Mercurial Mercurial > prosody > prosody / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/mod_tls.lua
changeset 6524 29c7586665f5
parent 6490 edc63dc72566
child 6529 873538f0b18c
equal deleted inserted replaced
6523:c6caaa440e74 6524:29c7586665f5 
    30 
    30 
    31 local hosts = prosody.hosts;
 
    31 local hosts = prosody.hosts;
 
    32 local host = hosts[module.host];
 
    32 local host = hosts[module.host];
 
    33 
    33 
    34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
 
    34 local ssl_ctx_c2s, ssl_ctx_s2sout, ssl_ctx_s2sin;
 
       
    35 local ssl_cfg_c2s, ssl_cfg_s2sout, ssl_cfg_s2sin;
 
    35 do
 
    36 do
 
    36 	local NULL, err = {};
 
    37 	local NULL = {};
 
    37 	local global = module:context("*");
 
    38 	local global = module:context("*");
 
    38 	local parent = module:context(module.host:match("%.(.*)$"));
 
    39 	local parent = module:context(module.host:match("%.(.*)$"));
 
    39 
    40 
    40 	local parent_ssl = parent:get_option("ssl");
 
    41 	local parent_ssl = parent:get_option("ssl");
 
    41 	local host_ssl   = module:get_option("ssl", parent_ssl);
 
    42 	local host_ssl   = module:get_option("ssl", parent_ssl);
 
    46 
    47 
    47 	local global_s2s = global:get_option("s2s_ssl", NULL);
 
    48 	local global_s2s = global:get_option("s2s_ssl", NULL);
 
    48 	local parent_s2s = parent:get_option("s2s_ssl", NULL);
 
    49 	local parent_s2s = parent:get_option("s2s_ssl", NULL);
 
    49 	local host_s2s   = module:get_option("s2s_ssl", parent_s2s);
 
    50 	local host_s2s   = module:get_option("s2s_ssl", parent_s2s);
 
    50 
    51 
    51 	ssl_ctx_c2s, err = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
 
    52 	ssl_ctx_c2s, ssl_cfg_c2s = create_context(host.host, "server", host_c2s, host_ssl, global_c2s); -- for incoming client connections
 
    52 	if err then module:log("error", "Error creating context for c2s: %s", err); end
 
    53 	if not ssl_ctx_c2s then module:log("error", "Error creating context for c2s: %s", ssl_cfg_c2s); end
 
    53 
    54 
    54 	ssl_ctx_s2sin, err = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
 
    55 	ssl_ctx_s2sout, ssl_cfg_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
 
    55 	ssl_ctx_s2sout = create_context(host.host, "client", host_s2s, host_ssl, global_s2s); -- for outgoing server connections
 
    56 	if not ssl_ctx_s2sout then module:log("error", "Error creating contexts for s2sout: %s", ssl_cfg_s2sin); end
 
    56 	if err then module:log("error", "Error creating context for s2s: %s", err); end -- Both would have the same issue
 
    57 
       
    58 	ssl_ctx_s2sin, ssl_cfg_s2sin = create_context(host.host, "server", host_s2s, host_ssl, global_s2s); -- for incoming server connections
 
       
    59 	if not ssl_ctx_s2sin then module:log("error", "Error creating contexts for s2sin: %s", ssl_cfg_s2sin); end
 
    57 end
 
    60 end
 
    58 
    61 
    59 local function can_do_tls(session)
 
    62 local function can_do_tls(session)
 
    60 	if not session.conn.starttls then
 
    63 	if not session.conn.starttls then
 
    61 		return false;
 
    64 		return false;
 
    62 	elseif session.ssl_ctx then
 
    65 	elseif session.ssl_ctx then
 
    63 		return true;
 
    66 		return true;
 
    64 	end
 
    67 	end
 
    65 	if session.type == "c2s_unauthed" then
 
    68 	if session.type == "c2s_unauthed" then
 
    66 		session.ssl_ctx = ssl_ctx_c2s;
 
    69 		session.ssl_ctx = ssl_ctx_c2s;
 
       
    70 		session.ssl_cfg = ssl_cfg_c2s;
 
    67 	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 
    71 	elseif session.type == "s2sin_unauthed" and allow_s2s_tls then
 
    68 		session.ssl_ctx = ssl_ctx_s2sin;
 
    72 		session.ssl_ctx = ssl_ctx_s2sin;
 
       
    73 		session.ssl_cfg = ssl_cfg_s2sin;
 
    69 	elseif session.direction == "outgoing" and allow_s2s_tls then
 
    74 	elseif session.direction == "outgoing" and allow_s2s_tls then
 
    70 		session.ssl_ctx = ssl_ctx_s2sout;
 
    75 		session.ssl_ctx = ssl_ctx_s2sout;
 
       
    76 		session.ssl_cfg = ssl_cfg_s2sout;
 
    71 	else
 
    77 	else
 
    72 		return false;
 
    78 		return false;
 
    73 	end
 
    79 	end
 
    74 	return session.ssl_ctx;
 
    80 	return session.ssl_ctx;
 
    75 end
 
    81 end
prosody