changeset 1359:74769c0c79f8

mod_s2s_auth_dane: Verify that the SRV is secure
author Kim Alvefur <zash@zash.se>
date Wed, 19 Mar 2014 14:33:10 +0100
parents 497e1df4b7ee
children 6ee395396333
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Mar 19 14:04:09 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Wed Mar 19 14:33:10 2014 +0100
@@ -81,8 +81,9 @@
 		end, "_xmpp-server._tcp."..name..".", "SRV");
 		return true;
 	elseif host_session.direction == "outgoing" then
-		if not host_session.srv_hosts then return end
-		local srv_choice = host_session.srv_hosts[host_session.srv_choice];
+		local srv_hosts = host_session.srv_hosts;
+		if not ( srv_hosts and srv_hosts.answer and srv_hosts.answer.secure )  then return end
+		local srv_choice = srv_hosts[host_session.srv_choice];
 		host_session.dane = dns_lookup(function(answer)
 			if answer and (answer.secure and #answer > 0) or answer.bogus then
 				srv_choice.dane = answer;