Mercurial > prosody-modules
comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2003:8ccf347c7753
mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Mon, 11 Jan 2016 15:45:09 +0100 |
| parents | b10118d7c0df |
| children | 6645838c6475 |
comparison
equal
deleted
inserted
replaced
| 2002:ce991c678370 | 2003:8ccf347c7753 |
|---|---|
| 55 if cert_mt and cert_mt.__index.issued then | 55 if cert_mt and cert_mt.__index.issued then |
| 56 -- Need cert:issued() for these | 56 -- Need cert:issued() for these |
| 57 implemented_uses:add("DANE-TA"); | 57 implemented_uses:add("DANE-TA"); |
| 58 implemented_uses:add("PKIX-CA"); | 58 implemented_uses:add("PKIX-CA"); |
| 59 else | 59 else |
| 60 module:log("warn", "Unable to support DANE-TA and PKIX-CA"); | 60 module:log("debug", "The cert:issued() method is unavailable, DANE-TA and PKIX-CA can't be enabled"); |
| 61 end | 61 end |
| 62 end | 62 end |
| 63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); | 63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); |
| 64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; | 64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |
| 65 local unsupported = configured_uses - implemented_uses; | |
| 66 if not unsupported:empty() then | |
| 67 module:log("warn", "Unable to support DANE uses %s", tostring(unsupported)); | |
| 68 end | |
| 65 | 69 |
| 66 -- Find applicable TLSA records | 70 -- Find applicable TLSA records |
| 67 -- Takes a s2sin/out and a callback | 71 -- Takes a s2sin/out and a callback |
| 68 local function dane_lookup(host_session, cb) | 72 local function dane_lookup(host_session, cb) |
| 69 cb = cb or noop; | 73 cb = cb or noop; |