Mercurial > prosody-modules

comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1962:2f32196586bb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_dane: Keep DANE response around after the connection is established to aid in debugging
author Kim Alvefur <zash@zash.se>
date Thu, 10 Dec 2015 23:24:11 +0100
parents 6979ee1db9f8
children 98d757dc0771
comparison
equal deleted inserted replaced
1961:6979ee1db9f8 1962:2f32196586bb
223 ..((session.direction == "outgoing" and "offered") or "used") 223 ..((session.direction == "outgoing" and "offered") or "used")
224 }); 224 });
225 return false; 225 return false;
226 end 226 end
227 -- Cleanup 227 -- Cleanup
228 session.dane = nil;
229 session.srv_hosts = nil; 228 session.srv_hosts = nil;
230 end); 229 end);
231 end 230 end
232 231
233 -- Compare one TLSA record against a certificate 232 -- Compare one TLSA record against a certificate
288 session.cert_identity_status = "valid"; 287 session.cert_identity_status = "valid";
289 if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status 288 if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status
290 session.cert_chain_status = "valid"; 289 session.cert_chain_status = "valid";
291 end 290 end
292 match_found = true; 291 match_found = true;
292 dane.matching = tlsa;
293 break; 293 break;
294 end 294 end
295 -- DANE-TA or PKIX-CA 295 -- DANE-TA or PKIX-CA
296 elseif use == 2 or use == 0 then 296 elseif use == 2 or use == 0 then
297 supported_found = true; 297 supported_found = true;
317 session.cert_chain_status = "valid"; 317 session.cert_chain_status = "valid";
318 -- else -- TODO Check against SRV target? 318 -- else -- TODO Check against SRV target?
319 end 319 end
320 end 320 end
321 match_found = true; 321 match_found = true;
322 dane.matching = tlsa;
322 break; 323 break;
323 end 324 end
324 end 325 end
325 if match_found then break end 326 if match_found then break end
326 end 327 end