# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1699745722 -3600
# Node ID 28211ed70b4caf37d3e0bc4eef125de46497a047
# Parent  19c814d4dd3a611d1fab738479bb70201712adab
mod_s2s_auth_dane_in: Bail out on explicit service denial

diff -r 19c814d4dd3a -r 28211ed70b4c plugins/mod_s2s_auth_dane_in.lua
--- a/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:33:57 2023 +0100
+++ b/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:35:22 2023 +0100
@@ -70,6 +70,7 @@
 	local function fetch_tlsa(res)
 		local tlsas = {};
 		for _, rr in ipairs(res) do
+			if rr.srv.target == "." then return {}; end
 			table.insert(tlsas, resolver:lookup_promise(("_%d._tcp.%s"):format(rr.srv.port, rr.srv.target), "TLSA"):next(ensure_secure));
 		end
 		return promise.all(tlsas);