# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1394803833 -3600
# Node ID cda335db2cbb72af2770adbdefce04e2d35232e5
# Parent  350e903b14ffc0df7318de2960fc9dcea292f43d
mod_s2s_auth_dane: Bogus replies should have no RRdata

diff -r 350e903b14ff -r cda335db2cbb mod_s2s_auth_dane/mod_s2s_auth_dane.lua
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:23:27 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Fri Mar 14 14:30:33 2014 +0100
@@ -27,8 +27,6 @@
 
 local s2sout = module:depends"s2s".route_to_new_session.s2sout;
 
-local bogus = {};
-
 local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
 "([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
 local function pem2der(pem)
@@ -48,10 +46,8 @@
 	local ascii_host = name and idna_to_ascii(name);
 	if not ascii_host then return false; end
 	host_session.dane = dns_lookup(function(answer)
-		if answer and (answer.secure and #answer > 0) then
+		if answer and (answer.secure and #answer > 0) or answer.bogus then
 			host_session.dane = answer;
-		elseif answer.bogus then
-			host_session.dane = bogus;
 		else
 			host_session.dane = false;
 		end