comparison mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1354:93158d5758f3

mod_s2s_auth_dane: Skip TLSA lookups if SRV is insecure
author Kim Alvefur <zash@zash.se>
date Tue, 18 Mar 2014 15:54:08 +0100
parents a17c2c4043e5
children 7f68d950bdd6
comparison
equal deleted inserted replaced
1353:a17c2c4043e5 1354:93158d5758f3
46 if host_session.dane ~= nil then return end 46 if host_session.dane ~= nil then return end
47 if host_session.direction == "incoming" then 47 if host_session.direction == "incoming" then
48 local name = idna_to_ascii(host_session.from_host); 48 local name = idna_to_ascii(host_session.from_host);
49 if not name then return end 49 if not name then return end
50 local handle = dns_lookup(function (answer) 50 local handle = dns_lookup(function (answer)
51 if not answer.secure then return end 51 if not answer.secure then
52 if cb then return cb(a,b,c,e); end
53 return;
54 end
52 if #answer == 1 and answer[1].srv.target == '.' then return end 55 if #answer == 1 and answer[1].srv.target == '.' then return end
53 local srv_hosts = { answer = answer }; 56 local srv_hosts = { answer = answer };
54 local dane = {}; 57 local dane = {};
55 host_session.dane = dane; 58 host_session.dane = dane;
56 host_session.srv_hosts = srv_hosts; 59 host_session.srv_hosts = srv_hosts;