prosody
767ecb0091a6
plugins/mod_s2s/mod_s2s.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_s2s/mod_s2s.lua @ 5408:767ecb0091a6

mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate
author Matthew Wild <mwild1@gmail.com>
date Mon, 01 Apr 2013 14:45:59 +0100
parent 5390:b3c8757ee4f4
child 5423:4acc1598f391
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua	Sun Mar 31 22:40:01 2013 +0100
+++ b/plugins/mod_s2s/mod_s2s.lua	Mon Apr 01 14:45:59 2013 +0100
@@ -632,7 +632,11 @@
 	
 	if must_secure and not session.cert_identity_status then
 		module:log("warn", "Forbidding insecure connection to/from %s", host);
-		session:close(false);
+		if session.direction == "incoming" then
+			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host });
+		else -- Close outgoing connections without warning
+			session:close(false);
+		end
 		return false;
 	end
 end