--- /tmp/jabberd-2.2.13/s2s/s2s.h 2011-02-23 08:24:34.000000000 -0800 +++ ./jabberd2/s2s/s2s.h 2011-02-24 16:48:53.000000000 -0800 @@ -55,6 +55,9 @@ struct host_st { /** verify-mode */ int host_verify_mode; + + /** private key password */ + char *host_private_key_password; }; struct s2s_st { @@ -67,6 +70,8 @@ struct s2s_st { char *router_user; char *router_pass; char *router_pemfile; + char *router_cachain; + char *router_private_key_password; int router_default; /** mio context */ @@ -119,6 +124,9 @@ struct s2s_st { /** pemfile for peer connections */ char *local_pemfile; + /** private key password for local pemfile, if encrypted */ + char *local_private_key_password; + /** certificate chain */ char *local_cachain; @@ -166,6 +174,12 @@ struct s2s_st { time_t next_check; time_t next_expiry; + /** Apple security options */ + int require_tls; + int enable_whitelist; + char **whitelist_domains; + int n_whitelist_domains; + /** list of sx_t on the way out */ jqueue_t dead; @@ -341,6 +355,7 @@ extern sig_atomic_t s2s_lost_router; int s2s_router_mio_callback(mio_t m, mio_action_t a, mio_fd_t fd, void *data, void *arg); int s2s_router_sx_callback(sx_t s, sx_event_t e, void *data, void *arg); +int s2s_domain_in_whitelist(s2s_t s2s, char *in_domain); char *s2s_route_key(pool_t p, char *local, char *remote); int s2s_route_key_match(char *local, char *remote, char *rkey, int rkeylen); @@ -364,6 +379,9 @@ int in_mio_callback(mio_t m, /* sx flag for outgoing dialback streams */ #define S2S_DB_HEADER (1<<10) +/* max length of FQDN for whitelist matching */ +#define MAX_DOMAIN_LEN 1023 + int s2s_db_init(sx_env_t env, sx_plugin_t p, va_list args); /* union for xhash_iter_get to comply with strict-alias rules for gcc3 */