mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

net.connect: Add DANE support

Browse source 
Disabled DANE by default, since it needs extra steps to be useful.  The
built-in DNS stub resolver does not support DNSSEC so having DANE
enabled by default only leads to an extra wasted DNS request.
This commit is contained in:
Kim Alvefur 2021-03-02 22:41:59 +01:00
parent 69b2af382e
commit 63c92d0897
2 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -17,6 +17,7 @@ TRUNK
- `daemonize` option deprecated
- SASL DIGEST-MD5 removed
- Switch to libunbound for DNS queries
- DANE Support
- mod_external_services (XEP-0215)
- util.error for encapsulating errors
- MUC: support for XEP-0421 occupant identifiers

27
net/resolvers/basic.lua
View file

@ -28,12 +28,23 @@ function methods:next(cb)
return;
end
local secure = true;
local tlsa = {};
local targets = {};
local n = 2;
local n = 3;
local function ready()
n = n - 1;
if n > 0 then return; end
self.targets = targets;
if self.extra and self.extra.use_dane then
if secure then
self.extra.tlsa = tlsa;
self.extra.dane_hostname = self.hostname;
else
self.extra.tlsa = nil;
self.extra.dane_hostname = nil;
end
end
self:next(cb);
end
@ -43,6 +54,7 @@ function methods:next(cb)
if not self.extra or self.extra.use_ipv4 ~= false then
dns_resolver:lookup(function (answer)
if answer then
secure = secure and answer.secure;
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
end
@ -56,12 +68,25 @@ function methods:next(cb)
if not self.extra or self.extra.use_ipv6 ~= false then
dns_resolver:lookup(function (answer)
if answer then
secure = secure and answer.secure;
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
end
end
ready();
end, self.hostname, "AAAA", "IN");
end
if self.extra and self.extra.use_dane == true then
dns_resolver:lookup(function (answer)
if answer then
secure = secure and answer.secure;
for _, record in ipairs(answer) do
table.insert(tlsa, record.tlsa);
end
end
ready();
end, ("_%d._tcp.%s"):format(self.port, self.hostname), "TLSA", "IN");
else
ready();
end