Chapril/xmpp.chapril.org-ejabberd
25
1
Fork 0
mirror of https://github.com/processone/ejabberd.git synced 2024-11-22 16:20:52 +01:00
Code Releases Activity

Check TLS state before requesting SASL EXTERNAL

Browse Source 
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
This commit is contained in:
Holger Weiss 2014-04-24 11:04:10 +02:00
parent 3a3f8240c1
commit d805d198ac
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/ejabberd_s2s_out.erl
View File

@ -578,7 +578,9 @@ wait_for_features({xmlstreamelement, El}, StateData) ->
{next_state, stream_established,
StateData#state{queue = queue:new()}};
SASLEXT and StateData#state.try_auth and
(StateData#state.new /= false) ->
(StateData#state.new /= false) and
(StateData#state.tls_enabled or
not StateData#state.tls_required) ->
send_element(StateData,
#xmlel{name = <<"auth">>,
attrs =