Software / code / prosody
Changeset
5408:767ecb0091a6
mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Mon, 01 Apr 2013 14:45:59 +0100 |
| parents | 5407:c9ff345a27e7 |
| children | 5409:8e98a58ab6a3 |
| files | plugins/mod_s2s/mod_s2s.lua |
| diffstat | 1 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_s2s/mod_s2s.lua Sun Mar 31 22:40:01 2013 +0100 +++ b/plugins/mod_s2s/mod_s2s.lua Mon Apr 01 14:45:59 2013 +0100 @@ -632,7 +632,11 @@ if must_secure and not session.cert_identity_status then module:log("warn", "Forbidding insecure connection to/from %s", host); - session:close(false); + if session.direction == "incoming" then + session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host }); + else -- Close outgoing connections without warning + session:close(false); + end return false; end end
