# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1449935989 -3600
# Node ID 54405541d0bad4cdfb5a8873a3c96dd2c34f3bca
# Parent  5ea6f4e6fa8cc01770dfe2d9a0b7c50967b09d0f
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup

diff -r 5ea6f4e6fa8c -r 54405541d0ba mod_s2s_auth_dane/mod_s2s_auth_dane.lua
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:01:58 2015 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:59:49 2015 +0100
@@ -92,7 +92,11 @@
 				return cb(host_session);
 			end
 
-			if not answer.secure then
+			if answer.bogus then
+				log("warn", "Results are bogus!");
+				-- Bad sign, probably not a good idea to do any fallback here
+				host_session.dane = answer;
+			elseif not answer.secure then
 				log("debug", "Results are not secure");
 				return cb(host_session);
 			end