Mercurial > prosody-modules
changeset 1261:6a37bd22c8df
mod_s2s_auth_dane: Warn about unsupported DANE params
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 03 Jan 2014 15:00:05 +0100 |
parents | 4e14ad802d58 |
children | 1e84eebf3f46 |
files | mod_s2s_auth_dane/mod_s2s_auth_dane.lua |
diffstat | 1 files changed, 7 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Jan 03 11:54:13 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Jan 03 15:00:05 2014 +0100 @@ -60,15 +60,20 @@ certdata = pem2der(cert:pem()); elseif select == 1 then certdata = pem2der(cert:pubkey()); + else + module:log("warn", "DANE selector %d is unsupported", select); end if match == 1 then certdata = hashes.sha256(certdata); elseif match == 2 then certdata = hashes.sha512(certdata); + elseif match ~= 0 then + module:log("warn", "DANE match rule %d is unsupported", match); + certdata = nil end -- Should we check if the cert subject matches? - if certdata == tlsa.data then + if certdata and certdata == tlsa.data then (session.log or module._log)("info", "DANE validation successful"); session.cert_identity_status = "valid" if use == 3 then @@ -78,7 +83,7 @@ break; end else - module:log("warn", "DANE %s is unsupported", tlsa:getUsage()); + module:log("warn", "DANE %s is unsupported", tlsa:getUsage() or ("usage "..tostring(use))); -- TODO Ca checks needs to loop over the chain and stuff end end