Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)

* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for looking up domain_certfile options is #state.myname and not #state.server * If s2s_certfile is not specified, connect should still be part of the tls options used by ejabberd_s2s_out * Add #state.server to ejabberd_s2s_in processes and store the to attribute in :wait_for_stream/2. Then use that server in :wait_for_feature_request/2 to change the tls options like in ejabberd_s2s_out. Fixes EJAB-1086.
2024-06-24 22:25:47 +02:00 · 2010-11-06 20:09:33 +01:00 · 2010-11-06 20:09:33 +01:00 · 7be6e33ea4
commit 7be6e33ea4
parent 7aa48e265a
2 changed files with 18 additions and 6 deletions
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@ -63,6 +63,7 @@
 		tls = false,
 		tls_enabled = false,
 		tls_options = [],
+		server,
 		authenticated = false,
 		auth_domain,
 	        connections = ?DICT:new(),
@ -193,7 +194,7 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) ->
 					     Server,
 					     [], [Server]),
 	    send_element(StateData, exmpp_stream:features(Features)),
-	    {next_state, wait_for_feature_request, StateData};
+	    {next_state, wait_for_feature_request, StateData#state{server = Server}};
 	{?NS_JABBER_SERVER, _, Server, true} when
 	      StateData#state.authenticated ->
 	    Opening_Reply = exmpp_stream:opening_reply(Opening,
@ -244,14 +245,25 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
 	    Socket = StateData#state.socket,
 	    Proceed = exmpp_xml:node_to_list(
 	      exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS),
-	    TLSOpts = StateData#state.tls_options,
+	    TLSOpts = case ejabberd_config:get_local_option(
+			     {domain_certfile,
+			      StateData#state.server}) of
+			  undefined ->
+			      StateData#state.tls_options;
+			  CertFile ->
+			      [{certfile, CertFile} |
+			       lists:keydelete(
+				 certfile, 1,
+				 StateData#state.tls_options)]
+		      end,
 	    TLSSocket = (StateData#state.sockmod):starttls(
 			  Socket, TLSOpts,
 			  Proceed),
 	    {next_state, wait_for_stream,
 	     StateData#state{socket = TLSSocket,
 			     streamid = new_id(),
-			     tls_enabled = true
+			     tls_enabled = true,
+			     tls_options = TLSOpts
 			    }};
 	#xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled ->
 	    case exmpp_server_sasl:next_step(El) of
--- a/src/ejabberd_s2s_out.erl
+++ b/src/ejabberd_s2s_out.erl
@ -67,7 +67,7 @@
 		tls = false,
 		tls_required = false,
 		tls_enabled = false,
-		tls_options = [],
+		tls_options = [connect],
 		authenticated = false,
 		db_enabled = true,
 		try_auth = true,
@ -155,7 +155,7 @@ init([From, Server, Type]) ->
    UseV10 = TLS,
    TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
 		  undefined ->
-		      [];
+		      [connect];
 		  CertFile ->
 		      [{certfile, CertFile}, connect]
 	      end,
@ -606,7 +606,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
 				     StateData#state.server}]),
 	    Socket = StateData#state.socket,
 	    TLSOpts = case ejabberd_config:get_local_option
-                          ({domain_certfile, StateData#state.server}) of
+                          ({domain_certfile, StateData#state.myname}) of
 			  undefined ->
 			      StateData#state.tls_options;
 			  CertFile ->