# HG changeset patch # User Kim Alvefur <zash@zash.se> # Date 1699745722 -3600 # Node ID 28211ed70b4caf37d3e0bc4eef125de46497a047 # Parent 19c814d4dd3a611d1fab738479bb70201712adab mod_s2s_auth_dane_in: Bail out on explicit service denial diff -r 19c814d4dd3a -r 28211ed70b4c plugins/mod_s2s_auth_dane_in.lua --- a/plugins/mod_s2s_auth_dane_in.lua Sun Nov 12 00:33:57 2023 +0100 +++ b/plugins/mod_s2s_auth_dane_in.lua Sun Nov 12 00:35:22 2023 +0100 @@ -70,6 +70,7 @@ local function fetch_tlsa(res) local tlsas = {}; for _, rr in ipairs(res) do + if rr.srv.target == "." then return {}; end table.insert(tlsas, resolver:lookup_promise(("_%d._tcp.%s"):format(rr.srv.port, rr.srv.target), "TLSA"):next(ensure_secure)); end return promise.all(tlsas);