diff options
author | Kim Alvefur <zash@zash.se> | 2019-09-29 16:53:56 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-09-29 16:53:56 +0200 |
commit | 69b2af382efbb4f1728aca9edd9eecb05fc74320 (patch) | |
tree | 6053428c635e5b97ccbba96d20d9fb8d93cad221 /net | |
parent | f638628c085d76a140448db4769466adf0723b38 (diff) | |
download | prosody-69b2af382efbb4f1728aca9edd9eecb05fc74320.tar.gz prosody-69b2af382efbb4f1728aca9edd9eecb05fc74320.zip |
net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)
Diffstat (limited to 'net')
-rw-r--r-- | net/server_epoll.lua | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/net/server_epoll.lua b/net/server_epoll.lua index b079bdd2..d289558c 100644 --- a/net/server_epoll.lua +++ b/net/server_epoll.lua @@ -13,6 +13,7 @@ local pcall = pcall; local type = type; local next = next; local pairs = pairs; +local ipairs = ipairs; local traceback = debug.traceback; local logger = require "util.logger"; local log = logger.init("server_epoll"); @@ -585,6 +586,19 @@ function interface:tlshandshake() conn:sni(self._server.hosts, true); end end + if self.extra and self.extra.tlsa and conn.settlsa then + -- TODO Error handling + if not conn:setdane(self.servername or self.extra.dane_hostname) then + self:debug("Could not enable DANE on connection"); + else + self:debug("Enabling DANE with %d TLSA records", #self.extra.tlsa); + self:noise("DANE hostname is %q", self.servername or self.extra.dane_hostname); + for _, tlsa in ipairs(self.extra.tlsa) do + self:noise("TLSA: %q", tlsa); + conn:settlsa(tlsa.use, tlsa.select, tlsa.match, tlsa.data); + end + end + end self:on("starttls"); self.ondrain = nil; self.onwritable = interface.tlshandshake; |