mod_s2s_auth_dane_in: Bail out on explicit service denial

author: Kim Alvefur <zash@zash.se> 2023-11-12 00:35:22 +0100
committer: Kim Alvefur <zash@zash.se> 2023-11-12 00:35:22 +0100
commit: ff032aa41be7fb61fdc9b70383830e31a1f3acc3 (patch)
tree: d87402a0a7f5ee30ee34ff1ae15bc923e405d44e
parent: 5c773be087fa2eb2f012d67267a923803c61a254 (diff)
download: prosody-ff032aa41be7fb61fdc9b70383830e31a1f3acc3.tar.gz
prosody-ff032aa41be7fb61fdc9b70383830e31a1f3acc3.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/mod_s2s_auth_dane_in.lua b/plugins/mod_s2s_auth_dane_in.lua
index e2d6743a..777fa582 100644
--- a/plugins/mod_s2s_auth_dane_in.lua
+++ b/plugins/mod_s2s_auth_dane_in.lua
@@ -70,6 +70,7 @@ module:hook("s2s-check-certificate", function(event)
 	local function fetch_tlsa(res)
 		local tlsas = {};
 		for _, rr in ipairs(res) do
+			if rr.srv.target == "." then return {}; end
 			table.insert(tlsas, resolver:lookup_promise(("_%d._tcp.%s"):format(rr.srv.port, rr.srv.target), "TLSA"):next(ensure_secure));
 		end
 		return promise.all(tlsas);
author	Kim Alvefur <zash@zash.se>	2023-11-12 00:35:22 +0100
committer	Kim Alvefur <zash@zash.se>	2023-11-12 00:35:22 +0100
commit	ff032aa41be7fb61fdc9b70383830e31a1f3acc3 (patch)
tree	d87402a0a7f5ee30ee34ff1ae15bc923e405d44e
parent	5c773be087fa2eb2f012d67267a923803c61a254 (diff)
download	prosody-ff032aa41be7fb61fdc9b70383830e31a1f3acc3.tar.gz prosody-ff032aa41be7fb61fdc9b70383830e31a1f3acc3.zip