From 122dfec03d25a1592554abfdf389f66082704e08 Mon Sep 17 00:00:00 2001
From: Holger Weiss <holger@zedat.fu-berlin.de>
Date: Sat, 1 Dec 2018 10:08:28 +0100
Subject: [PATCH] ejabberd_s2s_in: Check for subdomain certificate

If an incoming s2s connection to a subdomain such as
conference.example.com is accepted and a separate certificate is
available for that subdomain, offer that certificate instead of the one
for example.com.

Thanks to Mike Kuketz for reporting the bug.
---
 src/ejabberd_s2s_in.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl
index 91fadb696..32531eb84 100644
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -135,7 +135,7 @@ process_closed(#{server := LServer} = State, Reason) ->
 %%%===================================================================
 %%% xmpp_stream_in callbacks
 %%%===================================================================
-tls_options(#{tls_options := TLSOpts, server_host := LServer}) ->
+tls_options(#{tls_options := TLSOpts, lserver := LServer}) ->
     ejabberd_s2s:tls_options(LServer, TLSOpts).
 
 tls_required(#{server_host := LServer}) ->