aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-09-29 16:53:56 +0200
committerKim Alvefur <zash@zash.se>2019-09-29 16:53:56 +0200
commit69b2af382efbb4f1728aca9edd9eecb05fc74320 (patch)
tree6053428c635e5b97ccbba96d20d9fb8d93cad221 /net
parentf638628c085d76a140448db4769466adf0723b38 (diff)
downloadprosody-69b2af382efbb4f1728aca9edd9eecb05fc74320.tar.gz
prosody-69b2af382efbb4f1728aca9edd9eecb05fc74320.zip
net.server_epoll: Support for passing DANE TLSA data to LuaSec (0.8 needed)
Diffstat (limited to 'net')
-rw-r--r--net/server_epoll.lua14
1 files changed, 14 insertions, 0 deletions
diff --git a/net/server_epoll.lua b/net/server_epoll.lua
index b079bdd2..d289558c 100644
--- a/net/server_epoll.lua
+++ b/net/server_epoll.lua
@@ -13,6 +13,7 @@ local pcall = pcall;
local type = type;
local next = next;
local pairs = pairs;
+local ipairs = ipairs;
local traceback = debug.traceback;
local logger = require "util.logger";
local log = logger.init("server_epoll");
@@ -585,6 +586,19 @@ function interface:tlshandshake()
conn:sni(self._server.hosts, true);
end
end
+ if self.extra and self.extra.tlsa and conn.settlsa then
+ -- TODO Error handling
+ if not conn:setdane(self.servername or self.extra.dane_hostname) then
+ self:debug("Could not enable DANE on connection");
+ else
+ self:debug("Enabling DANE with %d TLSA records", #self.extra.tlsa);
+ self:noise("DANE hostname is %q", self.servername or self.extra.dane_hostname);
+ for _, tlsa in ipairs(self.extra.tlsa) do
+ self:noise("TLSA: %q", tlsa);
+ conn:settlsa(tlsa.use, tlsa.select, tlsa.match, tlsa.data);
+ end
+ end
+ end
self:on("starttls");
self.ondrain = nil;
self.onwritable = interface.tlshandshake;