Software /
code /
prosody
Comparison
net/resolvers/basic.lua @ 11414:5a71f14ab77c
net.connect: Add DANE support
Disabled DANE by default, since it needs extra steps to be useful. The
built-in DNS stub resolver does not support DNSSEC so having DANE
enabled by default only leads to an extra wasted DNS request.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Tue, 02 Mar 2021 22:41:59 +0100 |
parent | 11008:fd735fe2fc50 |
child | 11420:f768db80aee0 |
comparison
equal
deleted
inserted
replaced
11413:9fb23779c863 | 11414:5a71f14ab77c |
---|---|
26 -- FIXME report IDNA error | 26 -- FIXME report IDNA error |
27 cb(nil); | 27 cb(nil); |
28 return; | 28 return; |
29 end | 29 end |
30 | 30 |
31 local secure = true; | |
32 local tlsa = {}; | |
31 local targets = {}; | 33 local targets = {}; |
32 local n = 2; | 34 local n = 3; |
33 local function ready() | 35 local function ready() |
34 n = n - 1; | 36 n = n - 1; |
35 if n > 0 then return; end | 37 if n > 0 then return; end |
36 self.targets = targets; | 38 self.targets = targets; |
39 if self.extra and self.extra.use_dane then | |
40 if secure then | |
41 self.extra.tlsa = tlsa; | |
42 self.extra.dane_hostname = self.hostname; | |
43 else | |
44 self.extra.tlsa = nil; | |
45 self.extra.dane_hostname = nil; | |
46 end | |
47 end | |
37 self:next(cb); | 48 self:next(cb); |
38 end | 49 end |
39 | 50 |
40 -- Resolve DNS to target list | 51 -- Resolve DNS to target list |
41 local dns_resolver = adns.resolver(); | 52 local dns_resolver = adns.resolver(); |
42 | 53 |
43 if not self.extra or self.extra.use_ipv4 ~= false then | 54 if not self.extra or self.extra.use_ipv4 ~= false then |
44 dns_resolver:lookup(function (answer) | 55 dns_resolver:lookup(function (answer) |
45 if answer then | 56 if answer then |
57 secure = secure and answer.secure; | |
46 for _, record in ipairs(answer) do | 58 for _, record in ipairs(answer) do |
47 table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra }); | 59 table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra }); |
48 end | 60 end |
49 end | 61 end |
50 ready(); | 62 ready(); |
54 end | 66 end |
55 | 67 |
56 if not self.extra or self.extra.use_ipv6 ~= false then | 68 if not self.extra or self.extra.use_ipv6 ~= false then |
57 dns_resolver:lookup(function (answer) | 69 dns_resolver:lookup(function (answer) |
58 if answer then | 70 if answer then |
71 secure = secure and answer.secure; | |
59 for _, record in ipairs(answer) do | 72 for _, record in ipairs(answer) do |
60 table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra }); | 73 table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra }); |
61 end | 74 end |
62 end | 75 end |
63 ready(); | 76 ready(); |
64 end, self.hostname, "AAAA", "IN"); | 77 end, self.hostname, "AAAA", "IN"); |
78 end | |
79 | |
80 if self.extra and self.extra.use_dane == true then | |
81 dns_resolver:lookup(function (answer) | |
82 if answer then | |
83 secure = secure and answer.secure; | |
84 for _, record in ipairs(answer) do | |
85 table.insert(tlsa, record.tlsa); | |
86 end | |
87 end | |
88 ready(); | |
89 end, ("_%d._tcp.%s"):format(self.port, self.hostname), "TLSA", "IN"); | |
65 else | 90 else |
66 ready(); | 91 ready(); |
67 end | 92 end |
68 end | 93 end |
69 | 94 |