Mercurial > prosody-modules
annotate mod_s2s_never_encrypt_blacklist/mod_s2s_never_encrypt_blacklist.lua @ 4381:a1256e376dca
mod_invites_register_api: reroute register call
The token from the URI was not used anyway. In addition, we now
return the resulting JID because it’s the only way to be sure.
| author | Jonas Schäfer <jonas@wielicki.name> |
|---|---|
| date | Mon, 25 Jan 2021 16:55:39 +0100 |
| parents | 7dbde05b48a9 |
| children |
| rev | line source |
|---|---|
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
1 -- Filter out servers which gets choppy and buggy when it comes to starttls. |
|
930
c08b424583c3
mod_s2s_never_encrypt_blacklist: complete missing banner.
Marco Cirillo <maranda@lightwitch.org>
parents:
924
diff
changeset
|
2 -- (C) 2011-2013, Marco Cirillo (LW.Org) |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
3 |
|
921
ef859c9d42c4
mod_s2s_never_encrypt_blacklist: supply an empty table as default value, fixes traceback. (Thanks Tobias)
Marco Cirillo <maranda@lightwitch.org>
parents:
531
diff
changeset
|
4 local bad_servers = module:get_option_set("tls_s2s_blacklist", {}) |
|
ef859c9d42c4
mod_s2s_never_encrypt_blacklist: supply an empty table as default value, fixes traceback. (Thanks Tobias)
Marco Cirillo <maranda@lightwitch.org>
parents:
531
diff
changeset
|
5 local bad_servers_ip = module:get_option_set("tls_s2s_blacklist_ip", {}) |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
6 local libev = module:get_option_boolean("use_libevent") |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
7 |
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
8 local function disable_tls_for_baddies_in(event) |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
9 local session = event.origin |
|
1343
7dbde05b48a9
all the things: Remove trailing whitespace
Florian Zeitz <florob@babelmonkeys.de>
parents:
930
diff
changeset
|
10 if bad_servers:contains(session.from_host) or bad_servers_ip:contains(session.conn:ip()) then |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
11 module:log("debug", "disabling tls on incoming stream from %s...", tostring(session.from_host)); |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
12 if libev then session.conn.starttls = false; else session.conn.starttls = nil; end |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
13 end |
|
412
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
14 end |
|
8963f4026f3a
mod_s2s_never_encrypt_blacklist: first commit.
Marco Cirillo <maranda@lightwitch.org>
parents:
diff
changeset
|
15 |
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
16 local function disable_tls_for_baddies_out(event) |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
17 local session = event.origin |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
18 if bad_servers:contains(session.to_host) then |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
19 module:log("debug", "disabling tls on outgoing stream from %s...", tostring(session.to_host)); |
|
924
0a78ac54bd03
mod_s2s_never_encrypt_blacklist: conn objects on libev carry a metatable, perhaps have starttls set to false instead of nil.
Marco Cirillo <maranda@lightwitch.org>
parents:
923
diff
changeset
|
20 if libev then session.conn.starttls = false; else session.conn.starttls = nil; end |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
21 end |
|
413
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
22 end |
|
e4d33cdfed21
mod_s2s_never_encrypt_blacklist: filter both incoming and outgoing streams.
Marco Cirillo <maranda@lightwitch.org>
parents:
412
diff
changeset
|
23 |
|
922
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
24 module:hook("s2s-stream-features", disable_tls_for_baddies_in, 600) |
|
661e2322b4df
mod_s2s_never_encrypt_blacklist: cleanup code, also hooks were mixed up.
Marco Cirillo <maranda@lightwitch.org>
parents:
921
diff
changeset
|
25 module:hook("stanza/http://etherx.jabber.org/streams:features", disable_tls_for_baddies_out, 600) |