yetangitu/ejabberd
1
0
Fork 0
mirror of https://github.com/processone/ejabberd synced 2025-10-03 01:39:35 +02:00
Code Issues Releases Wiki Activity

ejabberd_c2s: Fix priority of 'certfile' option

Browse source 
Use the 'certfile' listener option rather than a 'domain_certfile' for
ejabberd_c2s listeners that have "tls: true" configured.  A
'domain_certfile' should only be preferred for STARTTLS connections.

Closes #1911.
This commit is contained in:
Holger Weiss 2017-08-05 18:59:32 +02:00
parent 101e808124
commit e1aaa1c99d
1 changed files with 13 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
src/ejabberd_c2s.erl
View file

@ -297,14 +297,19 @@ process_terminated(State, _Reason) ->
%%%=================================================================== %%%===================================================================
%%% xmpp_stream_in callbacks %%% xmpp_stream_in callbacks
%%%=================================================================== %%%===================================================================
tls_options(#{lserver := LServer, tls_options := DefaultOpts}) -> tls_options(#{lserver := LServer, tls_options := DefaultOpts,
TLSOpts1 = case ejabberd_config:get_option( stream_encrypted := Encrypted}) ->
{c2s_certfile, LServer}, TLSOpts1 = case {Encrypted, proplists:get_value(certfile, DefaultOpts)} of
ejabberd_config:get_option( {true, CertFile} when CertFile /= undefined -> DefaultOpts;
{domain_certfile, LServer})) of {_, _} ->
undefined -> DefaultOpts; case ejabberd_config:get_option(
CertFile -> lists:keystore(certfile, 1, DefaultOpts, {c2s_certfile, LServer},
{certfile, CertFile}) ejabberd_config:get_option(
{domain_certfile, LServer})) of
undefined -> DefaultOpts;
CertFile -> lists:keystore(certfile, 1, DefaultOpts,
{certfile, CertFile})
end
end, end,
TLSOpts2 = case ejabberd_config:get_option( TLSOpts2 = case ejabberd_config:get_option(
{c2s_ciphers, LServer}) of {c2s_ciphers, LServer}) of