When TLS is required in s2s, add subelement to stream:features starttls

2024-11-22 16:20:52 +01:00 · 2010-12-10 17:27:15 +01:00 · 2010-12-10 17:27:15 +01:00 · 41fc44e55f
commit 41fc44e55f
parent befb4fc7ea
1 changed files with 12 additions and 8 deletions
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@ -62,6 +62,7 @@
 		shaper,
 		tls = false,
 		tls_enabled = false,
+		tls_required = false,
 		tls_options = [],
 		server,
 		authenticated = false,
@ -122,12 +123,14 @@ init([{SockMod, Socket}, Opts]) ->
 		 {value, {_, S}} -> S;
 		 _ -> none
 	     end,
-    StartTLS = case ejabberd_config:get_local_option(s2s_use_starttls) of
-		   undefined ->
-		       false;
-		   UseStartTLS ->
-		       UseStartTLS
-	       end,
+    {StartTLS, TLSRequired} = case ejabberd_config:get_local_option(s2s_use_starttls) of
+             UseTls when (UseTls==undefined) or (UseTls==false) ->
+                 {false, false};
+             UseTls when (UseTls==true) or (UseTls==optional) ->
+                 {true, false};
+             required ->
+                 {true, true}
+         end,
    TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
 		  undefined ->
 		      [];
@ -142,6 +145,7 @@ init([{SockMod, Socket}, Opts]) ->
 	    shaper = Shaper,
 	    tls = StartTLS,
 	    tls_enabled = false,
+	    tls_required = TLSRequired,
 	    tls_options = TLSOpts,
 	    timer = Timer}}.

@ -186,8 +190,8 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) ->
 	    StartTLS = if
 			   StateData#state.tls_enabled ->
 			       [];
-			   true ->
-			       [exmpp_server_tls:feature()]
+			   (not StateData#state.tls_enabled) ->
+			       [exmpp_server_tls:feature(StateData#state.tls_required)]
 		       end,
 	    Features = SASL ++ StartTLS ++ ejabberd_hooks:run_fold(
 					     c2s_stream_features,