# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1626643545 -7200
# Node ID 26a8cc9d9eb7ac178558f99c69be904c0227628e
# Parent  5810166f35d5cb13dbedbc65b23dd6125e629d01
net.resolvers.service: Only do DANE with secure SRV records

If this seems backwards, that' because it is but the API isn't really
designed to easily pass along details from each resolution step onto the
next.

diff -r 5810166f35d5 -r 26a8cc9d9eb7 net/resolvers/service.lua
--- a/net/resolvers/service.lua	Sun Jul 18 22:46:57 2021 +0200
+++ b/net/resolvers/service.lua	Sun Jul 18 23:25:45 2021 +0200
@@ -50,6 +50,10 @@
 			answer = {};
 		end
 		if answer then
+			if self.extra and not answer.secure then
+				self.extra.use_dane = false;
+			end
+
 			if #answer == 0 then
 				if self.extra and self.extra.default_port then
 					table.insert(targets, { self.hostname, self.extra.default_port, self.conn_type, self.extra });