mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Retrieve TLS context for outgoing Direct TLS connections from mod_tls

Browse source 
So that the same TLS context is used for both Direct TLS and starttls,
since they are supposed to be functionally identical apart from the few
extra round trips.

A new event is added because the 's2s-created' event fires much later,
after a connection has already been established, where we need the TLS
context before that.
This commit is contained in:
Kim Alvefur 2022-01-21 18:42:38 +01:00
parent 268dfa38c0
commit 90215f635b
2 changed files with 17 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
plugins/mod_s2s.lua
View file

@ -218,14 +218,18 @@ function route_to_new_session(event)
log("debug", "stanza [%s] queued until connection complete", stanza.name);
-- FIXME Cleaner solution to passing extra data from resolvers to net.server
-- This mt-clone allows resolvers to add extra data, currently used for DANE TLSA records
module:context(from_host):fire_event("s2sout-created", { session = host_session });
local xmpp_extra = setmetatable({}, s2s_service_options_mt);
local sslctx = require"core.certmanager".create_context(from_host, "client"); -- TODO this should live in mod_tls ?
local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
local direct_and_normal = resolver_chain.new({
service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
});
connect(direct_and_normal, listener, nil, { session = host_session });
local resolver = service.new(to_host, "xmpp-server", "tcp", xmpp_extra);
if host_session.ssl_ctx then
local sslctx = host_session.ssl_ctx;
local xmpps_extra = setmetatable({ default_port = false; servername = to_host; sslctx = sslctx }, s2s_service_options_mt);
resolver = resolver_chain.new({
service.new(to_host, "xmpps-server", "tcp", xmpps_extra);
resolver;
});
end
connect(resolver, listener, nil, { session = host_session });
m_initiated_connections:with_labels(from_host):add(1)
return true;
end

7
plugins/mod_tls.lua
View file

@ -79,7 +79,7 @@ end
module:hook_global("config-reloaded", module.load);
local function can_do_tls(session)
if not session.conn.starttls then
if session.conn and not session.conn.starttls then
if not session.secure then
session.log("debug", "Underlying connection does not support STARTTLS");
end
@ -116,6 +116,11 @@ local function can_do_tls(session)
return session.ssl_ctx;
end
module:hook("s2sout-created", function (event)
-- Initialize TLS context for outgoing connections
can_do_tls(event.session);
end);
-- Hook <starttls/>
module:hook("stanza/urn:ietf:params:xml:ns:xmpp-tls:starttls", function(event)
local origin = event.origin;