mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-04 05:37:39 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

mod_s2s_auth_dane_in: Try single TLSA lookup per draft-ietf-dance-client-auth

Browse source 
Moves some complexity from the implementation into DNS operations.
This commit is contained in:
Kim Alvefur 2024-01-11 07:54:11 +01:00
parent 2dba3989e7
commit 331f2d40e1
2 changed files with 12 additions and 4 deletions

1
doc/doap.xml
View file

@ -67,6 +67,7 @@
<implements rdf:resource="https://datatracker.ietf.org/doc/draft-cridland-xmpp-session/">
<!-- since=0.6.0 note=Added in hg:0bbbc9042361 -->
</implements>
<implements rdf:resource="https://datatracker.ietf.org/doc/draft-ietf-dance-client-auth"/>
<implements rdf:resource="http://www.unicode.org/reports/tr39/"/>
<implements>
<xmpp:SupportedXep>

15
plugins/mod_s2s_auth_dane_in.lua
View file

@ -24,6 +24,11 @@ local function ensure_secure(r)
return r;
end
local function ensure_nonempty(r)
assert(r[1], "empty");
return r;
end
local function flatten(a)
local seen = {};
local ret = {};
@ -90,10 +95,12 @@ module:hook("s2s-check-certificate", function(event)
return promise.all(tlsas):next(flatten);
end
local ret = async.wait_for(promise.all({
resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
}):next(flatten));
local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(ensure_nonempty):catch(function()
return promise.all({
resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
}):next(flatten);
end));
if not ret then
return