37 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); |
37 local opt_keepalives = module:get_option_boolean("s2s_tcp_keepalives", module:get_option_boolean("tcp_keepalives", true)); |
38 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... |
38 local secure_auth = module:get_option_boolean("s2s_secure_auth", false); -- One day... |
39 local secure_domains, insecure_domains = |
39 local secure_domains, insecure_domains = |
40 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; |
40 module:get_option_set("s2s_secure_domains", {})._items, module:get_option_set("s2s_insecure_domains", {})._items; |
41 local require_encryption = module:get_option_boolean("s2s_require_encryption", false); |
41 local require_encryption = module:get_option_boolean("s2s_require_encryption", false); |
42 local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit"); -- TODO come up with a sensible default (util.xmppstream defaults to 10M) |
42 local stanza_size_limit = module:get_option_number("s2s_stanza_size_limit", 1024*512); |
43 |
43 |
44 local measure_connections_inbound = module:metric( |
44 local measure_connections_inbound = module:metric( |
45 "gauge", "connections_inbound", "", |
45 "gauge", "connections_inbound", "", |
46 "Established incoming s2s connections", |
46 "Established incoming s2s connections", |
47 {"host", "type", "ip_family"} |
47 {"host", "type", "ip_family"} |
341 |
341 |
342 return true; |
342 return true; |
343 end |
343 end |
344 |
344 |
345 --- Helper to check that a session peer's certificate is valid |
345 --- Helper to check that a session peer's certificate is valid |
346 function check_cert_status(session) |
346 local function check_cert_status(session) |
347 local host = session.direction == "outgoing" and session.to_host or session.from_host |
347 local host = session.direction == "outgoing" and session.to_host or session.from_host |
348 local conn = session.conn:socket() |
348 local conn = session.conn:socket() |
349 local cert |
349 local cert |
350 if conn.getpeercertificate then |
350 if conn.getpeercertificate then |
351 cert = conn:getpeercertificate() |
351 cert = conn:getpeercertificate() |