mirrors/prosody
1
0
Fork 0
mirror of https://github.com/bjc/prosody.git synced 2025-04-03 21:27:38 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)

Browse source
This commit is contained in:
Kim Alvefur 2019-09-29 16:53:56 +02:00
parent f638628c08
commit 69b2af382e
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
net/server_epoll.lua
View file

@ -13,6 +13,7 @@ local pcall = pcall;
local type = type;
local next = next;
local pairs = pairs;
local ipairs = ipairs;
local traceback = debug.traceback;
local logger = require "util.logger";
local log = logger.init("server_epoll");
@ -585,6 +586,19 @@ function interface:tlshandshake()
conn:sni(self._server.hosts, true);
end
end
if self.extra and self.extra.tlsa and conn.settlsa then
-- TODO Error handling
if not conn:setdane(self.servername or self.extra.dane_hostname) then
self:debug("Could not enable DANE on connection");
else
self:debug("Enabling DANE with %d TLSA records", #self.extra.tlsa);
self:noise("DANE hostname is %q", self.servername or self.extra.dane_hostname);
for _, tlsa in ipairs(self.extra.tlsa) do
self:noise("TLSA: %q", tlsa);
conn:settlsa(tlsa.use, tlsa.select, tlsa.match, tlsa.data);
end
end
end
self:on("starttls");
self.ondrain = nil;
self.onwritable = interface.tlshandshake;