mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-26 16:26:24 +01:00
Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for looking up domain_certfile options is #state.myname and not #state.server * If s2s_certfile is not specified, connect should still be part of the tls options used by ejabberd_s2s_out * Add #state.server to ejabberd_s2s_in processes and store the to attribute in :wait_for_stream/2. Then use that server in :wait_for_feature_request/2 to change the tls options like in ejabberd_s2s_out. Fixes EJAB-1086.
This commit is contained in:
parent
7aa48e265a
commit
7be6e33ea4
@ -63,6 +63,7 @@
|
||||
tls = false,
|
||||
tls_enabled = false,
|
||||
tls_options = [],
|
||||
server,
|
||||
authenticated = false,
|
||||
auth_domain,
|
||||
connections = ?DICT:new(),
|
||||
@ -193,7 +194,7 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) ->
|
||||
Server,
|
||||
[], [Server]),
|
||||
send_element(StateData, exmpp_stream:features(Features)),
|
||||
{next_state, wait_for_feature_request, StateData};
|
||||
{next_state, wait_for_feature_request, StateData#state{server = Server}};
|
||||
{?NS_JABBER_SERVER, _, Server, true} when
|
||||
StateData#state.authenticated ->
|
||||
Opening_Reply = exmpp_stream:opening_reply(Opening,
|
||||
@ -244,14 +245,25 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
||||
Socket = StateData#state.socket,
|
||||
Proceed = exmpp_xml:node_to_list(
|
||||
exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS),
|
||||
TLSOpts = StateData#state.tls_options,
|
||||
TLSOpts = case ejabberd_config:get_local_option(
|
||||
{domain_certfile,
|
||||
StateData#state.server}) of
|
||||
undefined ->
|
||||
StateData#state.tls_options;
|
||||
CertFile ->
|
||||
[{certfile, CertFile} |
|
||||
lists:keydelete(
|
||||
certfile, 1,
|
||||
StateData#state.tls_options)]
|
||||
end,
|
||||
TLSSocket = (StateData#state.sockmod):starttls(
|
||||
Socket, TLSOpts,
|
||||
Proceed),
|
||||
{next_state, wait_for_stream,
|
||||
StateData#state{socket = TLSSocket,
|
||||
streamid = new_id(),
|
||||
tls_enabled = true
|
||||
tls_enabled = true,
|
||||
tls_options = TLSOpts
|
||||
}};
|
||||
#xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled ->
|
||||
case exmpp_server_sasl:next_step(El) of
|
||||
|
@ -67,7 +67,7 @@
|
||||
tls = false,
|
||||
tls_required = false,
|
||||
tls_enabled = false,
|
||||
tls_options = [],
|
||||
tls_options = [connect],
|
||||
authenticated = false,
|
||||
db_enabled = true,
|
||||
try_auth = true,
|
||||
@ -155,7 +155,7 @@ init([From, Server, Type]) ->
|
||||
UseV10 = TLS,
|
||||
TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
|
||||
undefined ->
|
||||
[];
|
||||
[connect];
|
||||
CertFile ->
|
||||
[{certfile, CertFile}, connect]
|
||||
end,
|
||||
@ -606,7 +606,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
|
||||
StateData#state.server}]),
|
||||
Socket = StateData#state.socket,
|
||||
TLSOpts = case ejabberd_config:get_local_option
|
||||
({domain_certfile, StateData#state.server}) of
|
||||
({domain_certfile, StateData#state.myname}) of
|
||||
undefined ->
|
||||
StateData#state.tls_options;
|
||||
CertFile ->
|
||||
|
Loading…
Reference in New Issue
Block a user