Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
s2smanager: Make require_s2s_encryption do what it says on the tin
authorMatthew Wild <mwild1@gmail.com>
Sat, 30 Jan 2010 16:42:27 +0000
changeset 2537 80641e786b35
parent 2536 922e6e84d0bf
child 2538 0db17d1f77fb
s2smanager: Make require_s2s_encryption do what it says on the tin
core/s2smanager.lua file | annotate | diff | comparison | revisions 
--- a/core/s2smanager.lua	Fri Jan 29 17:09:20 2010 +0000
+++ b/core/s2smanager.lua	Sat Jan 30 16:42:27 2010 +0000
@@ -453,6 +453,16 @@
 end
 
 function make_authenticated(session, host)
+	if not session.secure then
+		local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+		if config.get(local_host, "core", "require_s2s_encryption")) then
+			session:close({
+				condition = "policy-violation",
+				text = "Encrypted server-to-server communication is required but was not "
+				       ..((session.direction == "outgoing" and "offered") or "used")
+			});
+		end
+	end
 	if session.type == "s2sout_unauthed" then
 		session.type = "s2sout";
 	elseif session.type == "s2sin_unauthed" then
prosody