mod_s2s_bidi: Ignore unencrypted connections if s2s_require_encryption is set
Prevents some weirdness in cases where no authentication is done
--- a/plugins/mod_s2s_bidi.lua Thu Nov 28 18:30:30 2019 +0100
+++ b/plugins/mod_s2s_bidi.lua Thu Nov 28 18:57:17 2019 +0100
@@ -10,15 +10,17 @@
local xmlns_bidi_feature = "urn:xmpp:features:bidi"
local xmlns_bidi = "urn:xmpp:bidi";
+local require_encryption = module:get_option_boolean("s2s_require_encryption", false);
+
module:hook("s2s-stream-features", function(event)
local origin, features = event.origin, event.features;
- if origin.type == "s2sin_unauthed" then
+ if origin.type == "s2sin_unauthed" and (not require_encryption or origin.secure) then
features:tag("bidi", { xmlns = xmlns_bidi_feature }):up();
end
end);
module:hook_tag("http://etherx.jabber.org/streams", "features", function (session, stanza)
- if session.type == "s2sout_unauthed" then
+ if session.type == "s2sout_unauthed" and (not require_encryption or session.secure) then
local bidi = stanza:get_child("bidi", xmlns_bidi_feature);
if bidi then
session.incoming = true;
@@ -29,7 +31,7 @@
end, 200);
module:hook_tag("urn:xmpp:bidi", "bidi", function(session)
- if session.type == "s2sin_unauthed" then
+ if session.type == "s2sin_unauthed" and (not require_encryption or session.secure) then
session.log("debug", "Requested bidirectional stream");
session.outgoing = true;
return true;