mod_s2s: Close incoming s2s with stream error when secure and we don't trust their certificate
--- a/plugins/mod_s2s/mod_s2s.lua Sun Mar 31 22:40:01 2013 +0100
+++ b/plugins/mod_s2s/mod_s2s.lua Mon Apr 01 14:45:59 2013 +0100
@@ -632,7 +632,11 @@
if must_secure and not session.cert_identity_status then
module:log("warn", "Forbidding insecure connection to/from %s", host);
- session:close(false);
+ if session.direction == "incoming" then
+ session:close({ condition = "not-authorized", text = "Your server's certificate is invalid, expired, or not trusted by"..session.to_host });
+ else -- Close outgoing connections without warning
+ session:close(false);
+ end
return false;
end
end