25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00

Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)

* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
  looking up domain_certfile options is #state.myname and not
  #state.server

* If s2s_certfile is not specified, connect should still be part of the
  tls options used by ejabberd_s2s_out

* Add #state.server to ejabberd_s2s_in processes and store the to
  attribute in :wait_for_stream/2. Then use that server in
  :wait_for_feature_request/2 to change the tls options like in
  ejabberd_s2s_out.

Fixes EJAB-1086.
This commit is contained in:
Andreas Köhler 2010-11-06 20:09:33 +01:00 committed by Badlop
parent 7aa48e265a
commit 7be6e33ea4
2 changed files with 18 additions and 6 deletions

View File

@ -63,6 +63,7 @@
tls = false, tls = false,
tls_enabled = false, tls_enabled = false,
tls_options = [], tls_options = [],
server,
authenticated = false, authenticated = false,
auth_domain, auth_domain,
connections = ?DICT:new(), connections = ?DICT:new(),
@ -193,7 +194,7 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) ->
Server, Server,
[], [Server]), [], [Server]),
send_element(StateData, exmpp_stream:features(Features)), send_element(StateData, exmpp_stream:features(Features)),
{next_state, wait_for_feature_request, StateData}; {next_state, wait_for_feature_request, StateData#state{server = Server}};
{?NS_JABBER_SERVER, _, Server, true} when {?NS_JABBER_SERVER, _, Server, true} when
StateData#state.authenticated -> StateData#state.authenticated ->
Opening_Reply = exmpp_stream:opening_reply(Opening, Opening_Reply = exmpp_stream:opening_reply(Opening,
@ -244,14 +245,25 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
Socket = StateData#state.socket, Socket = StateData#state.socket,
Proceed = exmpp_xml:node_to_list( Proceed = exmpp_xml:node_to_list(
exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS), exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS),
TLSOpts = StateData#state.tls_options, TLSOpts = case ejabberd_config:get_local_option(
{domain_certfile,
StateData#state.server}) of
undefined ->
StateData#state.tls_options;
CertFile ->
[{certfile, CertFile} |
lists:keydelete(
certfile, 1,
StateData#state.tls_options)]
end,
TLSSocket = (StateData#state.sockmod):starttls( TLSSocket = (StateData#state.sockmod):starttls(
Socket, TLSOpts, Socket, TLSOpts,
Proceed), Proceed),
{next_state, wait_for_stream, {next_state, wait_for_stream,
StateData#state{socket = TLSSocket, StateData#state{socket = TLSSocket,
streamid = new_id(), streamid = new_id(),
tls_enabled = true tls_enabled = true,
tls_options = TLSOpts
}}; }};
#xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled -> #xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled ->
case exmpp_server_sasl:next_step(El) of case exmpp_server_sasl:next_step(El) of

View File

@ -67,7 +67,7 @@
tls = false, tls = false,
tls_required = false, tls_required = false,
tls_enabled = false, tls_enabled = false,
tls_options = [], tls_options = [connect],
authenticated = false, authenticated = false,
db_enabled = true, db_enabled = true,
try_auth = true, try_auth = true,
@ -155,7 +155,7 @@ init([From, Server, Type]) ->
UseV10 = TLS, UseV10 = TLS,
TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
undefined -> undefined ->
[]; [connect];
CertFile -> CertFile ->
[{certfile, CertFile}, connect] [{certfile, CertFile}, connect]
end, end,
@ -606,7 +606,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
StateData#state.server}]), StateData#state.server}]),
Socket = StateData#state.socket, Socket = StateData#state.socket,
TLSOpts = case ejabberd_config:get_local_option TLSOpts = case ejabberd_config:get_local_option
({domain_certfile, StateData#state.server}) of ({domain_certfile, StateData#state.myname}) of
undefined -> undefined ->
StateData#state.tls_options; StateData#state.tls_options;
CertFile -> CertFile ->