mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
Check TLS state before requesting SASL EXTERNAL
Make sure a remote server can't circumvent "s2s_use_starttls: required" by offering SASL EXTERNAL authentication over a non-TLS connection.
This commit is contained in:
parent
3a3f8240c1
commit
d805d198ac
@ -578,7 +578,9 @@ wait_for_features({xmlstreamelement, El}, StateData) ->
|
||||
{next_state, stream_established,
|
||||
StateData#state{queue = queue:new()}};
|
||||
SASLEXT and StateData#state.try_auth and
|
||||
(StateData#state.new /= false) ->
|
||||
(StateData#state.new /= false) and
|
||||
(StateData#state.tls_enabled or
|
||||
not StateData#state.tls_required) ->
|
||||
send_element(StateData,
|
||||
#xmlel{name = <<"auth">>,
|
||||
attrs =
|
||||
|
Loading…
Reference in New Issue
Block a user