Diff

plugins/mod_s2s/mod_s2s.lua @ 10426:dd4eb84d92a8

mod_s2s: Add error text for error replies on some s2s failures (#770)
author Kim Alvefur <zash@zash.se>
date Sat, 23 Nov 2019 01:32:53 +0100
parent 10425:42cf93ff4618
child 10455:698ff3610e57
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua	Sat Nov 23 01:29:03 2019 +0100
+++ b/plugins/mod_s2s/mod_s2s.lua	Sat Nov 23 01:32:53 2019 +0100
@@ -194,7 +194,7 @@
 			session:close({
 					condition = "unsupported-feature",
 					text = "No viable authentication method offered",
-				});
+				}, nil, "No viable authentication method offered by remote server");
 			return false;
 		end
 	end, -1);
@@ -255,7 +255,7 @@
 				condition = "policy-violation",
 				text = "Encrypted server-to-server communication is required but was not "
 				       ..((session.direction == "outgoing" and "offered") or "used")
-			});
+			}, nil, "Could not establish encrypted connection to remote server");
 		end
 	end
 	if hosts[host] then
@@ -608,7 +608,7 @@
 			local ok, err = stream:feed(data);
 			if ok then return; end
 			log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
-			session:close("not-well-formed");
+			session:close("not-well-formed", nil, "Received invalid XML from remote server");
 		end
 	end
 
@@ -738,9 +738,10 @@
 	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 		module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
 		if session.direction == "incoming" then
-			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
+			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host },
+				nil, "Remote server's certificate is invalid, expired, or not trusted");
 		else -- Close outgoing connections without warning
-			session:close(false);
+			session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted");
 		end
 		return false;
 	end