Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1328:446fcda4ec45
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 05 Mar 2014 17:40:44 +0100 |
| parents | b93f45c42044 |
| children | 8d99b9c4cf0c |
comparison
equal
deleted
inserted
replaced
| 1327:b93f45c42044 | 1328:446fcda4ec45 |
|---|---|
| 29 | 29 |
| 30 function s2sout.try_connect(host_session, connect_host, connect_port, err) | 30 function s2sout.try_connect(host_session, connect_host, connect_port, err) |
| 31 local srv_hosts = host_session.srv_hosts; | 31 local srv_hosts = host_session.srv_hosts; |
| 32 local srv_choice = host_session.srv_choice; | 32 local srv_choice = host_session.srv_choice; |
| 33 if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then | 33 if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then |
| 34 dns_lookup(function(answer) | 34 srv_hosts[srv_choice].dane = dns_lookup(function(answer) |
| 35 if answer and ( #answer > 0 or answer.bogus ) then | 35 if answer and ( #answer > 0 or answer.bogus ) then |
| 36 srv_hosts[srv_choice].dane = answer; | 36 srv_hosts[srv_choice].dane = answer; |
| 37 for i, tlsa in ipairs(answer) do | 37 for i, tlsa in ipairs(answer) do |
| 38 module:log("debug", "TLSA %s", tostring(tlsa)); | 38 module:log("debug", "TLSA %s", tostring(tlsa)); |
| 39 end | 39 end |
| 40 else | |
| 41 srv_hosts[srv_choice].dane = false; | |
| 40 end | 42 end |
| 43 -- "blocking" until TLSA reply, but no race condition | |
| 44 return _try_connect(host_session, connect_host, connect_port, err); | |
| 41 end, ("_%d._tcp.%s"):format(connect_port, connect_host), "TLSA"); | 45 end, ("_%d._tcp.%s"):format(connect_port, connect_host), "TLSA"); |
| 46 return true | |
| 42 end | 47 end |
| 43 return _try_connect(host_session, connect_host, connect_port, err); | 48 return _try_connect(host_session, connect_host, connect_port, err); |
| 44 end | 49 end |
| 45 | 50 |
| 46 -- This and the TLSA reply are in a race condition :( | |
| 47 module:hook("s2s-check-certificate", function(event) | 51 module:hook("s2s-check-certificate", function(event) |
| 48 local session, cert = event.session, event.cert; | 52 local session, cert = event.session, event.cert; |
| 49 local srv_hosts = session.srv_hosts; | 53 local srv_hosts = session.srv_hosts; |
| 50 local srv_choice = session.srv_choice; | 54 local srv_choice = session.srv_choice; |
| 51 local choosen = srv_hosts and srv_hosts[srv_choice]; | 55 local choosen = srv_hosts and srv_hosts[srv_choice]; |