45 end |
45 end |
46 end |
46 end |
47 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } |
47 local use_map = { ["DANE-EE"] = 3; ["DANE-TA"] = 2; ["PKIX-EE"] = 1; ["PKIX-CA"] = 0 } |
48 |
48 |
49 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; |
49 local implemented_uses = set.new { "DANE-EE", "PKIX-EE" }; |
50 if debug.getregistry()["SSL:Certificate"].__index.issued then |
50 do |
51 -- Need cert:issued() for these |
51 local cert_mt = debug.getregistry()["SSL:Certificate"]; |
52 implemented_uses:add("DANE-TA"); |
52 if cert_mt and cert_mt.__index.issued then |
53 implemented_uses:add("PKIX-CA"); |
53 -- Need cert:issued() for these |
54 else |
54 implemented_uses:add("DANE-TA"); |
55 module:log("warn", "Unable to support DANE-TA and PKIX-CA"); |
55 implemented_uses:add("PKIX-CA"); |
|
56 else |
|
57 module:log("warn", "Unable to support DANE-TA and PKIX-CA"); |
|
58 end |
56 end |
59 end |
57 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); |
60 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); |
58 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |
61 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |
59 |
62 |
60 local function dane_lookup(host_session, cb, a,b,c,e) |
63 local function dane_lookup(host_session, cb, a,b,c,e) |