Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1961:6979ee1db9f8
mod_s2s_auth_dane: Some more verbose debug logging
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 10 Dec 2015 23:23:07 +0100 |
| parents | 7974a24d29b6 |
| children | 2f32196586bb |
comparison
equal
deleted
inserted
replaced
| 1960:5f68a8928722 | 1961:6979ee1db9f8 |
|---|---|
| 110 host_session.srv_hosts = srv_hosts; | 110 host_session.srv_hosts = srv_hosts; |
| 111 local dane; | 111 local dane; |
| 112 for _, record in ipairs(answer) do | 112 for _, record in ipairs(answer) do |
| 113 t_insert(srv_hosts, record.srv); | 113 t_insert(srv_hosts, record.srv); |
| 114 dns_lookup(function(dane_answer) | 114 dns_lookup(function(dane_answer) |
| 115 host_session.log("debug", "Got answer for %s:%d", record.srv.target, record.srv.port); | |
| 115 n = n - 1; | 116 n = n - 1; |
| 116 -- There are three kinds of answers | 117 -- There are three kinds of answers |
| 117 -- Insecure, Secure and Bogus | 118 -- Insecure, Secure and Bogus |
| 118 -- | 119 -- |
| 119 -- We collect Secure answers for later use | 120 -- We collect Secure answers for later use |
| 127 -- replies matched, we consider the connection insecure. | 128 -- replies matched, we consider the connection insecure. |
| 128 | 129 |
| 129 if (dane_answer.bogus or dane_answer.secure) and not dane then | 130 if (dane_answer.bogus or dane_answer.secure) and not dane then |
| 130 -- The first answer we care about | 131 -- The first answer we care about |
| 131 -- For services with only one SRV record, this will be the only one | 132 -- For services with only one SRV record, this will be the only one |
| 133 host_session.log("debug", "First secure (or bogus) TLSA") | |
| 132 dane = dane_answer; | 134 dane = dane_answer; |
| 133 elseif dane_answer.bogus then | 135 elseif dane_answer.bogus then |
| 136 host_session.log("debug", "Got additional bogus TLSA") | |
| 134 dane.bogus = dane_answer.bogus; | 137 dane.bogus = dane_answer.bogus; |
| 135 elseif dane_answer.secure then | 138 elseif dane_answer.secure then |
| 139 host_session.log("debug", "Got additional secure TLSA") | |
| 136 for _, dane_record in ipairs(dane_answer) do | 140 for _, dane_record in ipairs(dane_answer) do |
| 137 t_insert(dane, dane_record); | 141 t_insert(dane, dane_record); |
| 138 end | 142 end |
| 139 end | 143 end |
| 140 if n == 0 then | 144 if n == 0 then |