equal
deleted
inserted
replaced
109 dns_lookup(function(dane_answer) |
109 dns_lookup(function(dane_answer) |
110 n = n - 1; |
110 n = n - 1; |
111 if dane_answer.bogus then |
111 if dane_answer.bogus then |
112 dane.bogus = dane_answer.bogus; |
112 dane.bogus = dane_answer.bogus; |
113 elseif dane_answer.secure then |
113 elseif dane_answer.secure then |
114 for _, record in ipairs(dane_answer) do |
114 for _, dane_record in ipairs(dane_answer) do |
115 t_insert(dane, record); |
115 t_insert(dane, dane_record); |
116 end |
116 end |
117 end |
117 end |
118 if n == 0 then |
118 if n == 0 then |
119 if #dane > 0 and dane.bogus then |
119 if #dane > 0 and dane.bogus then |
120 -- Got at least one non-bogus reply, |
120 -- Got at least one non-bogus reply, |
259 break; |
259 break; |
260 end |
260 end |
261 elseif use == 0 or use == 2 then |
261 elseif use == 0 or use == 2 then |
262 supported_found = true; |
262 supported_found = true; |
263 local chain = session.conn:socket():getpeerchain(); |
263 local chain = session.conn:socket():getpeerchain(); |
264 for i = 1, #chain do |
264 for c = 1, #chain do |
265 local cacert = chain[i]; |
265 local cacert = chain[c]; |
266 local is_match = one_dane_check(tlsa, cacert); |
266 local is_match = one_dane_check(tlsa, cacert); |
267 if is_match ~= nil then |
267 if is_match ~= nil then |
268 supported_found = true; |
268 supported_found = true; |
269 end |
269 end |
270 if is_match and cacert:issued(cert, unpack(chain)) then |
270 if is_match and cacert:issued(cert, unpack(chain)) then |