aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-11-23 01:32:53 +0100
committerKim Alvefur <zash@zash.se>2019-11-23 01:32:53 +0100
commit55c130d1e410cdab6e35312f848d4f4a33682699 (patch)
treea7a4339b14812626e38ef0e9bf6352733dad230e
parent3aee8e24a6873fce6b7ab30f5b87d17089e0d5a6 (diff)
downloadprosody-55c130d1e410cdab6e35312f848d4f4a33682699.tar.gz
prosody-55c130d1e410cdab6e35312f848d4f4a33682699.zip
mod_s2s: Add error text for error replies on some s2s failures (#770)
-rw-r--r--plugins/mod_s2s/mod_s2s.lua11
1 files changed, 6 insertions, 5 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 6bb444f5..e7ed8797 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -194,7 +194,7 @@ function module.add_host(module)
session:close({
condition = "unsupported-feature",
text = "No viable authentication method offered",
- });
+ }, nil, "No viable authentication method offered by remote server");
return false;
end
end, -1);
@@ -255,7 +255,7 @@ function make_authenticated(event)
condition = "policy-violation",
text = "Encrypted server-to-server communication is required but was not "
..((session.direction == "outgoing" and "offered") or "used")
- });
+ }, nil, "Could not establish encrypted connection to remote server");
end
end
if hosts[host] then
@@ -608,7 +608,7 @@ local function initialize_session(session)
local ok, err = stream:feed(data);
if ok then return; end
log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
- session:close("not-well-formed");
+ session:close("not-well-formed", nil, "Received invalid XML from remote server");
end
end
@@ -738,9 +738,10 @@ function check_auth_policy(event)
if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
if session.direction == "incoming" then
- session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
+ session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host },
+ nil, "Remote server's certificate is invalid, expired, or not trusted");
else -- Close outgoing connections without warning
- session:close(false);
+ session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted");
end
return false;
end