mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 13:47:41 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s: Comment on why we avoid hostnames in stanza bounce messages

Browse source
This commit is contained in:
Kim Alvefur 2024-02-24 17:45:50 +01:00
parent 01a44e88db
commit 18813c2ffa
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/mod_s2s.lua
View file

@ -1015,6 +1015,8 @@ function check_auth_policy(event)
-- In practice most cases are configuration mistakes or forgotten -- In practice most cases are configuration mistakes or forgotten
-- certificate renewals. We think it's better to let the other party -- certificate renewals. We think it's better to let the other party
-- know about the problem so that they can fix it. -- know about the problem so that they can fix it.
--
-- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
session:close({ condition = "not-authorized", text = "Your server's certificate "..reason }, session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
nil, "Remote server's certificate "..reason); nil, "Remote server's certificate "..reason);
return false; return false;