diff options
| author | Holger Weiss <holger@zedat.fu-berlin.de> | 2017-08-05 18:59:32 +0200 |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2017-08-05 18:59:32 +0200 |
| commit | e1aaa1c99dd543b7a72ed6f62336accb85516214 (patch) | |
| tree | b624fd52cc19fc784e05177d2220747d82f3239a | |
| parent | Fix warning in previous commit (diff) | |
ejabberd_c2s: Fix priority of 'certfile' option
Use the 'certfile' listener option rather than a 'domain_certfile' for
ejabberd_c2s listeners that have "tls: true" configured. A
'domain_certfile' should only be preferred for STARTTLS connections.
Closes #1911.
| -rw-r--r-- | src/ejabberd_c2s.erl | 21 |
1 files changed, 13 insertions, 8 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 4b265d29d..a0be2e118 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -297,14 +297,19 @@ process_terminated(State, _Reason) -> %%%=================================================================== %%% xmpp_stream_in callbacks %%%=================================================================== -tls_options(#{lserver := LServer, tls_options := DefaultOpts}) -> - TLSOpts1 = case ejabberd_config:get_option( - {c2s_certfile, LServer}, - ejabberd_config:get_option( - {domain_certfile, LServer})) of - undefined -> DefaultOpts; - CertFile -> lists:keystore(certfile, 1, DefaultOpts, - {certfile, CertFile}) +tls_options(#{lserver := LServer, tls_options := DefaultOpts, + stream_encrypted := Encrypted}) -> + TLSOpts1 = case {Encrypted, proplists:get_value(certfile, DefaultOpts)} of + {true, CertFile} when CertFile /= undefined -> DefaultOpts; + {_, _} -> + case ejabberd_config:get_option( + {c2s_certfile, LServer}, + ejabberd_config:get_option( + {domain_certfile, LServer})) of + undefined -> DefaultOpts; + CertFile -> lists:keystore(certfile, 1, DefaultOpts, + {certfile, CertFile}) + end end, TLSOpts2 = case ejabberd_config:get_option( {c2s_ciphers, LServer}) of |