net.resolvers.service: Fix reporting of Bogus DNSSEC results

The order of checks led to Bogus results being reported with a generic "unable to resolve service". This had no practical effects as such results are simply empty and the process would stop there. Tested by attempting to establish s2s with dnssec-bogus.sg and observing the error reply.
author: Kim Alvefur <zash@zash.se> 2022-12-21 23:46:37 +0100
committer: Kim Alvefur <zash@zash.se> 2022-12-21 23:46:37 +0100
commit: 325464eb11a4b6c31430c6a1d40db74207802cd4 (patch)
tree: d3c1465c85da447545f7a5eedcfa43bf0c6716d7 /net
parent: 62f32cd01d26e3d1bad0d63a9e418838eb9ea212 (diff)
download: prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.tar.gz
prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/net/resolvers/service.lua b/net/resolvers/service.lua
index a7ce76a3..1e2aaeec 100644
--- a/net/resolvers/service.lua
+++ b/net/resolvers/service.lua
@@ -111,12 +111,15 @@ function methods:next(cb)
 			answer = {};
 		end
 		if answer then
-			if self.extra and not answer.secure then
-				self.extra.use_dane = false;
-			elseif answer.bogus then
+			if answer.bogus then
 				self.last_error = "Validation error in SRV lookup";
 				ready();
 				return;
+			elseif not answer.secure then
+				if self.extra then
+					-- Insecure results, so no DANE
+					self.extra.use_dane = false;
+				end
 			end
 
 			if #answer == 0 then
author	Kim Alvefur <zash@zash.se>	2022-12-21 23:46:37 +0100
committer	Kim Alvefur <zash@zash.se>	2022-12-21 23:46:37 +0100
commit	325464eb11a4b6c31430c6a1d40db74207802cd4 (patch)
tree	d3c1465c85da447545f7a5eedcfa43bf0c6716d7 /net
parent	62f32cd01d26e3d1bad0d63a9e418838eb9ea212 (diff)
download	prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.tar.gz prosody-325464eb11a4b6c31430c6a1d40db74207802cd4.zip