diff options
| author | Kim Alvefur <zash@zash.se> | 2024-02-24 17:45:50 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2024-02-24 17:45:50 +0100 |
| commit | 18813c2ffa037c40defa58fb0470ae600e88b2e6 (patch) | |
| tree | 13df1e240dfb16324344c164e5b76af4790d8dc1 | |
| parent | 01a44e88db7061b2e908d5d77cb689009beb549c (diff) | |
| download | prosody-18813c2ffa037c40defa58fb0470ae600e88b2e6.tar.gz prosody-18813c2ffa037c40defa58fb0470ae600e88b2e6.zip | |
mod_s2s: Comment on why we avoid hostnames in stanza bounce messages
| -rw-r--r-- | plugins/mod_s2s.lua | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua index fcdfbca8..88b73eba 100644 --- a/plugins/mod_s2s.lua +++ b/plugins/mod_s2s.lua @@ -1015,6 +1015,8 @@ function check_auth_policy(event) -- In practice most cases are configuration mistakes or forgotten -- certificate renewals. We think it's better to let the other party -- know about the problem so that they can fix it. + -- + -- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs. session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, nil, "Remote server's certificate "..reason); return false; |