prosody-modules: mod_disable_tls/mod_disable_tls.lua annotate

annotate mod_disable_tls/mod_disable_tls.lua @ 3447:5f2eeebcf899

mod_client_certs: do not crash on plain sockets In some situations (e.g., reverse-proxied websocket), non-TLS sockets can be marked as secure, causing mod_client_certs to call the undefined method getpeercertificate and crash.

author	Thibaut Girka <thib@sitedethib.com>
date	Fri, 18 Jan 2019 14:06:05 +0100
parents	25be5fde250f
children

rev	line source
1482 25be5fde250f mod_disable_tls: Default to empty set if disable_tls_ports not present in config (fixes traceback) Matthew Wild <mwild1@gmail.com> parents: 1481 diff changeset	1 local disable_tls_ports = module:get_option_set("disable_tls_ports", {});
1481 e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	2
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	3 module:hook("stream-features", function (event)
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	4 if disable_tls_ports:contains(event.origin.conn:serverport()) then
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	5 module:log("error", "Disabling TLS for client on port %d", event.origin.conn:serverport());
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	6 event.origin.conn.starttls = false;
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	7 end
e10e74583b5f mod_disable_tls: New module to disable c2s TLS by port number Matthew Wild <mwild1@gmail.com> parents: diff changeset	8 end, 1000);