net.resolvers.service: Only do DANE with secure SRV records

If this seems backwards, that' because it is but the API isn't really designed to easily pass along details from each resolution step onto the next.
author: Kim Alvefur <zash@zash.se> 2021-07-18 23:25:45 +0200
committer: Kim Alvefur <zash@zash.se> 2021-07-18 23:25:45 +0200
commit: 07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4 (patch)
tree: 82b60ed8f741c2969140accbe393f25877da09bb
parent: 4d26d4cb157143e7a9e4a0418fff9d8841cc9928 (diff)
download: prosody-07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4.tar.gz
prosody-07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua
index d74adf06..204c8a7f 100644
--- a/net/resolvers/service.lua
+++ b/net/resolvers/service.lua
@@ -50,6 +50,10 @@ function methods:next(cb)
 			answer = {};
 		end
 		if answer then
+			if self.extra and not answer.secure then
+				self.extra.use_dane = false;
+			end
+
 			if #answer == 0 then
 				if self.extra and self.extra.default_port then
 					table.insert(targets, { self.hostname, self.extra.default_port, self.conn_type, self.extra });
author	Kim Alvefur <zash@zash.se>	2021-07-18 23:25:45 +0200
committer	Kim Alvefur <zash@zash.se>	2021-07-18 23:25:45 +0200
commit	07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4 (patch)
tree	82b60ed8f741c2969140accbe393f25877da09bb
parent	4d26d4cb157143e7a9e4a0418fff9d8841cc9928 (diff)
download	prosody-07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4.tar.gz prosody-07ef92dbd8e01a3ad2f20fc085a7b974ff6bfeb4.zip