diff options
| author | Matthew Wild <mwild1@gmail.com> | 2013-04-01 14:45:59 +0100 |
|---|---|---|
| committer | Matthew Wild <mwild1@gmail.com> | 2013-04-01 14:45:59 +0100 |
| commit | 4a4f2e8b4be13b33ece64f1d33050cc56349397e (patch) | |
| tree | 6920771be0a0d45872acec5e8c2d8ffba142174c | |
| parent | c50b122ecbab33c0149f160b3d1209fd1b39dbbb (diff) | |
| download | prosody-4a4f2e8b4be13b33ece64f1d33050cc56349397e.tar.gz prosody-4a4f2e8b4be13b33ece64f1d33050cc56349397e.zip | |
mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6893d184..639f464b 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -632,7 +632,11 @@ function check_auth_policy(event) if must_secure and not session.cert_identity_status then module:log("warn", "Forbidding insecure connection to/from %s", host); - session:close(false); + if session.direction == "incoming" then + session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host }); + else -- Close outgoing connections without warning + session:close(false); + end return false; end end |