prosody
0c44090cb168
plugins/mod_s2s/mod_s2s.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_s2s/mod_s2s.lua @ 10457:0c44090cb168

mod_s2s: Abort outgoing connections earlier when TLS requirement isn't satisfied This ensures the closure reason is accurate and not reported as an authentication or other problem
author Kim Alvefur <zash@zash.se>
date Thu, 28 Nov 2019 18:30:30 +0100
parent 10456:2ab1cbb1c6b0
child 10459:7456eaa83b15
comparison
equal deleted inserted replaced
10456:2ab1cbb1c6b0 10457:0c44090cb168
188 if session.type == "s2sout" then 188 if session.type == "s2sout" then
189 -- Stream is authenticated and we are seem to be done with feature negotiation, 189 -- Stream is authenticated and we are seem to be done with feature negotiation,
190 -- so the stream is ready for stanzas. RFC 6120 Section 4.3 190 -- so the stream is ready for stanzas. RFC 6120 Section 4.3
191 mark_connected(session); 191 mark_connected(session);
192 return true; 192 return true;
193 elseif require_encryption and not session.secure then
194 session.log("warn", "Encrypted server-to-server communication is required but was not offered by %s", session.to_host);
195 session:close({
196 condition = "policy-violation",
197 text = "Encrypted server-to-server communication is required but was not offered",
198 }, nil, "Could not establish encrypted connection to remote server");
199 return false;
193 elseif not session.dialback_verifying then 200 elseif not session.dialback_verifying then
194 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up"); 201 session.log("warn", "No SASL EXTERNAL offer and Dialback doesn't seem to be enabled, giving up");
195 session:close({ 202 session:close({
196 condition = "unsupported-feature", 203 condition = "unsupported-feature",
197 text = "No viable authentication method offered", 204 text = "No viable authentication method offered",