| author | Kim Alvefur <zash@zash.se> |
| Sun, 25 Jun 2023 16:27:55 +0200 | |
| changeset 5575 | ca3c2d11823c |
| parent 1343 | 7dbde05b48a9 |
| permissions | -rw-r--r-- |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 |
-- Filter out servers which gets choppy and buggy when it comes to starttls. |
|
930
c08b424583c3
mod_s2s_never_encrypt_blacklist: complete missing banner.
Marco Cirillo <maranda@lightwitch.org>
parents:
924
diff
changeset
|
2 |
-- (C) 2011-2013, Marco Cirillo (LW.Org) |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
|
|
921
ef859c9d42c4
mod_s2s_never_encrypt_blacklist: supply an empty table as default value, fixes traceback. (Thanks Tobias)
Marco Cirillo <maranda@lightwitch.org>
parents:
531
diff
changeset
|
4 |
local bad_servers = module:get_option_set("tls_s2s_blacklist", {}) |
|
ef859c9d42c4
mod_s2s_never_encrypt_blacklist: supply an empty table as default value, fixes traceback. (Thanks Tobias)
Marco Cirillo <maranda@lightwitch.org>
parents:
531
diff
changeset
|
5 |
local bad_servers_ip = module:get_option_set("tls_s2s_blacklist_ip", {}) |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
6 |
local libev = module:get_option_boolean("use_libevent") |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 |
|
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
8 |
local function disable_tls_for_baddies_in(event) |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
9 |
local session = event.origin |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
930
diff
changeset
|
10 |
if bad_servers:contains(session.from_host) or bad_servers_ip:contains(session.conn:ip()) then |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
11 |
module:log("debug", "disabling tls on incoming stream from %s...", tostring(session.from_host)); |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
12 |
if libev then session.conn.starttls = false; else session.conn.starttls = nil; end |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
13 |
end |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 |
end |
|
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 |
|
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
16 |
local function disable_tls_for_baddies_out(event) |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
17 |
local session = event.origin |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
18 |
if bad_servers:contains(session.to_host) then |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
19 |
module:log("debug", "disabling tls on outgoing stream from %s...", tostring(session.to_host)); |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
20 |
if libev then session.conn.starttls = false; else session.conn.starttls = nil; end |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
21 |
end |
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
22 |
end |
|
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
23 |
|
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
24 |
module:hook("s2s-stream-features", disable_tls_for_baddies_in, 600) |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
25 |
module:hook("stanza/http://etherx.jabber.org/streams:features", disable_tls_for_baddies_out, 600) |