equal
deleted
inserted
replaced
223 ..((session.direction == "outgoing" and "offered") or "used") |
223 ..((session.direction == "outgoing" and "offered") or "used") |
224 }); |
224 }); |
225 return false; |
225 return false; |
226 end |
226 end |
227 -- Cleanup |
227 -- Cleanup |
228 session.dane = nil; |
|
229 session.srv_hosts = nil; |
228 session.srv_hosts = nil; |
230 end); |
229 end); |
231 end |
230 end |
232 |
231 |
233 -- Compare one TLSA record against a certificate |
232 -- Compare one TLSA record against a certificate |
288 session.cert_identity_status = "valid"; |
287 session.cert_identity_status = "valid"; |
289 if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status |
288 if use == 3 then -- DANE-EE, chain status equals DNSSEC chain status |
290 session.cert_chain_status = "valid"; |
289 session.cert_chain_status = "valid"; |
291 end |
290 end |
292 match_found = true; |
291 match_found = true; |
|
292 dane.matching = tlsa; |
293 break; |
293 break; |
294 end |
294 end |
295 -- DANE-TA or PKIX-CA |
295 -- DANE-TA or PKIX-CA |
296 elseif use == 2 or use == 0 then |
296 elseif use == 2 or use == 0 then |
297 supported_found = true; |
297 supported_found = true; |
317 session.cert_chain_status = "valid"; |
317 session.cert_chain_status = "valid"; |
318 -- else -- TODO Check against SRV target? |
318 -- else -- TODO Check against SRV target? |
319 end |
319 end |
320 end |
320 end |
321 match_found = true; |
321 match_found = true; |
|
322 dane.matching = tlsa; |
322 break; |
323 break; |
323 end |
324 end |
324 end |
325 end |
325 if match_found then break end |
326 if match_found then break end |
326 end |
327 end |