]> granicus.if.org Git - ejabberd/commitdiff
projects / ejabberd / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: eb884c8)
When TLS is required in s2s, add subelement to stream:features starttls
authorBadlop <badlop@process-one.net>
Fri, 10 Dec 2010 16:27:15 +0000 (17:27 +0100)
committerBadlop <badlop@process-one.net>
Sat, 11 Dec 2010 01:29:50 +0000 (02:29 +0100)
src/ejabberd_s2s_in.erl patch | blob | history

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index c29249c973b1fcf5d1d53431a9dd2ef0f36186ce..7bc183aa730d8165aa8cb91ef1dacd5a5840f3bb 100644 (file)
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -74,6 +74,7 @@
                shaper,
                tls = false,
                tls_enabled = false,
+               tls_required = false,
                tls_options = [],
                server,
                authenticated = false,
@@ -151,12 +152,14 @@ init([{SockMod, Socket}, Opts]) ->
                 {value, {_, S}} -> S;
                 _ -> none
             end,
-    StartTLS = case ejabberd_config:get_local_option(s2s_use_starttls) of
-                  undefined ->
-                      false;
-                  UseStartTLS ->
-                      UseStartTLS
-              end,
+    {StartTLS, TLSRequired} = case ejabberd_config:get_local_option(s2s_use_starttls) of
+             UseTls when (UseTls==undefined) or (UseTls==false) ->
+                 {false, false};
+             UseTls when (UseTls==true) or (UseTls==optional) ->
+                 {true, false};
+             required ->
+                 {true, true}
+         end,
     TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
                  undefined ->
                      [];
@@ -171,6 +174,7 @@ init([{SockMod, Socket}, Opts]) ->
            shaper = Shaper,
            tls = StartTLS,
            tls_enabled = false,
+           tls_required = TLSRequired,
            tls_options = TLSOpts,
            timer = Timer}}.
 
@@ -214,9 +218,12 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
            StartTLS = if
                           StateData#state.tls_enabled ->
                               [];
-                          true ->
-                              [{xmlelement, "starttls",
-                                [{"xmlns", ?NS_TLS}], []}]
+                          (not StateData#state.tls_enabled) and (not StateData#state.tls_required) ->
+                              [{xmlelement, "starttls", [{"xmlns", ?NS_TLS}], []}];
+                          (not StateData#state.tls_enabled) and StateData#state.tls_required ->
+                              [{xmlelement, "starttls", [{"xmlns", ?NS_TLS}],
+                                               [{xmlelement, "required", [], []}]
+                                          }]
                       end,
            send_element(StateData,
                         {xmlelement, "stream:features", [],
Unnamed repository; edit this file 'description' to name the repository.