Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup
authorKim Alvefur <zash@zash.se>
Sat, 12 Dec 2015 16:59:49 +0100
changeset 1975 54405541d0ba
parent 1974 5ea6f4e6fa8c
child 1976 b10118d7c0df
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup
mod_s2s_auth_dane/mod_s2s_auth_dane.lua file | annotate | diff | comparison | revisions 
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:01:58 2015 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Sat Dec 12 16:59:49 2015 +0100
@@ -92,7 +92,11 @@
 				return cb(host_session);
 			end
 
-			if not answer.secure then
+			if answer.bogus then
+				log("warn", "Results are bogus!");
+				-- Bad sign, probably not a good idea to do any fallback here
+				host_session.dane = answer;
+			elseif not answer.secure then
 				log("debug", "Results are not secure");
 				return cb(host_session);
 			end
prosody-modules