# HG changeset patch # User Kim Alvefur # Date 1704956051 -3600 # Node ID b1e2dd6e735b828e233551f690afc6d6da850bd6 # Parent d8e885db985109a29ed39a056570579a345873be mod_s2s_auth_dane_in: Try single TLSA lookup per draft-ietf-dance-client-auth Moves some complexity from the implementation into DNS operations. diff -r d8e885db9851 -r b1e2dd6e735b doc/doap.xml --- a/doc/doap.xml Thu Jan 11 07:53:06 2024 +0100 +++ b/doc/doap.xml Thu Jan 11 07:54:11 2024 +0100 @@ -67,6 +67,7 @@ + diff -r d8e885db9851 -r b1e2dd6e735b plugins/mod_s2s_auth_dane_in.lua --- a/plugins/mod_s2s_auth_dane_in.lua Thu Jan 11 07:53:06 2024 +0100 +++ b/plugins/mod_s2s_auth_dane_in.lua Thu Jan 11 07:54:11 2024 +0100 @@ -24,6 +24,11 @@ return r; end +local function ensure_nonempty(r) + assert(r[1], "empty"); + return r; +end + local function flatten(a) local seen = {}; local ret = {}; @@ -90,10 +95,12 @@ return promise.all(tlsas):next(flatten); end - local ret = async.wait_for(promise.all({ - resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa); - resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa); - }):next(flatten)); + local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(ensure_nonempty):catch(function() + return promise.all({ + resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa); + resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa); + }):next(flatten); + end)); if not ret then return