Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1674:7f4c64cfed09
mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 13 Apr 2015 13:36:38 +0200 |
| parents | aac5e56615ce |
| children | ab3175685f94 |
comparison
equal
deleted
inserted
replaced
| 1673:aac5e56615ce | 1674:7f4c64cfed09 |
|---|---|
| 66 local function dane_lookup(host_session, cb) | 66 local function dane_lookup(host_session, cb) |
| 67 cb = cb or noop; | 67 cb = cb or noop; |
| 68 if host_session.dane ~= nil then return end -- Has already done a lookup | 68 if host_session.dane ~= nil then return end -- Has already done a lookup |
| 69 | 69 |
| 70 if host_session.direction == "incoming" then | 70 if host_session.direction == "incoming" then |
| 71 if not host_session.from_host then | |
| 72 module:log("debug", "Session doesn't have a 'from' host set"); | |
| 73 return; | |
| 74 end | |
| 71 -- We don't know what hostname or port to use for Incoming connections | 75 -- We don't know what hostname or port to use for Incoming connections |
| 72 -- so we do a SRV lookup and then request TLSA records for each SRV | 76 -- so we do a SRV lookup and then request TLSA records for each SRV |
| 73 -- Most servers will probably use the same certificate on outgoing | 77 -- Most servers will probably use the same certificate on outgoing |
| 74 -- and incoming connections, so this should work well | 78 -- and incoming connections, so this should work well |
| 75 local name = host_session.from_host and idna_to_ascii(host_session.from_host); | 79 local name = host_session.from_host and idna_to_ascii(host_session.from_host); |