mod_s2s: Add a Direct TLS listener
Mirroring the c2s 'direct_tls'. Naming things is hard.
direct_tls_s2s_ports = { 5269+1 }
--- a/CHANGES Tue Aug 10 20:54:38 2021 +0200
+++ b/CHANGES Tue Aug 10 20:55:43 2021 +0200
@@ -26,7 +26,7 @@
- statistics scheduling can be done by plugin
- mod_server_contact_info now loaded on components if enabled
- Statistics now based on OpenMetrics
-- Direct TLS support
+- Direct TLS support (c2s and incoming s2s)
- Offline messages aren't sent to MAM clients
- Network backend server_select deprecated
--- a/doc/doap.xml Tue Aug 10 20:54:38 2021 +0200
+++ b/doc/doap.xml Tue Aug 10 20:55:43 2021 +0200
@@ -641,7 +641,7 @@
<xmpp:version>1.1.0</xmpp:version>
<xmpp:status>partial</xmpp:status>
<xmpp:since>0.2.0</xmpp:since>
- <xmpp:note>c2s only direct_tls_ports, formerly legacy_ssl_ports</xmpp:note>
+ <xmpp:note>direct_tls_ports (formerly legacy_ssl_ports) for c2s and direct_tls_s2s_ports for s2s</xmpp:note>
</xmpp:SupportedXep>
</implements>
<implements>
--- a/plugins/mod_s2s.lua Tue Aug 10 20:54:38 2021 +0200
+++ b/plugins/mod_s2s.lua Tue Aug 10 20:55:43 2021 +0200
@@ -967,3 +967,17 @@
};
});
+
+module:provides("net", {
+ name = "direct_tls_s2s";
+ listener = listener;
+ encryption = "ssl";
+ ssl_config = {
+ verify = { "peer", "client_once", };
+ };
+ multiplex = {
+ protocol = "xmpp-server";
+ pattern = "^<.*:stream.*%sxmlns%s*=%s*(['\"])jabber:server%1.*>";
+ };
+});
+