# HG changeset patch # User Kim Alvefur # Date 1628621743 -7200 # Node ID 4625093b0768e15bf5cd85945d10f81cd639b9b6 # Parent c5f2b63cf6ff07012d3631b3f2fccb7ada7f30ec mod_s2s: Add a Direct TLS listener Mirroring the c2s 'direct_tls'. Naming things is hard. direct_tls_s2s_ports = { 5269+1 } diff -r c5f2b63cf6ff -r 4625093b0768 CHANGES --- a/CHANGES Tue Aug 10 20:54:38 2021 +0200 +++ b/CHANGES Tue Aug 10 20:55:43 2021 +0200 @@ -26,7 +26,7 @@ - statistics scheduling can be done by plugin - mod_server_contact_info now loaded on components if enabled - Statistics now based on OpenMetrics -- Direct TLS support +- Direct TLS support (c2s and incoming s2s) - Offline messages aren't sent to MAM clients - Network backend server_select deprecated diff -r c5f2b63cf6ff -r 4625093b0768 doc/doap.xml --- a/doc/doap.xml Tue Aug 10 20:54:38 2021 +0200 +++ b/doc/doap.xml Tue Aug 10 20:55:43 2021 +0200 @@ -641,7 +641,7 @@ 1.1.0 partial 0.2.0 - c2s only direct_tls_ports, formerly legacy_ssl_ports + direct_tls_ports (formerly legacy_ssl_ports) for c2s and direct_tls_s2s_ports for s2s diff -r c5f2b63cf6ff -r 4625093b0768 plugins/mod_s2s.lua --- a/plugins/mod_s2s.lua Tue Aug 10 20:54:38 2021 +0200 +++ b/plugins/mod_s2s.lua Tue Aug 10 20:55:43 2021 +0200 @@ -967,3 +967,17 @@ }; }); + +module:provides("net", { + name = "direct_tls_s2s"; + listener = listener; + encryption = "ssl"; + ssl_config = { + verify = { "peer", "client_once", }; + }; + multiplex = { + protocol = "xmpp-server"; + pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>"; + }; +}); +