# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1574469173 -3600
# Node ID dd4eb84d92a8340792fae35c079b5d5688777a2e
# Parent  42cf93ff4618fc00ee5b529ccaaa32662624d0e2
mod_s2s: Add error text for error replies on some s2s failures (#770)

diff -r 42cf93ff4618 -r dd4eb84d92a8 plugins/mod_s2s/mod_s2s.lua
--- a/plugins/mod_s2s/mod_s2s.lua	Sat Nov 23 01:29:03 2019 +0100
+++ b/plugins/mod_s2s/mod_s2s.lua	Sat Nov 23 01:32:53 2019 +0100
@@ -194,7 +194,7 @@
 					condition = "unsupported-feature",
 					text = "No viable authentication method offered",
-				});
+				}, nil, "No viable authentication method offered by remote server");
 			return false;
 	end, -1);
@@ -255,7 +255,7 @@
 				condition = "policy-violation",
 				text = "Encrypted server-to-server communication is required but was not "
 				       ..((session.direction == "outgoing" and "offered") or "used")
-			});
+			}, nil, "Could not establish encrypted connection to remote server");
 	if hosts[host] then
@@ -608,7 +608,7 @@
 			local ok, err = stream:feed(data);
 			if ok then return; end
 			log("debug", "Received invalid XML (%s) %d bytes: %q", err, #data, data:sub(1, 300));
-			session:close("not-well-formed");
+			session:close("not-well-formed", nil, "Received invalid XML from remote server");
@@ -738,9 +738,10 @@
 	if must_secure and (session.cert_chain_status ~= "valid" or session.cert_identity_status ~= "valid") then
 		module:log("warn", "Forbidding insecure connection to/from %s", host or session.ip or "(unknown host)");
 		if session.direction == "incoming" then
-			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host });
+			session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by "..session.to_host },
+				nil, "Remote server's certificate is invalid, expired, or not trusted");
 		else -- Close outgoing connections without warning
-			session:close(false);
+			session:close(false, nil, "Remote server's certificate is invalid, expired, or not trusted");
 		return false;