Mercurial > prosody-modules

view mod_s2s_never_encrypt_blacklist/mod_s2s_never_encrypt_blacklist.lua @ 4876:0f5f2d4475b9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_xep227: Add support for import via APIs rather than direct store manipulation In particular this transitions PEP nodes and data to be imported via mod_pep's APIs, fixing issues with importing at runtime while PEP data may already be live in RAM. Next obvious candidate for this approach is rosters, so clients get immediate roster pushes and other special handling (such as emitting subscribes to reach the desired subscription state).
author Matthew Wild <mwild1@gmail.com>
date Tue, 18 Jan 2022 17:01:18 +0000
parents 7dbde05b48a9
children
line wrap: on
line source

-- Filter out servers which gets choppy and buggy when it comes to starttls.
-- (C) 2011-2013, Marco Cirillo (LW.Org)

local bad_servers = module:get_option_set("tls_s2s_blacklist", {})
local bad_servers_ip = module:get_option_set("tls_s2s_blacklist_ip", {})
local libev = module:get_option_boolean("use_libevent")

local function disable_tls_for_baddies_in(event)
	local session = event.origin
	if bad_servers:contains(session.from_host) or bad_servers_ip:contains(session.conn:ip()) then
		module:log("debug", "disabling tls on incoming stream from %s...", tostring(session.from_host));
		if libev then session.conn.starttls = false; else session.conn.starttls = nil; end
	end
end

local function disable_tls_for_baddies_out(event)
	local session = event.origin
	if bad_servers:contains(session.to_host) then
		module:log("debug", "disabling tls on outgoing stream from %s...", tostring(session.to_host));
		if libev then session.conn.starttls = false; else session.conn.starttls = nil; end
	end
end

module:hook("s2s-stream-features", disable_tls_for_baddies_in, 600)
module:hook("stanza/http://etherx.jabber.org/streams:features", disable_tls_for_baddies_out, 600)