From 39cc0ec4510c0e3d80324c7085fa1a938c1f30f8 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 30 Nov 2019 23:29:15 +0100
Subject: mod_s2s: Improve log message about forbidding insecure connections

This new wording generator is nice.
---
 plugins/mod_s2s/mod_s2s.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/mod_s2s/mod_s2s.lua b/plugins/mod_s2s/mod_s2s.lua
index 7f6546e9..7700db85 100644
--- a/plugins/mod_s2s/mod_s2s.lua
+++ b/plugins/mod_s2s/mod_s2s.lua
@@ -763,8 +763,8 @@ function check_auth_policy(event)
 	end
 
 	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
-		module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
 		local reason = friendly_cert_error(session);
+		module:log("warn", "Forbidding insecure connection to/from %s because its certificate %s", host or session.ip or "(unknown host)", reason);
 		-- XEP-0178 recommends closing outgoing connections without warning
 		-- but does not give a rationale for this.
 		-- In practice most cases are configuration mistakes or forgotten
-- 
cgit v1.2.3