# HG changeset patch # User Kim Alvefur # Date 1395235990 -3600 # Node ID 74769c0c79f8a408a7b3ccfe54715477cb738b58 # Parent 497e1df4b7ee945b19201eb7b7bb513213459ace mod_s2s_auth_dane: Verify that the SRV is secure diff -r 497e1df4b7ee -r 74769c0c79f8 mod_s2s_auth_dane/mod_s2s_auth_dane.lua --- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Wed Mar 19 14:04:09 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Wed Mar 19 14:33:10 2014 +0100 @@ -81,8 +81,9 @@ end, "_xmpp-server._tcp."..name..".", "SRV"); return true; elseif host_session.direction == "outgoing" then - if not host_session.srv_hosts then return end - local srv_choice = host_session.srv_hosts[host_session.srv_choice]; + local srv_hosts = host_session.srv_hosts; + if not ( srv_hosts and srv_hosts.answer and srv_hosts.answer.secure ) then return end + local srv_choice = srv_hosts[host_session.srv_choice]; host_session.dane = dns_lookup(function(answer) if answer and (answer.secure and #answer > 0) or answer.bogus then srv_choice.dane = answer;