Mercurial > prosody-modules
changeset 1328:446fcda4ec45
mod_s2s_auth_dane: Delay s2sout state machine until we get TLSA reply
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 05 Mar 2014 17:40:44 +0100 |
parents | b93f45c42044 |
children | 8d99b9c4cf0c |
files | mod_s2s_auth_dane/mod_s2s_auth_dane.lua |
diffstat | 1 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Wed Mar 05 17:38:36 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Wed Mar 05 17:40:44 2014 +0100 @@ -31,19 +31,23 @@ local srv_hosts = host_session.srv_hosts; local srv_choice = host_session.srv_choice; if srv_hosts and srv_hosts.answer.secure and not srv_hosts[srv_choice].dane then - dns_lookup(function(answer) + srv_hosts[srv_choice].dane = dns_lookup(function(answer) if answer and ( #answer > 0 or answer.bogus ) then srv_hosts[srv_choice].dane = answer; for i, tlsa in ipairs(answer) do module:log("debug", "TLSA %s", tostring(tlsa)); end + else + srv_hosts[srv_choice].dane = false; end + -- "blocking" until TLSA reply, but no race condition + return _try_connect(host_session, connect_host, connect_port, err); end, ("_%d._tcp.%s"):format(connect_port, connect_host), "TLSA"); + return true end return _try_connect(host_session, connect_host, connect_port, err); end --- This and the TLSA reply are in a race condition :( module:hook("s2s-check-certificate", function(event) local session, cert = event.session, event.cert; local srv_hosts = session.srv_hosts;