diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/ejabberd_s2s_in.erl | 18 | ||||
| -rw-r--r-- | src/ejabberd_s2s_out.erl | 9 |
2 files changed, 20 insertions, 7 deletions
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl index 1bd1b6898..c29249c97 100644 --- a/src/ejabberd_s2s_in.erl +++ b/src/ejabberd_s2s_in.erl @@ -75,6 +75,7 @@ tls = false, tls_enabled = false, tls_options = [], + server, authenticated = false, auth_domain, connections = ?DICT:new(), @@ -224,7 +225,7 @@ wait_for_stream({xmlstreamstart, _Name, Attrs}, StateData) -> s2s_stream_features, Server, [], [Server])}), - {next_state, wait_for_feature_request, StateData}; + {next_state, wait_for_feature_request, StateData#state{server = Server}}; {"jabber:server", _, Server, true} when StateData#state.authenticated -> send_text(StateData, ?STREAM_HEADER(" version='1.0'")), @@ -266,7 +267,17 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) -> SockMod == gen_tcp -> ?DEBUG("starttls", []), Socket = StateData#state.socket, - TLSOpts = StateData#state.tls_options, + TLSOpts = case ejabberd_config:get_local_option( + {domain_certfile, + StateData#state.server}) of + undefined -> + StateData#state.tls_options; + CertFile -> + [{certfile, CertFile} | + lists:keydelete( + certfile, 1, + StateData#state.tls_options)] + end, TLSSocket = (StateData#state.sockmod):starttls( Socket, TLSOpts, xml:element_to_binary( @@ -274,7 +285,8 @@ wait_for_feature_request({xmlstreamelement, El}, StateData) -> {next_state, wait_for_stream, StateData#state{socket = TLSSocket, streamid = new_id(), - tls_enabled = true + tls_enabled = true, + tls_options = TLSOpts }}; {?NS_SASL, "auth"} when TLSEnabled -> Mech = xml:get_attr_s("mechanism", Attrs), diff --git a/src/ejabberd_s2s_out.erl b/src/ejabberd_s2s_out.erl index 907bdd65a..d33fc9718 100644 --- a/src/ejabberd_s2s_out.erl +++ b/src/ejabberd_s2s_out.erl @@ -66,7 +66,7 @@ tls = false, tls_required = false, tls_enabled = false, - tls_options = [], + tls_options = [connect], authenticated = false, db_enabled = true, try_auth = true, @@ -163,7 +163,7 @@ init([From, Server, Type]) -> UseV10 = TLS, TLSOpts = case ejabberd_config:get_local_option(s2s_certfile) of undefined -> - []; + [connect]; CertFile -> [{certfile, CertFile}, connect] end, @@ -621,7 +621,7 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) -> Socket = StateData#state.socket, TLSOpts = case ejabberd_config:get_local_option( {domain_certfile, - StateData#state.server}) of + StateData#state.myname}) of undefined -> StateData#state.tls_options; CertFile -> @@ -633,7 +633,8 @@ wait_for_starttls_proceed({xmlstreamelement, El}, StateData) -> TLSSocket = ejabberd_socket:starttls(Socket, TLSOpts), NewStateData = StateData#state{socket = TLSSocket, streamid = new_id(), - tls_enabled = true + tls_enabled = true, + tls_options = TLSOpts }, send_text(NewStateData, io_lib:format(?STREAM_HEADER, |