Mercurial > prosody-modules
changeset 5487:6cf2f32dbf40
mod_s2sout_override: Add support for Direct TLS
Well that was easy
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 24 May 2023 16:34:35 +0200 |
| parents | 71243bedb2b0 |
| children | 9a4556a13cc7 |
| files | mod_s2sout_override/README.md mod_s2sout_override/mod_s2sout_override.lua |
| diffstat | 2 files changed, 10 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2sout_override/README.md Wed May 24 15:56:26 2023 +0200 +++ b/mod_s2sout_override/README.md Wed May 24 16:34:35 2023 +0200 @@ -11,9 +11,12 @@ to URIs like `"tcp://host.example:port"`, to have Prosody connect there instead of doing normal DNS SRV resolution. -Currently only the `tcp://` scheme is supported. A future version could -support more methods including Direct TLS, alternate SRV lookup targets -or even UNIX sockets. +Currently supported schemes are `tcp://` and `tls://`. A future version +could support more methods including alternate SRV lookup targets or +even UNIX sockets. + +URIs with IP addresses like `tcp://127.0.0.1:9999` will bypass A/AAAA +DNS lookups. ```lua -- Global section @@ -25,6 +28,7 @@ s2sout_override = { ["example.com"] = "tcp://other.host.example:5299"; ["xmpp.example.net"] = "tcp://localhost:5999"; + ["secure.example"] = = "tls://127.0.0.1:5270"; } ```
--- a/mod_s2sout_override/mod_s2sout_override.lua Wed May 24 15:56:26 2023 +0200 +++ b/mod_s2sout_override/mod_s2sout_override.lua Wed May 24 16:34:35 2023 +0200 @@ -12,5 +12,8 @@ end if type(override) == "table" and override.scheme == "tcp" and type(override.host) == "string" then event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5269, override.scheme, {}); + elseif type(override) == "table" and override.scheme == "tls" and type(override.host) == "string" then + event.resolver = basic_resolver.new(override.host, tonumber(override.port) or 5270, "tcp", + { servername = event.session.to_host; sslctx = event.session.ssl_ctx }); end end);