--- a/plugins/mod_s2s.lua Sat Feb 24 14:35:17 2024 +0100
+++ b/plugins/mod_s2s.lua Sat Feb 24 17:45:50 2024 +0100
@@ -1015,6 +1015,8 @@
-- In practice most cases are configuration mistakes or forgotten
-- certificate renewals. We think it's better to let the other party
-- know about the problem so that they can fix it.
+ --
+ -- Note: Bounce message must not include name of server, as it may leak half your JID in semi-anon MUCs.
session:close({ condition = "not-authorized", text = "Your server's certificate "..reason },
nil, "Remote server's certificate "..reason);
return false;