Report some TLS errors

author Evgeniy Khramtsov <ekhramtsov@process-one.net>

Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)

committer Evgeniy Khramtsov <ekhramtsov@process-one.net>

Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)
author Evgeniy Khramtsov <ekhramtsov@process-one.net>
Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)
committer Evgeniy Khramtsov <ekhramtsov@process-one.net>
Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl

index 826a49cd4deacc0f247ebb28314d899b5c10da9b..1b7bac130a840322673e19d4938f5f7f9a319e4f 100644 (file)
--- a/src/ejabberd_c2s.erl
+++ b/src/ejabberd_c2s.erl
@@ -275,6 +275,12 @@ process_terminated(#{sockmod := SockMod, socket := Socket, jid := JID} = State,
              end,
      bounce_message_queue(),
      State1;
+process_terminated(#{sockmod := SockMod, socket := Socket,
+                    stop_reason := {tls, no_certfile}} = State, Reason) ->
+    %% TODO: we probably need to report more TLS errors here
+    ?ERROR_MSG("(~s) Failed to secure c2s connection: ~s",
+              [SockMod:pp(Socket), format_reason(State, Reason)]),
+    State;
  process_terminated(State, _Reason) ->
      State.
  
diff --git a/src/ejabberd_s2s_in.erl b/src/ejabberd_s2s_in.erl

index 4289a8b34411104a6dd53bcf7d20cbdae75164e3..1cddfec699b81073fe5b6491b3e9deef0b4e5942 100644 (file)
--- a/src/ejabberd_s2s_in.erl
+++ b/src/ejabberd_s2s_in.erl
@@ -168,7 +168,8 @@ handle_stream_start(_StreamStart, #{lserver := LServer} = State) ->
      end.
  
  handle_stream_end(Reason, #{server_host := LServer} = State) ->
-    ejabberd_hooks:run_fold(s2s_in_closed, LServer, State, [Reason]).
+    State1 = State#{stop_reason => Reason},
+    ejabberd_hooks:run_fold(s2s_in_closed, LServer, State1, [Reason]).
  
  handle_stream_established(State) ->
      set_idle_timeout(State#{established => true}).
@@ -284,7 +285,16 @@ handle_cast(Msg, #{server_host := LServer} = State) ->
  handle_info(Info, #{server_host := LServer} = State) ->
      ejabberd_hooks:run_fold(s2s_in_handle_info, LServer, State, [Info]).
  
-terminate(Reason, #{auth_domains := AuthDomains}) ->
+terminate(Reason, #{auth_domains := AuthDomains,
+                   sockmod := SockMod, socket := Socket} = State) ->
+    case maps:get(stop_reason, State, undefined) of
+       {tls, no_certfile} = Err ->
+           %% TODO: we probably need to report more TLS errors here
+           ?ERROR_MSG("(~s) Failed to secure inbound s2s connection: ~s",
+                      [SockMod:pp(Socket), xmpp_stream_in:format_error(Err)]);
+       _ ->
+           ok
+    end,
      case Reason of
        {process_limit, _} ->
             sets:fold(
author	Evgeniy Khramtsov <ekhramtsov@process-one.net>
	Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)
committer	Evgeniy Khramtsov <ekhramtsov@process-one.net>
	Tue, 7 Mar 2017 15:46:02 +0000 (18:46 +0300)
src/ejabberd_c2s.erl		patch \| blob \| history
src/ejabberd_s2s_in.erl		patch \| blob \| history