--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/mod_tls_policy/mod_tls_policy.lua Fri Jan 30 12:12:06 2015 +0100
@@ -0,0 +1,37 @@
+
+assert(require"ssl.core".info, "Incompatible LuaSec version");
+
+local function hook(event_name, typ, policy)
+ if not policy then return end
+ if policy == "FS" then
+ policy = { key = "DH$" };
+ elseif type(policy) == "string" then
+ policy = { cipher = policy };
+ end
+
+ module:hook(event_name, function (event)
+ local origin = event.origin;
+ if origin.encrypted then
+ local info = origin.conn:socket():info();
+ for key, what in pairs(policy) do
+ module:log("debug", "Does info[%q] = %s match %s ?", key, tostring(info[key]), tostring(what));
+ if (type(what) == "number" and what < info[key] ) or (type(what) == "string" and not what:match(info[key])) then
+ origin:close({ condition = "policy-violation", text = "Cipher not acceptable" });
+ return false;
+ end
+ module:log("debug", "Seems so");
+ end
+ module:log("debug", "Policy matches");
+ end
+ end, 1000);
+end
+
+local policy = module:get_option(module.name, {});
+
+if type(policy) == "string" then
+ policy = { c2s = policy, s2s = policy };
+end
+
+hook("stream-features", "c2s", policy.c2s);
+hook("s2s-stream-features", "s2sin", policy.s2sin or policy.s2s);
+hook("stanza/http://etherx.jabber.org/streams:features", "s2sout", policy.s2sout or policy.s2s);