25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00

Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)

* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
  looking up domain_certfile options is #state.myname and not
  #state.server

* If s2s_certfile is not specified, connect should still be part of the
  tls options used by ejabberd_s2s_out

* Add #state.server to ejabberd_s2s_in processes and store the to
  attribute in :wait_for_stream/2. Then use that server in
  :wait_for_feature_request/2 to change the tls options like in
  ejabberd_s2s_out.

Fixes EJAB-1086.
This commit is contained in:
Andreas Köhler 2010-11-06 20:09:33 +01:00 committed by Badlop
parent 776930fa06
commit e34eebb5ad
2 changed files with 20 additions and 7 deletions

View File

@ -75,6 +75,7 @@
tls = false,
tls_enabled = false,
tls_options = [],
server,
authenticated = false,
auth_domain,
connections = ?DICT:new(),
@ -224,7 +225,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
s2s_stream_features,
Server,
[], [Server])}),
{next_state, wait_for_feature_request, StateData};
{next_state, wait_for_feature_request, StateData#state{server = Server}};
{"jabber:server", _, Server, true} when
StateData#state.authenticated ->
send_text(StateData, ?STREAM_HEADER(" version='1.0'")),
@ -266,7 +267,17 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
SockMod == gen_tcp ->
?DEBUG("starttls", []),
Socket = StateData#state.socket,
TLSOpts = StateData#state.tls_options,
TLSOpts = case ejabberd_config:get_local_option(
{domain_certfile,
StateData#state.server}) of
undefined ->
StateData#state.tls_options;
CertFile ->
[{certfile, CertFile} |
lists:keydelete(
certfile, 1,
StateData#state.tls_options)]
end,
TLSSocket = (StateData#state.sockmod):starttls(
Socket, TLSOpts,
xml:element_to_binary(
@ -274,7 +285,8 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
{next_state, wait_for_stream,
StateData#state{socket = TLSSocket,
streamid = new_id(),
tls_enabled = true
tls_enabled = true,
tls_options = TLSOpts
}};
{?NS_SASL, "auth"} when TLSEnabled ->
Mech = xml:get_attr_s("mechanism", Attrs),

View File

@ -66,7 +66,7 @@
tls = false,
tls_required = false,
tls_enabled = false,
tls_options = [],
tls_options = [connect],
authenticated = false,
db_enabled = true,
try_auth = true,
@ -163,7 +163,7 @@ init([From, Server, Type]) ->
UseV10 = TLS,
TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
undefined ->
[];
[connect];
CertFile ->
[{certfile, CertFile}, connect]
end,
@ -621,7 +621,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
Socket = StateData#state.socket,
TLSOpts = case ejabberd_config:get_local_option(
{domain_certfile,
StateData#state.server}) of
StateData#state.myname}) of
undefined ->
StateData#state.tls_options;
CertFile ->
@ -633,7 +633,8 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
TLSSocket = ejabberd_socket:starttls(Socket, TLSOpts),
NewStateData = StateData#state{socket = TLSSocket,
streamid = new_id(),
tls_enabled = true
tls_enabled = true,
tls_options = TLSOpts
},
send_text(NewStateData,
io_lib:format(?STREAM_HEADER,