RFC 5802 section 5.1 (last bullet point) states:
Unknown optional extensions MUST be ignored upon receipt.
Only mandatory options should result in an error, if unsupported by one party. To quote the RFC again:

Mandatory extensions sent by one peer but not understood by the
other MUST cause authentication failure (the server SHOULD send
the "extensions-not-supported" server-error-value).

The bug is here:

Example of an optional attribute that should be ignored by ejabberd:
p=tls-exporter,,n=user,r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6,d=deadbeef

Example of a mandatory attribute that should result in an unsupported_extension error:
p=tls-exporter,,n=user,r=12C4CD5C-E38E-4A98-8F6D-15C38F51CCC6,m=deadbeef

Thanks, did miss that, will add that.

This should be fixed by 807fc73

Looks good.
Another possible bug: an m= attribute in the client-final-message (step = 4 in your code) should also generate an error response.

@prefiks: Have you seen the last comment from @tmolitor-stud-tu?

Yes, i added that as well