Changeset

1356:a74ba847195a

mod_s2s_auth_dane: Drop support for domains without SRV for now
author Kim Alvefur <zash@zash.se>
date Tue, 18 Mar 2014 16:09:51 +0100 (2014-03-18)
parents 1355:7f68d950bdd6
children 1357:67990f8d8228
files mod_s2s_auth_dane/mod_s2s_auth_dane.lua
diffstat 1 files changed, 5 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Tue Mar 18 16:02:24 2014 +0100
+++ b/mod_s2s_auth_dane/mod_s2s_auth_dane.lua	Tue Mar 18 16:09:51 2014 +0100
@@ -47,17 +47,18 @@
 	if host_session.direction == "incoming" then
 		local name = idna_to_ascii(host_session.from_host);
 		if not name then return end
-		local handle = dns_lookup(function (answer)
+		host_session.dane = dns_lookup(function (answer)
 			if not answer.secure then
 				if cb then return cb(a,b,c,e); end
 				return;
 			end
-			if #answer == 1 and answer[1].srv.target == '.' then return end
+			local n = #answer
+			if n == 0 then if cb then return cb(a,b,c,e); end return end
+			if n == 1 and answer[1].srv.target == '.' then return end
 			local srv_hosts = { answer = answer };
 			local dane = {};
 			host_session.dane = dane;
 			host_session.srv_hosts = srv_hosts;
-			local n = #answer
 			for _, record in ipairs(answer) do
 				t_insert(srv_hosts, record.srv);
 				dns_lookup(function(dane_answer)
@@ -75,8 +76,7 @@
 		end, "_xmpp-server._tcp."..name..".", "SRV");
 		return true;
 	elseif host_session.direction == "outgoing" then
-		local srv_hosts = host_session.srv_hosts;
-		if not (srv_choice and srv_choice.answer and srv_choice.answer.secure) then
+		if not host_session.srv_hosts then return end
 		local srv_choice = host_session.srv_hosts[host_session.srv_choice];
 		host_session.dane = dns_lookup(function(answer)
 			if answer and (answer.secure and #answer > 0) or answer.bogus then
@@ -93,10 +93,6 @@
 
 local _try_connect = s2sout.try_connect;
 function s2sout.try_connect(host_session, connect_host, connect_port, err)
-	if not host_session.srv_hosts then
-		host_session.srv_hosts = { answer = { secure = true }, { target = connect_host, port = connect_port } };
-		host_session.srv_choice = 1;
-	end
 	if not err and dane_lookup(host_session, _try_connect, host_session, connect_host, connect_port, err) then
 		return true;
 	end