30 |
30 |
31 local hosts = prosody.hosts; |
31 local hosts = prosody.hosts; |
32 local host = hosts[module.host]; |
32 local host = hosts[module.host]; |
33 |
33 |
34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; |
34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin; |
|
35 local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin; |
35 do |
36 do |
36 local NULL, err = {}; |
37 local NULL = {}; |
37 local global = module:context("*"); |
38 local global = module:context("*"); |
38 local parent = module:context(module.host:match("%.(.*)$")); |
39 local parent = module:context(module.host:match("%.(.*)$")); |
39 |
40 |
40 local parent_ssl = parent:get_option("ssl"); |
41 local parent_ssl = parent:get_option("ssl"); |
41 local host_ssl = module:get_option("ssl", parent_ssl); |
42 local host_ssl = module:get_option("ssl", parent_ssl); |
46 |
47 |
47 local global_s2s = global:get_option("s2s_ssl", NULL); |
48 local global_s2s = global:get_option("s2s_ssl", NULL); |
48 local parent_s2s = parent:get_option("s2s_ssl", NULL); |
49 local parent_s2s = parent:get_option("s2s_ssl", NULL); |
49 local host_s2s = module:get_option("s2s_ssl", parent_s2s); |
50 local host_s2s = module:get_option("s2s_ssl", parent_s2s); |
50 |
51 |
51 ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections |
52 ssl_ctx_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections |
52 if err then module:log("error", "Error creating context for c2s: %s", err); end |
53 if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", ssl_cfg_c2s); end |
53 |
54 |
54 ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections |
55 ssl_ctx_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections |
55 ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections |
56 if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", ssl_cfg_s2sin); end |
56 if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue |
57 |
|
58 ssl_ctx_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections |
|
59 if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", ssl_cfg_s2sin); end |
57 end |
60 end |
58 |
61 |
59 local function can_do_tls(session) |
62 local function can_do_tls(session) |
60 if not session.conn.starttls then |
63 if not session.conn.starttls then |
61 return false; |
64 return false; |
62 elseif session.ssl_ctx then |
65 elseif session.ssl_ctx then |
63 return true; |
66 return true; |
64 end |
67 end |
65 if session.type == "c2s_unauthed" then |
68 if session.type == "c2s_unauthed" then |
66 session.ssl_ctx = ssl_ctx_c2s; |
69 session.ssl_ctx = ssl_ctx_c2s; |
|
70 session.ssl_cfg = ssl_cfg_c2s; |
67 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then |
71 elseif session.type == "s2sin_unauthed" and allow_s2s_tls then |
68 session.ssl_ctx = ssl_ctx_s2sin; |
72 session.ssl_ctx = ssl_ctx_s2sin; |
|
73 session.ssl_cfg = ssl_cfg_s2sin; |
69 elseif session.direction == "outgoing" and allow_s2s_tls then |
74 elseif session.direction == "outgoing" and allow_s2s_tls then |
70 session.ssl_ctx = ssl_ctx_s2sout; |
75 session.ssl_ctx = ssl_ctx_s2sout; |
|
76 session.ssl_cfg = ssl_cfg_s2sout; |
71 else |
77 else |
72 return false; |
78 return false; |
73 end |
79 end |
74 return session.ssl_ctx; |
80 return session.ssl_ctx; |
75 end |
81 end |