aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--CHANGES1
-rw-r--r--net/resolvers/basic.lua27
2 files changed, 27 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index f91e8e44..55e2136d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -17,6 +17,7 @@ TRUNK
- `daemonize` option deprecated
- SASL DIGEST-MD5 removed
- Switch to libunbound for DNS queries
+- DANE Support
- mod_external_services (XEP-0215)
- util.error for encapsulating errors
- MUC: support for XEP-0421 occupant identifiers
diff --git a/net/resolvers/basic.lua b/net/resolvers/basic.lua
index a00fbce1..2153a641 100644
--- a/net/resolvers/basic.lua
+++ b/net/resolvers/basic.lua
@@ -28,12 +28,23 @@ function methods:next(cb)
return;
end
+ local secure = true;
+ local tlsa = {};
local targets = {};
- local n = 2;
+ local n = 3;
local function ready()
n = n - 1;
if n > 0 then return; end
self.targets = targets;
+ if self.extra and self.extra.use_dane then
+ if secure then
+ self.extra.tlsa = tlsa;
+ self.extra.dane_hostname = self.hostname;
+ else
+ self.extra.tlsa = nil;
+ self.extra.dane_hostname = nil;
+ end
+ end
self:next(cb);
end
@@ -43,6 +54,7 @@ function methods:next(cb)
if not self.extra or self.extra.use_ipv4 ~= false then
dns_resolver:lookup(function (answer)
if answer then
+ secure = secure and answer.secure;
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."4", record.a, self.port, self.extra });
end
@@ -56,12 +68,25 @@ function methods:next(cb)
if not self.extra or self.extra.use_ipv6 ~= false then
dns_resolver:lookup(function (answer)
if answer then
+ secure = secure and answer.secure;
for _, record in ipairs(answer) do
table.insert(targets, { self.conn_type.."6", record.aaaa, self.port, self.extra });
end
end
ready();
end, self.hostname, "AAAA", "IN");
+ end
+
+ if self.extra and self.extra.use_dane == true then
+ dns_resolver:lookup(function (answer)
+ if answer then
+ secure = secure and answer.secure;
+ for _, record in ipairs(answer) do
+ table.insert(tlsa, record.tlsa);
+ end
+ end
+ ready();
+ end, ("_%d._tcp.%s"):format(self.port, self.hostname), "TLSA", "IN");
else
ready();
end