Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)
authorKim Alvefur <zash@zash.se>
Sun, 29 Sep 2019 16:53:56 +0200
changeset 11417 9fb23779c863
parent 11416 77785c5d6773
child 11418 5a71f14ab77c
net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)
net/server_epoll.lua file | annotate | diff | comparison | revisions 
--- a/net/server_epoll.lua	Tue Mar 02 21:47:09 2021 +0100
+++ b/net/server_epoll.lua	Sun Sep 29 16:53:56 2019 +0200
@@ -13,6 +13,7 @@
 local type = type;
 local next = next;
 local pairs = pairs;
+local ipairs = ipairs;
 local traceback = debug.traceback;
 local logger = require "util.logger";
 local log = logger.init("server_epoll");
@@ -585,6 +586,19 @@
 				conn:sni(self._server.hosts, true);
 			end
 		end
+		if self.extra and self.extra.tlsa and conn.settlsa then
+			-- TODO Error handling
+			if not conn:setdane(self.servername or self.extra.dane_hostname) then
+				self:debug("Could not enable DANE on connection");
+			else
+				self:debug("Enabling DANE with %d TLSA records", #self.extra.tlsa);
+				self:noise("DANE hostname is %q", self.servername or self.extra.dane_hostname);
+				for _, tlsa in ipairs(self.extra.tlsa) do
+					self:noise("TLSA: %q", tlsa);
+					conn:settlsa(tlsa.use, tlsa.select, tlsa.match, tlsa.data);
+				end
+			end
+		end
 		self:on("starttls");
 		self.ondrain = nil;
 		self.onwritable = interface.tlshandshake;
prosody