Software / code / prosody-modules
Changeset
1971:54405541d0ba
mod_s2s_auth_dane: Abort on bogus reply to SRV lookup
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 12 Dec 2015 16:59:49 +0100 |
| parents | 1970:5ea6f4e6fa8c |
| children | 1972:b10118d7c0df |
| files | mod_s2s_auth_dane/mod_s2s_auth_dane.lua |
| diffstat | 1 files changed, 5 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sat Dec 12 16:01:58 2015 +0100 +++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua Sat Dec 12 16:59:49 2015 +0100 @@ -92,7 +92,11 @@ return cb(host_session); end - if not answer.secure then + if answer.bogus then + log("warn", "Results are bogus!"); + -- Bad sign, probably not a good idea to do any fallback here + host_session.dane = answer; + elseif not answer.secure then log("debug", "Results are not secure"); return cb(host_session); end
