diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1350:cda335db2cbb

mod_s2s_auth_dane: Bogus replies should have no RRdata
author Kim Alvefur <zash@zash.se>
date Fri, 14 Mar 2014 14:30:33 +0100
parents 350e903b14ff
children a052740bbf48
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:23:27 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:30:33 2014 +0100
@@ -27,8 +27,6 @@
 
 local s2sout = module:depends"s2s".route_to_new_session.s2sout;
 
-local bogus = {};
-
 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
 local function pem2der(pem)
@@ -48,10 +46,8 @@
 	local ascii_host = name and idna_to_ascii(name);
 	if not ascii_host then return false; end
 	host_session.dane = dns_lookup(function(answer)
-		if answer and (answer.secure and #answer > 0) then
+		if answer and (answer.secure and #answer > 0) or answer.bogus then
 			host_session.dane = answer;
-		elseif answer.bogus then
-			host_session.dane = bogus;
 		else
 			host_session.dane = false;
 		end