diff options
author | Badlop <badlop@process-one.net> | 2010-12-10 19:27:15 +0300 |
---|---|---|
committer | Badlop <badlop@process-one.net> | 2010-12-11 04:29:50 +0300 |
commit | faf422202f08a1eaeaf72e3ade3c77e0737d59f2 (patch) | |
tree | 9ae70dfa4df0b6970484855ad6c365ae50eb6e44 /src/ejabberd_s2s_in.erl | |
parent | eb884c80d0cbe1dbdf8a2716fcf1b4d0325faa7c (diff) |
When TLS is required in s2s, add subelement to stream:features starttls
Diffstat (limited to 'src/ejabberd_s2s_in.erl')
-rw-r--r-- | src/ejabberd_s2s_in.erl | 25 |
1 files changed, 16 insertions, 9 deletions
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl index c29249c97..7bc183aa7 100644 --- a/src/ejabberd_s2s_in.erl +++ b/src/ejabberd_s2s_in.erl @@ -74,6 +74,7 @@ shaper, tls = false, tls_enabled = false, + tls_required = false, tls_options = [], server, authenticated = false, @@ -151,12 +152,14 @@ init([{SockMod, Socket}, Opts]) -> {value, {_, S}} -> S; _ -> none end, - StartTLS = case ejabberd_config:get_local_option(s2s_use_starttls) of - undefined -> - false; - UseStartTLS -> - UseStartTLS - end, + {StartTLS, TLSRequired} = case ejabberd_config:get_local_option(s2s_use_starttls) of + UseTls when (UseTls==undefined) or (UseTls==false) -> + {false, false}; + UseTls when (UseTls==true) or (UseTls==optional) -> + {true, false}; + required -> + {true, true} + end, TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of undefined -> []; @@ -171,6 +174,7 @@ init([{SockMod, Socket}, Opts]) -> shaper = Shaper, tls = StartTLS, tls_enabled = false, + tls_required = TLSRequired, tls_options = TLSOpts, timer = Timer}}. @@ -214,9 +218,12 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> StartTLS = if StateData#state.tls_enabled -> []; - true -> - [{xmlelement, "starttls", - [{"xmlns", ?NS_TLS}], []}] + (not StateData#state.tls_enabled) and (not StateData#state.tls_required) -> + [{xmlelement, "starttls", [{"xmlns", ?NS_TLS}], []}]; + (not StateData#state.tls_enabled) and StateData#state.tls_required -> + [{xmlelement, "starttls", [{"xmlns", ?NS_TLS}], + [{xmlelement, "required", [], []}] + }] end, send_element(StateData, {xmlelement, "stream:features", [], |