Comparison

mod_s2s_auth_dane/mod_s2s_auth_dane.lua @ 2003:8ccf347c7753

mod_s2s_auth_dane: Warn only if there enabled uses that can't be supported
author Kim Alvefur <zash@zash.se>
date Mon, 11 Jan 2016 15:45:09 +0100
parent 1972:b10118d7c0df
child 2032:6645838c6475
comparison
equal deleted inserted replaced
2002:ce991c678370 2003:8ccf347c7753
55 if cert_mt and cert_mt.__index.issued then 55 if cert_mt and cert_mt.__index.issued then
56 -- Need cert:issued() for these 56 -- Need cert:issued() for these
57 implemented_uses:add("DANE-TA"); 57 implemented_uses:add("DANE-TA");
58 implemented_uses:add("PKIX-CA"); 58 implemented_uses:add("PKIX-CA");
59 else 59 else
60 module:log("warn", "Unable to support DANE-TA and PKIX-CA"); 60 module:log("debug", "The cert:issued() method is unavailable, DANE-TA and PKIX-CA can't be enabled");
61 end 61 end
62 end 62 end
63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" }); 63 local configured_uses = module:get_option_set("dane_uses", { "DANE-EE", "DANE-TA" });
64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; 64 local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end;
65 local unsupported = configured_uses - implemented_uses;
66 if not unsupported:empty() then
67 module:log("warn", "Unable to support DANE uses %s", tostring(unsupported));
68 end
65 69
66 -- Find applicable TLSA records 70 -- Find applicable TLSA records
67 -- Takes a s2sin/out and a callback 71 -- Takes a s2sin/out and a callback
68 local function dane_lookup(host_session, cb) 72 local function dane_lookup(host_session, cb)
69 cb = cb or noop; 73 cb = cb or noop;