diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-04-24 11:04:10 +0200 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2014-04-24 11:04:10 +0200 |
commit | d805d198acae4284a0f8512305c9180c2ac9dd08 (patch) | |
tree | 23b07e35ddc8695bf229a7234ce2a07e11d798ca | |
parent | Merge pull request #176 from hamano/devel (diff) |
Check TLS state before requesting SASL EXTERNAL
Make sure a remote server can't circumvent "s2s_use_starttls: required"
by offering SASL EXTERNAL authentication over a non-TLS connection.
-rw-r--r-- | src/ejabberd_s2s_out.erl | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl index a0a83631d..e404207cd 100644 --- a/src/ejabberd_s2s_out.erl +++ b/src/ejabberd_s2s_out.erl @@ -578,7 +578,9 @@ wait_for_features({xmlstreamelement, El}, StateData) -> {next_state, stream_established, StateData#state{queue = queue:new()}}; SASLEXT and StateData#state.try_auth and - (StateData#state.new /= false) -> + (StateData#state.new /= false) and + (StateData#state.tls_enabled or + not StateData#state.tls_required) -> send_element(StateData, #xmlel{name = <<"auth">>, attrs = |