Mercurial > prosody-modules
diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 1338:eca8c480891e
mod_s2s_auth_dane: Only do TLSA lookup if it hasn't been attempted already
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 09 Mar 2014 23:08:41 +0100 |
parents | c38f163f18b9 |
children | 50555c2ccbcd |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 14:09:24 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 23:08:41 2014 +0100 @@ -35,7 +35,7 @@ function s2sout.try_connect(host_session, connect_host, connect_port, err) local srv_hosts = host_session.srv_hosts; local srv_choice = host_session.srv_choice; - if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then + if srv_hosts and srv_hosts.answer.secure and srv_hosts[srv_choice].dane == nil then srv_hosts[srv_choice].dane = dns_lookup(function(answer) if answer and ( #answer > 0 or answer.bogus ) then srv_hosts[srv_choice].dane = answer; @@ -128,6 +128,7 @@ -- DANE for s2sin -- Looks for TLSA at the same QNAME as the SRV record + -- FIXME This has a race condition module:hook("s2s-stream-features", function(event) local origin = event.origin; if not origin.from_host or origin.dane ~= nil then return end @@ -138,8 +139,7 @@ else origin.dane = false; end - -- "blocking" until TLSA reply, but no race condition - end, ("_xmpp-server._tcp.%s"):format(origin.from_host), "TLSA"); + end, ("_xmpp-server._tcp.%s."):format(origin.from_host), "TLSA"); end, 1); end