prosody
28211ed70b4c

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

13322:28211ed70b4c

mod_s2s_auth_dane_in: Bail out on explicit service denial
author Kim Alvefur <zash@zash.se>
date Sun, 12 Nov 2023 00:35:22 +0100
parents 13321:19c814d4dd3a
children 13323:7bfd6db52528
files plugins/mod_s2s_auth_dane_in.lua
diffstat 1 files changed, 1 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:33:57 2023 +0100
+++ b/plugins/mod_s2s_auth_dane_in.lua	Sun Nov 12 00:35:22 2023 +0100
@@ -70,6 +70,7 @@
 	local function fetch_tlsa(res)
 		local tlsas = {};
 		for _, rr in ipairs(res) do
+			if rr.srv.target == "." then return {}; end
 			table.insert(tlsas, resolver:lookup_promise(("_%d._tcp.%s"):format(rr.srv.port, rr.srv.target), "TLSA"):next(ensure_secure));
 		end
 		return promise.all(tlsas);