Mercurial > prosody-modules
diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1339:50555c2ccbcd
mod_s2s_auth_dane: Improve handling of bogus data
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 09 Mar 2014 23:17:17 +0100 |
parents | eca8c480891e |
children | 47d3c1c8a176 |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 23:08:41 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 23:17:17 2014 +0100 @@ -14,6 +14,8 @@ local s2sout = module:depends"s2s".route_to_new_session.s2sout; +local bogus = {}; + local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n".. "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-"; local function pem2der(pem) @@ -37,8 +39,10 @@ local srv_choice = host_session.srv_choice; if srv_hosts and srv_hosts.answer.secure and srv_hosts[srv_choice].dane == nil then srv_hosts[srv_choice].dane = dns_lookup(function(answer) - if answer and ( #answer > 0 or answer.bogus ) then + if answer and #answer > 0 and answer.secure then srv_hosts[srv_choice].dane = answer; + elseif answer.bogus then + srv_hosts[srv_choice].dane = bogus; else srv_hosts[srv_choice].dane = false; end @@ -134,8 +138,10 @@ if not origin.from_host or origin.dane ~= nil then return end origin.dane = dns_lookup(function(answer) - if answer and ( #answer > 0 or answer.bogus ) then - origin.dane = answer; + if answer and #answer > 0 and answer.secure then + srv_hosts[srv_choice].dane = answer; + elseif answer.bogus then + srv_hosts[srv_choice].dane = bogus; else origin.dane = false; end