Software / code / prosody-modules
Changeset
1349:350e903b14ff
mod_s2s_auth_dane: Comments and TODOs
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 14 Mar 2014 14:23:27 +0100 |
| parents | 1348:6191613959dc |
| children | 1350:cda335db2cbb |
| files | mod_s2s_auth_dane/mod_s2s_auth_dane.lua |
| diffstat | 1 files changed, 11 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Mar 14 14:18:18 2014 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Fri Mar 14 14:23:27 2014 +0100 @@ -3,8 +3,18 @@ -- -- This file is MIT/X11 licensed. -- +-- In your DNS, put +-- _xmpp-server.example.com. IN TLSA 3 0 1 <sha256 hash of certificate> +-- +-- Known issues: +-- Race condition -- Could be done much cleaner if mod_s2s was using util.async - +-- +-- TODO Things to test/handle: +-- Negative or bogus answers +-- No encryption offered +-- Different hostname before and after STARTTLS - mod_s2s should complain +-- Interaction with Dialback module:set_global(); @@ -33,12 +43,6 @@ local configured_uses = module:get_option_set("dane_uses", { "DANE-EE" }); local enabled_uses = set.intersection(implemented_uses, configured_uses) / function(use) return use_map[use] end; --- TODO Things to test/handle: --- Negative or bogus answers --- No SRV records --- No encryption offered --- Different hostname before and after STARTTLS - mod_s2s should complain - local function dane_lookup(host_session, name, cb, a,b,c) if host_session.dane ~= nil then return false; end local ascii_host = name and idna_to_ascii(name);
