aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar jesopo2018-11-05 13:14:00 +0000
committerGravatar jesopo2018-11-05 13:14:00 +0000
commit061a4ede23abaf1c8cdbbd7a043161a980cdff77 (patch)
treed976e7ef377a005e8069f93ef94c63c2291e12ab
parentMade STS policies one-shot when upgrading from plaintext to tls (diff)
signature
One-shot STS policies should still be cleared if a reconnect fails
Diffstat
-rw-r--r--modules/sts.py23
1 files changed, 10 insertions, 13 deletions
diff --git a/modules/sts.py b/modules/sts.py
index 30d9678f..5f01827b 100644
--- a/modules/sts.py
+++ b/modules/sts.py
@@ -38,16 +38,13 @@ class Module(ModuleManager.BaseModule):
@utils.hook("new.server")
def new_server(self, event):
sts_policy = event["server"].get_setting("sts-policy")
- if sts_policy and not event["server"].tls:
- expiration = sts_policy["expiration"]
- if not expiration or time.time() <= expiration:
- self.log.debug("Applying STS policy for '%s'",
- [str(event["server"])])
- event["server"].tls = True
- event["server"].port = sts_policy["port"]
-
- @utils.hook("received.numeric.001"):
- def on_connect(self, event):
- sts_policy = event["server"].get_setting("sts-policy")
- if sts_policy and sts_policy["one-shot"]:
- event["server"].del_setting("sts-policy")
+ if sts_policy:
+ if sts_policy["one-shot"]:
+ event["server"].del_setting("sts-policy")
+ if not event["server"].tls:
+ expiration = sts_policy["expiration"]
+ if not expiration or time.time() <= expiration:
+ self.log.debug("Applying STS policy for '%s'",
+ [str(event["server"])])
+ event["server"].tls = True
+ event["server"].port = sts_policy["port"]
generated by cgit v1.3.1-10-gc9f91 (git 2.54.0) at 2026-06-12 00:05:09 +0000