Mercurial > prosody-modules
diff mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2181:f00cbfb812cd
mod_s2s_auth_dane: Attempt a new approach to async lookups that doesn't depend on connection pausing
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Thu, 26 May 2016 15:35:52 +0200 |
parents | 5e0102a07fdc |
children | 5df3b646c9ad |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Thu May 26 15:31:32 2016 +0200 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Thu May 26 15:35:52 2016 +0200 @@ -198,33 +198,7 @@ end end -local function resume(host_session) - host_session.log("debug", "DANE lookup completed, resuming connection"); - host_session.conn:resume() -end - function module.add_host(module) - local function on_new_s2s(event) - local host_session = event.origin; - if host_session.type == "s2sout" or host_session.type == "s2sin" then - return; -- Already authenticated - end - if host_session.dane ~= nil then - return; -- Already done DANE lookup - end - if dane_lookup(host_session, resume) then - host_session.log("debug", "Pausing connection until DANE lookup is completed"); - host_session.conn:pause() - end - end - - -- New outgoing connections - module:hook("stanza/http://etherx.jabber.org/streams:features", on_new_s2s, 501); - module:hook("s2sout-authenticate-legacy", on_new_s2s, 200); - - -- New incoming connections - module:hook("s2s-stream-features", on_new_s2s, 10); - module:hook("s2s-authenticated", function(event) local session = event.session; if session.dane and type(session.dane) == "table" and next(session.dane) ~= nil and not session.secure then @@ -272,11 +246,26 @@ return certdata == tlsa.data; end +-- Re-run streamopend() to continue +local function resume(session) + local attr = { + version = session.version, + to = session.to_host, + from = session.from_host, + id = session.streamid, + }; + session.cert_chain_status = nil; + session.open_stream.stream_callbacks.streamopened(session, attr); +end + module:hook("s2s-check-certificate", function(event) local session, cert, host = event.session, event.cert, event.host; if not cert then return end local log = session.log or module._log; local dane = session.dane; + if dane == nil and dane_lookup(session, resume) then + return false; + end if type(dane) == "table" then local match_found, supported_found; for i = 1, #dane do