net.resolvers.service: Fix reporting of Bogus DNSSEC results
The order of checks led to Bogus results being reported with a generic
"unable to resolve service". This had no practical effects as such
results are simply empty and the process would stop there.
Tested by attempting to establish s2s with dnssec-bogus.sg and observing
the error reply.
--- a/net/resolvers/service.lua Wed Dec 21 21:34:07 2022 +0100
+++ b/net/resolvers/service.lua Wed Dec 21 23:46:37 2022 +0100
@@ -111,12 +111,15 @@
answer = {};
end
if answer then
- if self.extra and not answer.secure then
- self.extra.use_dane = false;
- elseif answer.bogus then
+ if answer.bogus then
self.last_error = "Validation error in SRV lookup";
ready();
return;
+ elseif not answer.secure then
+ if self.extra then
+ -- Insecure results, so no DANE
+ self.extra.use_dane = false;
+ end
end
if #answer == 0 then