mirror of
https://github.com/processone/ejabberd.git
synced 2024-12-26 17:38:45 +01:00
Better log s2s auth failures when TLS is not available
This commit is contained in:
parent
72da5bd062
commit
06f42bc749
@ -518,12 +518,18 @@ process_features(#stream_features{sub_els = Els} = StreamFeatures,
|
|||||||
false when TLSRequired and not Encrypted ->
|
false when TLSRequired and not Encrypted ->
|
||||||
Txt = <<"Use of STARTTLS required">>,
|
Txt = <<"Use of STARTTLS required">>,
|
||||||
send_pkt(State1, xmpp:serr_policy_violation(Txt, Lang));
|
send_pkt(State1, xmpp:serr_policy_violation(Txt, Lang));
|
||||||
|
false when not Encrypted ->
|
||||||
|
process_sasl_failure(
|
||||||
|
<<"Peer doesn't support STARTTLS">>, State1);
|
||||||
#starttls{required = true} when not TLSAvailable and not Encrypted ->
|
#starttls{required = true} when not TLSAvailable and not Encrypted ->
|
||||||
Txt = <<"Use of STARTTLS forbidden">>,
|
Txt = <<"Use of STARTTLS forbidden">>,
|
||||||
send_pkt(State1, xmpp:serr_unsupported_feature(Txt, Lang));
|
send_pkt(State1, xmpp:serr_unsupported_feature(Txt, Lang));
|
||||||
#starttls{} when TLSAvailable and not Encrypted ->
|
#starttls{} when TLSAvailable and not Encrypted ->
|
||||||
State2 = State1#{stream_state => wait_for_starttls_response},
|
State2 = State1#{stream_state => wait_for_starttls_response},
|
||||||
send_pkt(State2, #starttls{});
|
send_pkt(State2, #starttls{});
|
||||||
|
#starttls{} when not Encrypted ->
|
||||||
|
process_sasl_failure(
|
||||||
|
<<"STARTTLS is disabled in local configuration">>, State1);
|
||||||
_ ->
|
_ ->
|
||||||
State2 = process_cert_verification(State1),
|
State2 = process_cert_verification(State1),
|
||||||
case is_disconnected(State2) of
|
case is_disconnected(State2) of
|
||||||
|
Loading…
Reference in New Issue
Block a user