diff options
| author | Andreas Köhler <andreas.koehler@1und1.de> | 2010-11-06 20:09:33 +0100 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2010-11-26 00:13:36 +0100 |
| commit | 7be6e33ea42867032842e492b24b287dd23f4078 (patch) | |
| tree | 6407ffb3d7f70dfe2a4c1726a775f1ed06163c56 /src | |
| parent | Send Unavailable Presence stanza when an occupant is kicked or banned (EJAB-1... (diff) | |
Correct domain_certfile tlsopts modifications for s2s connections (EJAB-1086)
* In ejabberd_s2s_out:wait_for_feature_request/2, the domain to use for
looking up domain_certfile options is #state.myname and not
#state.server
* If s2s_certfile is not specified, connect should still be part of the
tls options used by ejabberd_s2s_out
* Add #state.server to ejabberd_s2s_in processes and store the to
attribute in :wait_for_stream/2. Then use that server in
:wait_for_feature_request/2 to change the tls options like in
ejabberd_s2s_out.
Fixes EJAB-1086.
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_s2s_in.erl | 18 | ||||
| -rw-r--r-- | src/ejabberd_s2s_out.erl | 6 |
2 files changed, 18 insertions, 6 deletions
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl index 28b98da8b..6ad53721c 100644 --- a/src/ejabberd_s2s_in.erl +++ b/src/ejabberd_s2s_in.erl @@ -63,6 +63,7 @@ tls = false, tls_enabled = false, tls_options = [], + server, authenticated = false, auth_domain, connections = ?DICT:new(), @@ -193,7 +194,7 @@ wait_for_stream({xmlstreamstart, Opening}, StateData) -> Server, [], [Server]), send_element(StateData, exmpp_stream:features(Features)), - {next_state, wait_for_feature_request, StateData}; + {next_state, wait_for_feature_request, StateData#state{server = Server}}; {?NS_JABBER_SERVER, _, Server, true} when StateData#state.authenticated -> Opening_Reply = exmpp_stream:opening_reply(Opening, @@ -244,14 +245,25 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) -> Socket = StateData#state.socket, Proceed = exmpp_xml:node_to_list( exmpp_server_tls:proceed(), [?DEFAULT_NS], ?PREFIXED_NS), - TLSOpts = StateData#state.tls_options, + TLSOpts = case ejabberd_config:get_local_option( + {domain_certfile, + StateData#state.server}) of + undefined -> + StateData#state.tls_options; + CertFile -> + [{certfile, CertFile} | + lists:keydelete( + certfile, 1, + StateData#state.tls_options)] + end, TLSSocket = (StateData#state.sockmod):starttls( Socket, TLSOpts, Proceed), {next_state, wait_for_stream, StateData#state{socket = TLSSocket, streamid = new_id(), - tls_enabled = true + tls_enabled = true, + tls_options = TLSOpts }}; #xmlel{ns = ?NS_SASL, name = 'auth'} when TLSEnabled -> case exmpp_server_sasl:next_step(El) of diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl index 09cfce54e..349c4dcbe 100644 --- a/src/ejabberd_s2s_out.erl +++ b/src/ejabberd_s2s_out.erl @@ -67,7 +67,7 @@ tls = false, tls_required = false, tls_enabled = false, - tls_options = [], + tls_options = [connect], authenticated = false, db_enabled = true, try_auth = true, @@ -155,7 +155,7 @@ init([From, Server, Type]) -> UseV10 = TLS, TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of undefined -> - []; + [connect]; CertFile -> [{certfile, CertFile}, connect] end, @@ -606,7 +606,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) -> StateData#state.server}]), Socket = StateData#state.socket, TLSOpts = case ejabberd_config:get_local_option - ({domain_certfile, StateData#state.server}) of + ({domain_certfile, StateData#state.myname}) of undefined -> StateData#state.tls_options; CertFile -> |