equal
deleted
inserted
replaced
10 |
10 |
11 local xmlns_stream = 'http://etherx.jabber.org/streams'; |
11 local xmlns_stream = 'http://etherx.jabber.org/streams'; |
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
12 local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls'; |
13 |
13 |
14 local secure_auth_only = module:get_option("require_encryption"); |
14 local secure_auth_only = module:get_option("require_encryption"); |
|
15 local secure_s2s_only = module:get_option("require_s2s_encryption"); |
15 |
16 |
16 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
17 module:add_handler("c2s_unauthed", "starttls", xmlns_starttls, |
17 function (session, stanza) |
18 function (session, stanza) |
18 if session.conn.starttls then |
19 if session.conn.starttls then |
19 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
20 session.send(st.stanza("proceed", { xmlns = xmlns_starttls })); |
59 function (session, features) |
60 function (session, features) |
60 -- This hook is possibly called once per host (at least if the |
61 -- This hook is possibly called once per host (at least if the |
61 -- remote server does not specify a to/from. |
62 -- remote server does not specify a to/from. |
62 if session.to_host and session.conn.starttls and not features:child_with_ns(xmlns_starttls) then |
63 if session.to_host and session.conn.starttls and not features:child_with_ns(xmlns_starttls) then |
63 features:tag("starttls", starttls_attr):up(); |
64 features:tag("starttls", starttls_attr):up(); |
64 -- TODO: Make this optional :P |
65 if secure_s2s_only then |
65 --features:tag("required"):up():up(); |
66 features:tag("required"):up():up(); |
|
67 else |
|
68 features:up(); |
|
69 end |
66 end |
70 end |
67 end); |
71 end); |
68 |
72 |
69 -- For s2sout connections, start TLS if we can |
73 -- For s2sout connections, start TLS if we can |
70 module:hook_stanza(xmlns_stream, "features", |
74 module:hook_stanza(xmlns_stream, "features", |