apitech
/
prosody
mirror of https://github.com/bjc/prosody
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
IMPORTANT: due to a drive failure, as of 13-Mar-2021, the Mercurial repository had to be re-mirrored, which changed every commit SHA. The old SHAs and trees are backed up in the vault branches. Please migrate to the new branches as soon as you can.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2454 Commits
12 Branches
101 Tags
54 MiB
Tag: Branch: Tree: a00a7f76bc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a00a7f76bc'
${ noResults }
prosody/plugins/mod_tls.lua

98 lines
3.2 KiB
Raw Normal View History Unescape

Remove version number from copyright headers
17 years ago
-- Prosody IM
Update copyright notices for 2009
17 years ago
-- Copyright (C) 2008-2009 Matthew Wild
-- Copyright (C) 2008-2009 Waqas Hussain
Insert copyright/license headers
17 years ago
--
GPL->MIT!
17 years ago
-- This project is MIT/X11 licensed. Please see the
-- COPYING file in the source package for more information.
Insert copyright/license headers
17 years ago
--
forgot to commit mod_tls, oops :)
17 years ago
local st = require "util.stanza";
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
local xmlns_stream = 'http://etherx.jabber.org/streams';
local xmlns_starttls = 'urn:ietf:params:xml:ns:xmpp-tls';
forgot to commit mod_tls, oops :)
17 years ago
require_encryption deprecated, use c2s_require_encryption instead
16 years ago
local secure_auth_only = module:get_option("c2s_require_encryption") or module:get_option("require_encryption");
mod_tls: require_s2s_encryption -> s2s_require_encryption
16 years ago
local secure_s2s_only = module:get_option("s2s_require_encryption");
mod_tls: Add <required/> to stream feature when TLS is required
17 years ago
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
17 years ago
module:add_handler("c2s_unauthed", "starttls", xmlns_starttls,
forgot to commit mod_tls, oops :)
17 years ago
function (session, stanza)
if session.conn.starttls then
Fixed mod_tls to use session.send for sending stanzas
17 years ago
session.send(st.stanza("proceed", { xmlns = xmlns_starttls }));
Abstract connections with "connection listeners" - Added connlistener for xmppclient - SASL/TLS now use a new session:reset_stream() method - main.lua on its way to being a bit neater
17 years ago
session:reset_stream();
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
16 years ago
if session.host and hosts[session.host].ssl_ctx_in then
mod_tls: Switch to : syntax for connection methods
16 years ago
session.conn:set_sslctx(hosts[session.host].ssl_ctx_in);
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
16 years ago
end
mod_tls: Switch to : syntax for connection methods
16 years ago
session.conn:starttls();
Abstract connections with "connection listeners" - Added connlistener for xmppclient - SASL/TLS now use a new session:reset_stream() method - main.lua on its way to being a bit neater
17 years ago
session.log("info", "TLS negotiation started...");
sessionmanager, mod_tls: Mark a session as secure when TLS is active
17 years ago
session.secure = false;
Abstract connections with "connection listeners" - Added connlistener for xmppclient - SASL/TLS now use a new session:reset_stream() method - main.lua on its way to being a bit neater
17 years ago
else
-- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this connection");
forgot to commit mod_tls, oops :)
17 years ago
end
end);
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
module:add_handler("s2sin_unauthed", "starttls", xmlns_starttls,
function (session, stanza)
if session.conn.starttls then
session.sends2s(st.stanza("proceed", { xmlns = xmlns_starttls }));
session:reset_stream();
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
16 years ago
if session.to_host and hosts[session.to_host].ssl_ctx_in then
mod_tls: Switch to : syntax for connection methods
16 years ago
session.conn:set_sslctx(hosts[session.to_host].ssl_ctx_in);
mod_tls: Offer the host-specific cert (when there is one) to incoming c2s/s2s connections, fixes #30 (thanks, albert, Flo, johnny, and all who nagged me :) )
16 years ago
end
mod_tls: Switch to : syntax for connection methods
16 years ago
session.conn:starttls();
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
session.log("info", "TLS negotiation started for incoming s2s...");
mod_tls: Mark session as not secure before negotiating TLS
16 years ago
session.secure = false;
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
else
-- FIXME: What reply?
session.log("warn", "Attempt to start TLS, but TLS is not available on this s2s connection");
end
end);
Use a stanza for c2s stream features instead of an array of strings. Removes a FIXME.
17 years ago
local starttls_attr = { xmlns = xmlns_starttls };
Bumper commit for the new modulemanager API \o/ Updates all the modules, though some more changes may be in store.
17 years ago
module:add_event_hook("stream-features",
Another unwanted spaces at the end of a line.
17 years ago
function (session, features)
mod_saslauth, mod_tls: minor code cleanup
17 years ago
if session.conn.starttls then
mod_tls: Add <required/> to stream feature when TLS is required
17 years ago
features:tag("starttls", starttls_attr);
if secure_auth_only then
features:tag("required"):up():up();
else
features:up();
end
mod_saslauth, mod_tls: minor code cleanup
17 years ago
end
end);
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
mod_tls: Catch s2s-stream-features and add starttls feature if possible
16 years ago
module:hook("s2s-stream-features",
function (data)
local session, features = data.session, data.features;
if session.to_host and session.conn.starttls then
mod_tls: :up() out of the starttls tag in stream:features
16 years ago
features:tag("starttls", starttls_attr):up();
mod_tls: Mark starttls feature as <required/> if require_s2s_encryption is enabled
16 years ago
if secure_s2s_only then
features:tag("required"):up():up();
else
features:up();
end
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
end
end);
-- For s2sout connections, start TLS if we can
module:hook_stanza(xmlns_stream, "features",
function (session, stanza)
module:log("debug", "Received features element");
mod_tls: Don't try to start TLS if we can't actually do it (thanks Florob)
16 years ago
if session.conn.starttls and stanza:child_with_ns(xmlns_starttls) then
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
module:log("%s is offering TLS, taking up the offer...", session.to_host);
session.sends2s("<starttls xmlns='"..xmlns_starttls.."'/>");
return true;
end
end, 500);
module:hook_stanza(xmlns_starttls, "proceed",
function (session, stanza)
module:log("debug", "Proceeding with TLS on s2sout...");
local format, to_host, from_host = string.format, session.to_host, session.from_host;
session:reset_stream();
mod_tls: Switch to : syntax for connection methods
16 years ago
session.conn:starttls(true);
mod_tls: Mark sessions as not secure when negotiating outward TLS, so they get marked secure later. Fixes missing (encrypted) for outgoing sessions in s2s:show(). Thanks albert, McKael :)
16 years ago
session.secure = false;
mod_tls: Advertise and handle TLS for s2s connections
16 years ago
return true;
end);