mod_s2s_auth_dane: Abort earlier for sessions from hosts that don't say who they are
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Mon Apr 13 13:35:37 2015 +0200
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Mon Apr 13 13:36:38 2015 +0200
@@ -68,6 +68,10 @@
if host_session.dane ~= nil then return end -- Has already done a lookup
if host_session.direction == "incoming" then
+ if not host_session.from_host then
+ module:log("debug", "Session doesn't have a 'from' host set");
+ return;
+ end
-- We don't know what hostname or port to use for Incoming connections
-- so we do a SRV lookup and then request TLSA records for each SRV
-- Most servers will probably use the same certificate on outgoing