Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_tls: Do not offer TLS if the connection is considered secure
authorJonas Schäfer <jonas@wielicki.name>
Fri, 17 Sep 2021 21:18:30 +0200
changeset 12486 b193f8a2737e
parent 12485 2ee27587fec7
child 12487 988a3a7e1f35
mod_tls: Do not offer TLS if the connection is considered secure This may be necessary if the session.conn object is not exchanged by the network backend when establishing TLS. In that case, the starttls method will always exist and thus that is not a good indicator for offering TLS. However, the secure bit already tells us that TLS has been established or is not to be established on the connection, so we use that instead.
plugins/mod_tls.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_tls.lua	Sat Apr 02 11:15:33 2022 +0200
+++ b/plugins/mod_tls.lua	Fri Sep 17 21:18:30 2021 +0200
@@ -80,6 +80,9 @@
 module:hook_global("config-reloaded", module.load);
 
 local function can_do_tls(session)
+	if session.secure then
+		return false;
+	end
 	if session.conn and not session.conn.starttls then
 		if not session.secure then
 			session.log("debug", "Underlying connection does not support STARTTLS");
prosody