mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for looking up domain_certfile options is #state.myname and not #state.server * If s2s_certfile is not specified, connect should still be part of the tls options used by ejabberd_s2s_out * Add #state.server to ejabberd_s2s_in processes and store the to attribute in :wait_for_stream/2. Then use that server in :wait_for_feature_request/2 to change the tls options like in ejabberd_s2s_out. Fixes EJAB-1086.
This commit is contained in:
parent
776930fa06
commit
e34eebb5ad
@ -75,6 +75,7 @@
|
||||
tls = false,
|
||||
tls_enabled = false,
|
||||
tls_options = [],
|
||||
server,
|
||||
authenticated = false,
|
||||
auth_domain,
|
||||
connections = ?DICT:new(),
|
||||
@ -224,7 +225,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) ->
|
||||
s2s_stream_features,
|
||||
Server,
|
||||
[], [Server])}),
|
||||
{next_state, wait_for_feature_request, StateData};
|
||||
{next_state, wait_for_feature_request, StateData#state{server = Server}};
|
||||
{"jabber:server", _, Server, true} when
|
||||
StateData#state.authenticated ->
|
||||
send_text(StateData, ?STREAM_HEADER(" version='1.0'")),
|
||||
@ -266,7 +267,17 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
||||
SockMod == gen_tcp ->
|
||||
?DEBUG("starttls", []),
|
||||
Socket = StateData#state.socket,
|
||||
TLSOpts = StateData#state.tls_options,
|
||||
TLSOpts = case ejabberd_config:get_local_option(
|
||||
{domain_certfile,
|
||||
StateData#state.server}) of
|
||||
undefined ->
|
||||
StateData#state.tls_options;
|
||||
CertFile ->
|
||||
[{certfile, CertFile} |
|
||||
lists:keydelete(
|
||||
certfile, 1,
|
||||
StateData#state.tls_options)]
|
||||
end,
|
||||
TLSSocket = (StateData#state.sockmod):starttls(
|
||||
Socket, TLSOpts,
|
||||
xml:element_to_binary(
|
||||
@ -274,7 +285,8 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) ->
|
||||
{next_state, wait_for_stream,
|
||||
StateData#state{socket = TLSSocket,
|
||||
streamid = new_id(),
|
||||
tls_enabled = true
|
||||
tls_enabled = true,
|
||||
tls_options = TLSOpts
|
||||
}};
|
||||
{?NS_SASL, "auth"} when TLSEnabled ->
|
||||
Mech = xml:get_attr_s("mechanism", Attrs),
|
||||
|
@ -66,7 +66,7 @@
|
||||
tls = false,
|
||||
tls_required = false,
|
||||
tls_enabled = false,
|
||||
tls_options = [],
|
||||
tls_options = [connect],
|
||||
authenticated = false,
|
||||
db_enabled = true,
|
||||
try_auth = true,
|
||||
@ -163,7 +163,7 @@ init([From, Server, Type]) ->
|
||||
UseV10 = TLS,
|
||||
TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of
|
||||
undefined ->
|
||||
[];
|
||||
[connect];
|
||||
CertFile ->
|
||||
[{certfile, CertFile}, connect]
|
||||
end,
|
||||
@ -621,7 +621,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
|
||||
Socket = StateData#state.socket,
|
||||
TLSOpts = case ejabberd_config:get_local_option(
|
||||
{domain_certfile,
|
||||
StateData#state.server}) of
|
||||
StateData#state.myname}) of
|
||||
undefined ->
|
||||
StateData#state.tls_options;
|
||||
CertFile ->
|
||||
@ -633,7 +633,8 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) ->
|
||||
TLSSocket = ejabberd_socket:starttls(Socket, TLSOpts),
|
||||
NewStateData = StateData#state{socket = TLSSocket,
|
||||
streamid = new_id(),
|
||||
tls_enabled = true
|
||||
tls_enabled = true,
|
||||
tls_options = TLSOpts
|
||||
},
|
||||
send_text(NewStateData,
|
||||
io_lib:format(?STREAM_HEADER,
|
||||
|
Loading…
Reference in New Issue
Block a user