changeset 1674:7f4c64cfed09

mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are
author Kim Alvefur <zash@zash.se>
date Mon, 13 Apr 2015 13:36:38 +0200
parents aac5e56615ce
children 116488cced16
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 4 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Mon Apr 13 13:35:37 2015 +0200
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Mon Apr 13 13:36:38 2015 +0200
@@ -68,6 +68,10 @@
 	if host_session.dane ~= nil then return end -- Has already done a lookup
 
 	if host_session.direction == "incoming" then
+		if not host_session.from_host then
+			module:log("debug", "Session doesn't have a 'from' host set");
+			return;
+		end
 		-- We don't know what hostname or port to use for Incoming connections
 		-- so we do a SRV lookup and then request TLSA records for each SRV
 		-- Most servers will probably use the same certificate on outgoing