aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2024-02-24 17:45:50 +0100
committerKim Alvefur <zash@zash.se>2024-02-24 17:45:50 +0100
commit18813c2ffa037c40defa58fb0470ae600e88b2e6 (patch)
tree13df1e240dfb16324344c164e5b76af4790d8dc1
parent01a44e88db7061b2e908d5d77cb689009beb549c (diff)
downloadprosody-18813c2ffa037c40defa58fb0470ae600e88b2e6.tar.gz
prosody-18813c2ffa037c40defa58fb0470ae600e88b2e6.zip
mod_s2s: Comment on why we avoid hostnames in stanza bounce messages
-rw-r--r--plugins/mod_s2s.lua2
1 files changed, 2 insertions, 0 deletions
diff --git a/plugins/mod_s2s.lua b/plugins/mod_s2s.lua
index fcdfbca8..88b73eba 100644
--- a/plugins/mod_s2s.lua
+++ b/plugins/mod_s2s.lua
@@ -1015,6 +1015,8 @@ function check_auth_policy(event)
-- In practice most cases are configuration mistakes or forgotten
-- certificate renewals. We think it's better to let the other party
-- know about the problem so that they can fix it.
+ --
+ -- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
nil, "Remote server's certificate "..reason);
return false;