equal
deleted
inserted
replaced
110 host_session.srv_hosts = srv_hosts; |
110 host_session.srv_hosts = srv_hosts; |
111 local dane; |
111 local dane; |
112 for _, record in ipairs(answer) do |
112 for _, record in ipairs(answer) do |
113 t_insert(srv_hosts, record.srv); |
113 t_insert(srv_hosts, record.srv); |
114 dns_lookup(function(dane_answer) |
114 dns_lookup(function(dane_answer) |
|
115 host_session.log("debug", "Got answer for %s:%d", record.srv.target, record.srv.port); |
115 n = n - 1; |
116 n = n - 1; |
116 -- There are three kinds of answers |
117 -- There are three kinds of answers |
117 -- Insecure, Secure and Bogus |
118 -- Insecure, Secure and Bogus |
118 -- |
119 -- |
119 -- We collect Secure answers for later use |
120 -- We collect Secure answers for later use |
127 -- replies matched, we consider the connection insecure. |
128 -- replies matched, we consider the connection insecure. |
128 |
129 |
129 if (dane_answer.bogus or dane_answer.secure) and not dane then |
130 if (dane_answer.bogus or dane_answer.secure) and not dane then |
130 -- The first answer we care about |
131 -- The first answer we care about |
131 -- For services with only one SRV record, this will be the only one |
132 -- For services with only one SRV record, this will be the only one |
|
133 host_session.log("debug", "First secure (or bogus) TLSA") |
132 dane = dane_answer; |
134 dane = dane_answer; |
133 elseif dane_answer.bogus then |
135 elseif dane_answer.bogus then |
|
136 host_session.log("debug", "Got additional bogus TLSA") |
134 dane.bogus = dane_answer.bogus; |
137 dane.bogus = dane_answer.bogus; |
135 elseif dane_answer.secure then |
138 elseif dane_answer.secure then |
|
139 host_session.log("debug", "Got additional secure TLSA") |
136 for _, dane_record in ipairs(dane_answer) do |
140 for _, dane_record in ipairs(dane_answer) do |
137 t_insert(dane, dane_record); |
141 t_insert(dane, dane_record); |
138 end |
142 end |
139 end |
143 end |
140 if n == 0 then |
144 if n == 0 then |