annotate mod_disable_tls/mod_disable_tls.lua @ 5512:1fbc8718bed6

mod_http_oauth2: Bind refresh tokens to client Prevent one OAuth client from using the refresh tokens issued to another client as required by RFC 6819 section 5.2.2.2 See also draft-ietf-oauth-security-topics-22 section 2.2.2 Thanks to OAuch for pointing out this issue
author Kim Alvefur <zash@zash.se>
date Fri, 02 Jun 2023 10:40:48 +0200
parents 25be5fde250f
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1482
25be5fde250f mod_disable_tls: Default to empty set if disable_tls_ports not present in config (fixes traceback)
Matthew Wild <mwild1@gmail.com>
parents: 1481
diff changeset
1 local disable_tls_ports = module:get_option_set("disable_tls_ports", {});
1481
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 module:hook("stream-features", function (event)
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 if disable_tls_ports:contains(event.origin.conn:serverport()) then
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 module:log("error", "Disabling TLS for client on port %d", event.origin.conn:serverport());
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 event.origin.conn.starttls = false;
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 end
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 end, 1000);