26
1
mirror of https://github.com/processone/ejabberd.git synced 2024-12-26 17:38:45 +01:00

Better log s2s auth failures when TLS is not available

This commit is contained in:
Evgeniy Khramtsov 2017-03-18 13:59:24 +03:00
parent 72da5bd062
commit 06f42bc749

View File

@ -518,12 +518,18 @@ process_features(#stream_features{sub_els = Els} = StreamFeatures,
false when TLSRequired and not Encrypted -> false when TLSRequired and not Encrypted ->
Txt = <<"Use of STARTTLS required">>, Txt = <<"Use of STARTTLS required">>,
send_pkt(State1, xmpp:serr_policy_violation(Txt, Lang)); send_pkt(State1, xmpp:serr_policy_violation(Txt, Lang));
false when not Encrypted ->
process_sasl_failure(
<<"Peer doesn't support STARTTLS">>, State1);
#starttls{required = true} when not TLSAvailable and not Encrypted -> #starttls{required = true} when not TLSAvailable and not Encrypted ->
Txt = <<"Use of STARTTLS forbidden">>, Txt = <<"Use of STARTTLS forbidden">>,
send_pkt(State1, xmpp:serr_unsupported_feature(Txt, Lang)); send_pkt(State1, xmpp:serr_unsupported_feature(Txt, Lang));
#starttls{} when TLSAvailable and not Encrypted -> #starttls{} when TLSAvailable and not Encrypted ->
State2 = State1#{stream_state => wait_for_starttls_response}, State2 = State1#{stream_state => wait_for_starttls_response},
send_pkt(State2, #starttls{}); send_pkt(State2, #starttls{});
#starttls{} when not Encrypted ->
process_sasl_failure(
<<"STARTTLS is disabled in local configuration">>, State1);
_ -> _ ->
State2 = process_cert_verification(State1), State2 = process_cert_verification(State1),
case is_disconnected(State2) of case is_disconnected(State2) of