# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1628621743 -7200
# Node ID 4625093b0768e15bf5cd85945d10f81cd639b9b6
# Parent  c5f2b63cf6ff07012d3631b3f2fccb7ada7f30ec
mod_s2s: Add a Direct TLS listener

Mirroring the c2s 'direct_tls'. Naming things is hard.

direct_tls_s2s_ports = { 5269+1 }

diff -r c5f2b63cf6ff -r 4625093b0768 CHANGES
--- a/CHANGES	Tue Aug 10 20:54:38 2021 +0200
+++ b/CHANGES	Tue Aug 10 20:55:43 2021 +0200
@@ -26,7 +26,7 @@
 -   statistics scheduling can be done by plugin
 -   mod_server_contact_info now loaded on components if enabled
 -   Statistics now based on OpenMetrics
--   Direct TLS support
+-   Direct TLS support (c2s and incoming s2s)
 -   Offline messages aren't sent to MAM clients
 -   Network backend server_select deprecated
 
diff -r c5f2b63cf6ff -r 4625093b0768 doc/doap.xml
--- a/doc/doap.xml	Tue Aug 10 20:54:38 2021 +0200
+++ b/doc/doap.xml	Tue Aug 10 20:55:43 2021 +0200
@@ -641,7 +641,7 @@
         <xmpp:version>1.1.0</xmpp:version>
         <xmpp:status>partial</xmpp:status>
         <xmpp:since>0.2.0</xmpp:since>
-        <xmpp:note>c2s only direct_tls_ports, formerly legacy_ssl_ports</xmpp:note>
+        <xmpp:note>direct_tls_ports (formerly legacy_ssl_ports) for c2s and direct_tls_s2s_ports for s2s</xmpp:note>
       </xmpp:SupportedXep>
     </implements>
     <implements>
diff -r c5f2b63cf6ff -r 4625093b0768 plugins/mod_s2s.lua
--- a/plugins/mod_s2s.lua	Tue Aug 10 20:54:38 2021 +0200
+++ b/plugins/mod_s2s.lua	Tue Aug 10 20:55:43 2021 +0200
@@ -967,3 +967,17 @@
 	};
 });
 
+
+module:provides("net", {
+	name = "direct_tls_s2s";
+	listener = listener;
+	encryption = "ssl";
+	ssl_config = {
+		verify = { "peer", "client_once", };
+	};
+	multiplex = {
+		protocol = "xmpp-server";
+		pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
+	};
+});
+