# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1569768836 -7200
# Node ID 9fb23779c8636d10a5717a67ca7e308d3f587d47
# Parent  77785c5d67732955ab60c3fe2ef2e7eb46688b72
net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)

diff -r 77785c5d6773 -r 9fb23779c863 net/server_epoll.lua
--- a/net/server_epoll.lua	Tue Mar 02 21:47:09 2021 +0100
+++ b/net/server_epoll.lua	Sun Sep 29 16:53:56 2019 +0200
@@ -13,6 +13,7 @@
 local type = type;
 local next = next;
 local pairs = pairs;
+local ipairs = ipairs;
 local traceback = debug.traceback;
 local logger = require "util.logger";
 local log = logger.init("server_epoll");
@@ -585,6 +586,19 @@
 				conn:sni(self._server.hosts, true);
 			end
 		end
+		if self.extra and self.extra.tlsa and conn.settlsa then
+			-- TODO Error handling
+			if not conn:setdane(self.servername or self.extra.dane_hostname) then
+				self:debug("Could not enable DANE on connection");
+			else
+				self:debug("Enabling DANE with %d TLSA records", #self.extra.tlsa);
+				self:noise("DANE hostname is %q", self.servername or self.extra.dane_hostname);
+				for _, tlsa in ipairs(self.extra.tlsa) do
+					self:noise("TLSA: %q", tlsa);
+					conn:settlsa(tlsa.use, tlsa.select, tlsa.match, tlsa.data);
+				end
+			end
+		end
 		self:on("starttls");
 		self.ondrain = nil;
 		self.onwritable = interface.tlshandshake;