# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1394037644 -3600
# Node ID 446fcda4ec45fc758598b43f4576e9c8abd9e638
# Parent  b93f45c42044d5f11cc1a964dc60a476cbaefa54
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply

diff -r b93f45c42044 -r 446fcda4ec45 mod_s2s_auth_dane/mod_s2s_auth_dane.lua
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Mar 05 17:38:36 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Mar 05 17:40:44 2014 +0100
@@ -31,19 +31,23 @@
 	local srv_hosts = host_session.srv_hosts;
 	local srv_choice = host_session.srv_choice;
 	if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then
-		dns_lookup(function(answer)
+		srv_hosts[srv_choice].dane = dns_lookup(function(answer)
 			if answer and ( #answer > 0 or answer.bogus ) then
 				srv_hosts[srv_choice].dane = answer;
 				for i, tlsa in ipairs(answer) do
 					module:log("debug", "TLSA %s", tostring(tlsa));
 				end
+			else
+				srv_hosts[srv_choice].dane = false;
 			end
+			-- "blocking" until TLSA reply, but no race condition
+			return _try_connect(host_session, connect_host, connect_port, err);
 		end, ("_%d._tcp.%s"):format(connect_port, connect_host), "TLSA");
+		return true
 	end
 	return _try_connect(host_session, connect_host, connect_port, err);
 end
 
--- This and the TLSA reply are in a race condition :(
 module:hook("s2s-check-certificate", function(event)
 	local session, cert = event.session, event.cert;
 	local srv_hosts = session.srv_hosts;