Chapril
/
xmpp.chapril.org-ejabberd
mirror of https://github.com/processone/ejabberd.git
24
1
Fork 0
Code Releases Activity

Make it possible to enable/disable TLS compression

This commit is contained in:
Evgeniy Khramtsov 2013-07-17 22:28:23 +10:00
parent 33f09c7a78
commit a2ead99c83
5 changed files with 41 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/guide.tex
View File

@ -829,10 +829,10 @@ The available modules, their purpose and the options allowed by each one are:
Options: \texttt{access}, \texttt{certfile}, \texttt{max\_fsm\_queue},
\texttt{max\_stanza\_size}, \texttt{shaper},
\texttt{starttls}, \texttt{starttls\_required}, \texttt{tls},
\texttt{zlib}
\texttt{zlib}, \texttt{tls\_compression}
\titem{\texttt{ejabberd\_s2s\_in}}
Handles incoming s2s connections.\\
Options: \texttt{max\_stanza\_size}, \texttt{shaper}
Options: \texttt{max\_stanza\_size}, \texttt{shaper}, \texttt{tls\_compression}
\titem{\texttt{ejabberd\_service}}
Interacts with an \footahref{http://www.ejabberd.im/tutorials-transports}{external component}
(as defined in the Jabber Component Protocol (\xepref{0114}).\\
@ -845,7 +845,7 @@ The available modules, their purpose and the options allowed by each one are:
\titem{\texttt{ejabberd\_http}}
Handles incoming HTTP connections.\\
Options: \texttt{captcha}, \texttt{certfile}, \texttt{default\_host}, \texttt{http\_bind}, \texttt{http\_poll},
\texttt{request\_handlers}, \texttt{tls}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
\texttt{request\_handlers}, \texttt{tls}, \texttt{tls\_compression}, \texttt{trusted\_proxies}, \texttt{web\_admin}\\
\end{description}
@ -975,6 +975,8 @@ This is a detailed description of each option allowed by the listening modules:
which can be enabled in \ejabberd{} with the option \term{starttls}.
If this option is set, you should also set the \option{certfile} option.
The option \term{tls} can also be used in \term{ejabberd\_http} to support HTTPS.
\titem{\{tls\_compression, true|false\}}
Whether to enable or disable TLS compression. The default value is \term{true}.
\titem{\{trusted\_proxies, all | [IpString]\}} \ind{options!trusted\_proxies}
Specify what proxies are trusted when an HTTP request contains the header \term{X-Forwarded-For}
You can specify \term{all} to allow all proxies, or specify a list of IPs in string format.
@ -1019,6 +1021,9 @@ There are some additional global options that can be specified in the ejabberd c
\titem{\{s2s\_max\_retry\_delay, Seconds\}} \ind{options!s2s\_max\_retry\_delay}
The maximum allowed delay for retry to connect after a failed connection attempt.
Specified in seconds. The default value is 300 seconds (5 minutes).
\titem{\{s2s\_tls\_compression, true|false\}}
Whether to enable or disable TLS compression for s2s connections.
The default value is \term{true}.
\titem{\{max\_fsm\_queue, Size\}}
This option specifies the maximum number of elements in the queue of the FSM
(Finite State Machine).

6
src/ejabberd_c2s.erl
View File

@ -244,7 +244,11 @@ init([{SockMod, Socket}, Opts]) ->
(_) -> false
end,
Opts),
TLSOpts = [verify_none | TLSOpts1],
TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
false -> [compression_none | TLSOpts1];
true -> TLSOpts1
end,
TLSOpts = [verify_none | TLSOpts2],
IP = peerip(SockMod, Socket),
%% Check if IP is blacklisted:
case is_ip_blacklisted(IP) of

6
src/ejabberd_http.erl
View File

@ -96,7 +96,11 @@ init({SockMod, Socket}, Opts) ->
(_) -> false
end,
Opts),
TLSOpts = [verify_none | TLSOpts1],
TLSOpts2 = case proplists:get_bool(tls_compression, Opts) of
false -> [compression_none | TLSOpts1];
true -> TLSOpts1
end,
TLSOpts = [verify_none | TLSOpts2],
{SockMod1, Socket1} = if TLSEnabled ->
inet:setopts(Socket, [{recbuf, 8192}]),
{ok, TLSSocket} = p1_tls:tcp_to_tls(Socket,

16
src/ejabberd_s2s_in.erl
View File

@ -171,12 +171,16 @@ init([{SockMod, Socket}, Opts]) ->
required_trusted ->
{true, true, true}
end,
TLSOpts = case ejabberd_config:get_local_option(
TLSOpts1 = case ejabberd_config:get_local_option(
s2s_certfile,
fun iolist_to_binary/1) of
undefined -> [];
CertFile -> [{certfile, CertFile}]
end,
TLSOpts = case proplists:get_bool(tls_compression, Opts) of
false -> [compression_none | TLSOpts1];
true -> TLSOpts1
end,
Timer = erlang:start_timer(?S2STIMEOUT, self(), []),
{ok, wait_for_stream,
#state{socket = Socket, sockmod = SockMod,
@ -319,7 +323,7 @@ wait_for_feature_request({xmlstreamelement, El},
SockMod == gen_tcp ->
?DEBUG("starttls", []),
Socket = StateData#state.socket,
TLSOpts = case
TLSOpts1 = case
ejabberd_config:get_local_option(
{domain_certfile, StateData#state.server},
fun iolist_to_binary/1) of
@ -328,6 +332,14 @@ wait_for_feature_request({xmlstreamelement, El},
[{certfile, CertFile} | lists:keydelete(certfile, 1,
StateData#state.tls_options)]
end,
TLSOpts = case ejabberd_config:get_local_option(
{s2s_tls_compression, StateData#state.server},
fun(true) -> true;
(false) -> false
end, true) of
true -> lists:delete(compression_none, TLSOpts1);
false -> [compression_none | TLSOpts1]
end,
TLSSocket = (StateData#state.sockmod):starttls(Socket,
TLSOpts,
xml:element_to_binary(#xmlel{name

10
src/ejabberd_s2s_out.erl
View File

@ -183,13 +183,21 @@ init([From, Server, Type]) ->
{true, true}
end,
UseV10 = TLS,
TLSOpts = case
TLSOpts1 = case
ejabberd_config:get_local_option(
s2s_certfile, fun iolist_to_binary/1)
of
undefined -> [connect];
CertFile -> [{certfile, CertFile}, connect]
end,
TLSOpts = case ejabberd_config:get_local_option(
{s2s_tls_compression, From},
fun(true) -> true;
(false) -> false
end, true) of
false -> [compression_none | TLSOpts1];
true -> TLSOpts1
end,
{New, Verify} = case Type of
{new, Key} -> {Key, false};
{verify, Pid, Key, SID} ->