Mercurial > prosody-hg
comparison plugins/mod_tls.lua @ 7869:eb5fba4c8074
mod_tls: Check that connection has starttls method first to prevent offering starttls over tls (thanks Remko and Tobias)
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 27 Jan 2017 12:21:09 +0100 |
| parents | 7ece186a44d3 |
| children | d8029b2e0f43 |
comparison
equal
deleted
inserted
replaced
| 7867:194f540e13e2 | 7869:eb5fba4c8074 |
|---|---|
| 60 ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections | 60 ssl_ctx_s2sin, err, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections |
| 61 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end | 61 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", err); end |
| 62 end | 62 end |
| 63 | 63 |
| 64 local function can_do_tls(session) | 64 local function can_do_tls(session) |
| 65 if session.ssl_ctx ~= nil then | 65 if not session.conn.starttls then |
| 66 return false; | |
| 67 elseif session.ssl_ctx ~= nil then | |
| 66 return session.ssl_ctx; | 68 return session.ssl_ctx; |
| 67 elseif not session.conn.starttls then | |
| 68 return false; | |
| 69 end | 69 end |
| 70 if session.type == "c2s_unauthed" then | 70 if session.type == "c2s_unauthed" then |
| 71 session.ssl_ctx = ssl_ctx_c2s; | 71 session.ssl_ctx = ssl_ctx_c2s; |
| 72 session.ssl_cfg = ssl_cfg_c2s; | 72 session.ssl_cfg = ssl_cfg_c2s; |
| 73 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then | 73 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then |
