_ssl_ctx; |
| 35 origin.conn:starttls(ssl_ctx); | 44 origin.conn:starttls(ssl_ctx); |
| 44 end); | 53 end); |
| 45 | 54 |
| 46 -- Advertize stream feature | 55 -- Advertize stream feature |
| 47 module:hook("stream-features", function(event) | 56 module:hook("stream-features", function(event) |
| 48 local origin, features = event.origin, event.features; | 57 local origin, features = event.origin, event.features; |
| 49 if not origin.username and origin.conn.starttls and host.ssl_ctx_in then | 58 if can_do_tls(origin) then |
| 50 features:add_child(c2s_feature); | 59 features:add_child(c2s_feature); |
| 51 end | 60 end |
| 52 end); | 61 end); |
| 53 module:hook("s2s-stream-features", function(event) | 62 module:hook("s2s-stream-features", function(event) |
| 54 local origin, features = event.origin, event.features; | 63 local origin, features = event.origin, event.features; |
| 55 if origin.to_host and origin.type ~= "s2sin" and origin.conn.starttls and host.ssl_ctx_in then | 64 if can_do_tls(origin) then |
| 56 features:add_child(s2s_feature); | 65 features:add_child(s2s_feature); |
| 57 end | 66 end |
| 58 end); | 67 end); |
| 59 | 68 |
| 60 -- For s2sout connections, start TLS if we can | 69 -- For s2sout connections, start TLS if we can |
| 64 module:log("%s is offering TLS, taking up the offer...", session.to_host); | 73 module:log("%s is offering TLS, taking up the offer...", session.to_host); |
| 65 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); | 74 session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>"); |
| 66 return true; | 75 return true; |
| 67 end | 76 end |
| 68 end, 500); | 77 end, 500); |
| 78 | |
| 69 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) | 79 module:hook_stanza(xmlns_starttls, "proceed", function (session, stanza) |
| 70 module:log("debug", "Proceeding with TLS on s2sout..."); | 80 module:log("debug", "Proceeding with TLS on s2sout..."); |
| 71 session:reset_stream(); | 81 session:reset_stream(); |
| 72 local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; | 82 local ssl_ctx = session.from_host and hosts[session.from_host].ssl_ctx or global_ssl_ctx; |
| 73 session.conn:starttls(ssl_ctx, true); | 83 session.conn:starttls(ssl_ctx, true); |
