mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-20 17:27:00 +01:00
Fix certificate selection for s2s
The bug was introduced in c2cbb4d879
Fixes #3015
This commit is contained in:
parent
6d08ecc41f
commit
a8c6eec28c
@ -42,7 +42,7 @@
|
|||||||
list_temporarily_blocked_hosts/0,
|
list_temporarily_blocked_hosts/0,
|
||||||
external_host_overloaded/1, is_temporarly_blocked/1,
|
external_host_overloaded/1, is_temporarly_blocked/1,
|
||||||
get_commands_spec/0, zlib_enabled/1, get_idle_timeout/1,
|
get_commands_spec/0, zlib_enabled/1, get_idle_timeout/1,
|
||||||
tls_required/1, tls_enabled/1, tls_options/2,
|
tls_required/1, tls_enabled/1, tls_options/3,
|
||||||
host_up/1, host_down/1, queue_type/1]).
|
host_up/1, host_down/1, queue_type/1]).
|
||||||
|
|
||||||
%% gen_server callbacks
|
%% gen_server callbacks
|
||||||
@ -177,34 +177,34 @@ try_register({From, To} = FromTo) ->
|
|||||||
dirty_get_connections() ->
|
dirty_get_connections() ->
|
||||||
mnesia:dirty_all_keys(s2s).
|
mnesia:dirty_all_keys(s2s).
|
||||||
|
|
||||||
-spec tls_options(binary(), [proplists:property()]) -> [proplists:property()].
|
-spec tls_options(binary(), binary(), [proplists:property()]) -> [proplists:property()].
|
||||||
tls_options(LServer, DefaultOpts) ->
|
tls_options(LServer, ServerHost, DefaultOpts) ->
|
||||||
TLSOpts1 = case ejabberd_pkix:get_certfile(LServer) of
|
TLSOpts1 = case ejabberd_pkix:get_certfile(LServer) of
|
||||||
error -> DefaultOpts;
|
error -> DefaultOpts;
|
||||||
{ok, CertFile} ->
|
{ok, CertFile} ->
|
||||||
lists:keystore(certfile, 1, DefaultOpts,
|
lists:keystore(certfile, 1, DefaultOpts,
|
||||||
{certfile, CertFile})
|
{certfile, CertFile})
|
||||||
end,
|
end,
|
||||||
TLSOpts2 = case ejabberd_option:s2s_ciphers(LServer) of
|
TLSOpts2 = case ejabberd_option:s2s_ciphers(ServerHost) of
|
||||||
undefined -> TLSOpts1;
|
undefined -> TLSOpts1;
|
||||||
Ciphers -> lists:keystore(ciphers, 1, TLSOpts1,
|
Ciphers -> lists:keystore(ciphers, 1, TLSOpts1,
|
||||||
{ciphers, Ciphers})
|
{ciphers, Ciphers})
|
||||||
end,
|
end,
|
||||||
TLSOpts3 = case ejabberd_option:s2s_protocol_options(LServer) of
|
TLSOpts3 = case ejabberd_option:s2s_protocol_options(ServerHost) of
|
||||||
undefined -> TLSOpts2;
|
undefined -> TLSOpts2;
|
||||||
ProtoOpts -> lists:keystore(protocol_options, 1, TLSOpts2,
|
ProtoOpts -> lists:keystore(protocol_options, 1, TLSOpts2,
|
||||||
{protocol_options, ProtoOpts})
|
{protocol_options, ProtoOpts})
|
||||||
end,
|
end,
|
||||||
TLSOpts4 = case ejabberd_option:s2s_dhfile(LServer) of
|
TLSOpts4 = case ejabberd_option:s2s_dhfile(ServerHost) of
|
||||||
undefined -> TLSOpts3;
|
undefined -> TLSOpts3;
|
||||||
DHFile -> lists:keystore(dhfile, 1, TLSOpts3,
|
DHFile -> lists:keystore(dhfile, 1, TLSOpts3,
|
||||||
{dhfile, DHFile})
|
{dhfile, DHFile})
|
||||||
end,
|
end,
|
||||||
TLSOpts5 = case lists:keymember(cafile, 1, TLSOpts4) of
|
TLSOpts5 = case lists:keymember(cafile, 1, TLSOpts4) of
|
||||||
true -> TLSOpts4;
|
true -> TLSOpts4;
|
||||||
false -> [{cafile, get_cafile(LServer)}|TLSOpts4]
|
false -> [{cafile, get_cafile(ServerHost)}|TLSOpts4]
|
||||||
end,
|
end,
|
||||||
case ejabberd_option:s2s_tls_compression(LServer) of
|
case ejabberd_option:s2s_tls_compression(ServerHost) of
|
||||||
undefined -> TLSOpts5;
|
undefined -> TLSOpts5;
|
||||||
false -> [compression_none | TLSOpts5];
|
false -> [compression_none | TLSOpts5];
|
||||||
true -> lists:delete(compression_none, TLSOpts5)
|
true -> lists:delete(compression_none, TLSOpts5)
|
||||||
|
@ -135,8 +135,8 @@ process_closed(#{server := LServer} = State, Reason) ->
|
|||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
%%% xmpp_stream_in callbacks
|
%%% xmpp_stream_in callbacks
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
tls_options(#{tls_options := TLSOpts, server_host := ServerHost}) ->
|
tls_options(#{tls_options := TLSOpts, lserver := LServer, server_host := ServerHost}) ->
|
||||||
ejabberd_s2s:tls_options(ServerHost, TLSOpts).
|
ejabberd_s2s:tls_options(LServer, ServerHost, TLSOpts).
|
||||||
|
|
||||||
tls_required(#{server_host := ServerHost}) ->
|
tls_required(#{server_host := ServerHost}) ->
|
||||||
ejabberd_s2s:tls_required(ServerHost).
|
ejabberd_s2s:tls_required(ServerHost).
|
||||||
|
@ -175,8 +175,8 @@ process_downgraded(State, _StreamStart) ->
|
|||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
%%% xmpp_stream_out callbacks
|
%%% xmpp_stream_out callbacks
|
||||||
%%%===================================================================
|
%%%===================================================================
|
||||||
tls_options(#{server_host := ServerHost}) ->
|
tls_options(#{server := LServer, server_host := ServerHost}) ->
|
||||||
ejabberd_s2s:tls_options(ServerHost, []).
|
ejabberd_s2s:tls_options(LServer, ServerHost, []).
|
||||||
|
|
||||||
tls_required(#{server_host := ServerHost}) ->
|
tls_required(#{server_host := ServerHost}) ->
|
||||||
ejabberd_s2s:tls_required(ServerHost).
|
ejabberd_s2s:tls_required(ServerHost).
|
||||||
|
Loading…
Reference in New Issue
Block a user