Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s: Comment on why we avoid hostnames in stanza bounce messages
authorKim Alvefur <zash@zash.se>
Sat, 24 Feb 2024 17:45:50 +0100
changeset 13448 783706350faa
parent 13447 98a6ec4ce140
child 13450 dba7073f1452
mod_s2s: Comment on why we avoid hostnames in stanza bounce messages
plugins/mod_s2s.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_s2s.lua	Sat Feb 24 14:35:17 2024 +0100
+++ b/plugins/mod_s2s.lua	Sat Feb 24 17:45:50 2024 +0100
@@ -1015,6 +1015,8 @@
 		-- In practice most cases are configuration mistakes or forgotten
 		-- certificate renewals. We think it's better to let the other party
 		-- know about the problem so that they can fix it.
+		--
+		-- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
 		session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
 			nil, "Remote server's certificate "..reason);
 		return false;
prosody