--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 23:08:41 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sun Mar 09 23:17:17 2014 +0100
@@ -14,6 +14,8 @@
local s2sout = module:depends"s2s".route_to_new_session.s2sout;
+local bogus = {};
+
local pat = "%-%-%-%-%-BEGIN ([A-Z ]+)%-%-%-%-%-\r?\n"..
"([0-9A-Za-z=+/\r\n]*)\r?\n%-%-%-%-%-END %1%-%-%-%-%-";
local function pem2der(pem)
@@ -37,8 +39,10 @@
local srv_choice = host_session.srv_choice;
if srv_hosts and srv_hosts.answer.secure and srv_hosts[srv_choice].dane == nil then
srv_hosts[srv_choice].dane = dns_lookup(function(answer)
- if answer and ( #answer > 0 or answer.bogus ) then
+ if answer and #answer > 0 and answer.secure then
srv_hosts[srv_choice].dane = answer;
+ elseif answer.bogus then
+ srv_hosts[srv_choice].dane = bogus;
else
srv_hosts[srv_choice].dane = false;
end
@@ -134,8 +138,10 @@
if not origin.from_host or origin.dane ~= nil then return end
origin.dane = dns_lookup(function(answer)
- if answer and ( #answer > 0 or answer.bogus ) then
- origin.dane = answer;
+ if answer and #answer > 0 and answer.secure then
+ srv_hosts[srv_choice].dane = answer;
+ elseif answer.bogus then
+ srv_hosts[srv_choice].dane = bogus;
else
origin.dane = false;
end