diff options
| author | Kim Alvefur <zash@zash.se> | 2019-11-23 01:32:53 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-11-23 01:32:53 +0100 |
| commit | 5047e42a4dd52576dfd1f509d9ba0f6ef5f3343a (patch) | |
| tree | a7a4339b14812626e38ef0e9bf6352733dad230e /plugins/mod_s2s/mod_s2s.lua | |
| parent | 4a9bb8c321af1127e1ff7caa8f05cc97a60c4566 (diff) | |
| download | prosody-5047e42a4dd52576dfd1f509d9ba0f6ef5f3343a.tar.gz prosody-5047e42a4dd52576dfd1f509d9ba0f6ef5f3343a.zip | |
mod_s2s: Add error text for error replies on some s2s failures (#770)
Diffstat (limited to 'plugins/mod_s2s/mod_s2s.lua')
| -rw-r--r-- | plugins/mod_s2s/mod_s2s.lua | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua index 6bb444f5..e7ed8797 100644 --- a/plugins/mod_s2s/mod_s2s.lua +++ b/plugins/mod_s2s/mod_s2s.lua @@ -194,7 +194,7 @@ function module.add_host(module) session:close({ condition = "unsupported-feature", text = "No viable authentication method offered", - }); + }, nil, "No viable authentication method offered by remote server"); return false; end end, -1); @@ -255,7 +255,7 @@ function make_authenticated(event) condition = "policy-violation", text = "Encrypted server-to-server communication is required but was not " ..((session.direction == "outgoing" and "offered") or "used") - }); + }, nil, "Could not establish encrypted connection to remote server"); end end if hosts[host] then @@ -608,7 +608,7 @@ local function initialize_session(session) local ok, err = stream:feed(data); if ok then return; end log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300)); - session:close("not-well-formed"); + session:close("not-well-formed", nil, "Received invalid XML from remote server"); end end @@ -738,9 +738,10 @@ function check_auth_policy(event) if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)"); if session.direction == "incoming" then - session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }); + session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host }, + nil, "Remote server's certificate is invalid, expired, or not trusted"); else -- Close outgoing connections without warning - session:close(false); + session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted"); end return false; end |