Better log s2s auth failures when TLS is not available

author: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-03-18 13:59:24 +0300
committer: Evgeniy Khramtsov <ekhramtsov@process-one.net> 2017-03-18 13:59:24 +0300
commit: 06f42bc749a113273d617c27c17e8792a561de13 (patch)
tree: a0f75bf59837a6c3e46eaa0c4135c97aff39b0d9 /src/xmpp_stream_out.erl
parent: Log startup time (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/xmpp_stream_out.erl b/src/xmpp_stream_out.erl
index 3832a75d..d0a39158 100644
--- a/src/xmpp_stream_out.erl
+++ b/src/xmpp_stream_out.erl
@@ -518,12 +518,18 @@ process_features(#stream_features{sub_els = Els} = StreamFeatures,
 		false when TLSRequired and not Encrypted ->
 		    Txt = <<"Use of STARTTLS required">>,
 		    send_pkt(State1, xmpp:serr_policy_violation(Txt, Lang));
+		false when not Encrypted ->
+		    process_sasl_failure(
+		      <<"Peer doesn't support STARTTLS">>, State1);
 		#starttls{required = true} when not TLSAvailable and not Encrypted ->
 		    Txt = <<"Use of STARTTLS forbidden">>,
 		    send_pkt(State1, xmpp:serr_unsupported_feature(Txt, Lang));
 		#starttls{} when TLSAvailable and not Encrypted ->
 		    State2 = State1#{stream_state => wait_for_starttls_response},
 		    send_pkt(State2, #starttls{});
+		#starttls{} when not Encrypted ->
+		    process_sasl_failure(
+		      <<"STARTTLS is disabled in local configuration">>, State1);
 		_ ->
 		    State2 = process_cert_verification(State1),
 		    case is_disconnected(State2) of
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-03-18 13:59:24 +0300
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>	2017-03-18 13:59:24 +0300
commit	06f42bc749a113273d617c27c17e8792a561de13 (patch)
tree	a0f75bf59837a6c3e46eaa0c4135c97aff39b0d9 /src/xmpp_stream_out.erl
parent	Log startup time (diff)