prosody
28211ed70b4c
plugins/mod_s2s_auth_dane_in.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/mod_s2s_auth_dane_in.lua @ 13322:28211ed70b4c

mod_s2s_auth_dane_in: Bail out on explicit service denial
author Kim Alvefur <zash@zash.se>
date Sun, 12 Nov 2023 00:35:22 +0100
parent 13297:7264c4d16072
child 13416:d8e885db9851
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:33:57 2023 +0100
+++ b/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:35:22 2023 +0100
@@ -70,6 +70,7 @@
 	local function fetch_tlsa(res)
 		local tlsas = {};
 		for _, rr in ipairs(res) do
+			if rr.srv.target == "." then return {}; end
 			table.insert(tlsas, resolver:lookup_promise(("_%d._tcp.%s"):format(rr.srv.port, rr.srv.target), "TLSA"):next(ensure_secure));
 		end
 		return promise.all(tlsas);