Software /
code /
prosody-modules
Comparison
mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2003:8ccf347c7753
mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Mon, 11 Jan 2016 15:45:09 +0100 |
parent | 1972:b10118d7c0df |
child | 2032:6645838c6475 |
comparison
equal
deleted
inserted
replaced
2002:ce991c678370 | 2003:8ccf347c7753 |
---|---|
55 if cert_mt and cert_mt.__index.issued then | 55 if cert_mt and cert_mt.__index.issued then |
56 -- Need cert:issued() for these | 56 -- Need cert:issued() for these |
57 implemented_uses:add("DANE-TA"); | 57 implemented_uses:add("DANE-TA"); |
58 implemented_uses:add("PKIX-CA"); | 58 implemented_uses:add("PKIX-CA"); |
59 else | 59 else |
60 module:log("warn", "Unable to support DANE-TA and PKIX-CA"); | 60 module:log("debug", "The cert:issued() method is unavailable, DANE-TA and PKIX-CA can't be enabled"); |
61 end | 61 end |
62 end | 62 end |
63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); | 63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); |
64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; | 64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; |
65 local unsupported = configured_uses - implemented_uses; | |
66 if not unsupported:empty() then | |
67 module:log("warn", "Unable to support DANE uses %s", tostring(unsupported)); | |
68 end | |
65 | 69 |
66 -- Find applicable TLSA records | 70 -- Find applicable TLSA records |
67 -- Takes a s2sin/out and a callback | 71 -- Takes a s2sin/out and a callback |
68 local function dane_lookup(host_session, cb) | 72 local function dane_lookup(host_session, cb) |
69 cb = cb or noop; | 73 cb = cb or noop; |