--- a/core/s2smanager.lua Fri Jan 29 17:09:20 2010 +0000
+++ b/core/s2smanager.lua Sat Jan 30 16:42:27 2010 +0000
@@ -453,6 +453,16 @@
end
function make_authenticated(session, host)
+ if not session.secure then
+ local local_host = session.direction == "incoming" and session.to_host or session.from_host;
+ if config.get(local_host, "core", "require_s2s_encryption")) then
+ session:close({
+ condition = "policy-violation",
+ text = "Encrypted server-to-server communication is required but was not "
+ ..((session.direction == "outgoing" and "offered") or "used")
+ });
+ end
+ end
if session.type == "s2sout_unauthed" then
session.type = "s2sout";
elseif session.type == "s2sin_unauthed" then