Mercurial > prosody-hg
comparison plugins/mod_tls.lua @ 11766:6ad335cd43f9
mod_tls: Attempt STARTTLS on outgoing unencrypted legacy s2s connections
As suggested by RFC 7590
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 01 Sep 2021 19:05:24 +0200 |
| parents | f3aee8a825cc |
| children | 65e252940337 |
comparison
equal
deleted
inserted
replaced
| 11765:1cac469b18d0 | 11766:6ad335cd43f9 |
|---|---|
| 163 session.sends2s(starttls_initiate); | 163 session.sends2s(starttls_initiate); |
| 164 return true; | 164 return true; |
| 165 end | 165 end |
| 166 end, 500); | 166 end, 500); |
| 167 | 167 |
| 168 module:hook("s2sout-authenticate-legacy", function(event) | |
| 169 local session = event.origin; | |
| 170 if s2s_require_encryption and can_do_tls(session) then | |
| 171 session.sends2s(starttls_initiate); | |
| 172 return true; | |
| 173 end | |
| 174 end, 200); | |
| 175 | |
| 168 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza | 176 module:hook_tag(xmlns_starttls, "proceed", function (session, stanza) -- luacheck: ignore 212/stanza |
| 169 if session.type == "s2sout_unauthed" and can_do_tls(session) then | 177 if session.type == "s2sout_unauthed" and can_do_tls(session) then |
| 170 module:log("debug", "Proceeding with TLS on s2sout..."); | 178 module:log("debug", "Proceeding with TLS on s2sout..."); |
| 171 session:reset_stream(); | 179 session:reset_stream(); |
| 172 session.conn:starttls(session.ssl_ctx); | 180 session.conn:starttls(session.ssl_ctx); |
