changeset 1971:54405541d0ba

mod_s2s_auth_dane: Abort on bogus reply to SRV lookup
author Kim Alvefur <zash@zash.se>
date Sat, 12 Dec 2015 16:59:49 +0100
parents 5ea6f4e6fa8c
children b10118d7c0df
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 5 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:01:58 2015 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:59:49 2015 +0100
@@ -92,7 +92,11 @@
 				return cb(host_session);
 			end
 
-			if not answer.secure then
+			if answer.bogus then
+				log("warn", "Results are bogus!");
+				-- Bad sign, probably not a good idea to do any fallback here
+				host_session.dane = answer;
+			elseif not answer.secure then
 				log("debug", "Results are not secure");
 				return cb(host_session);
 			end