Mercurial > prosody-hg
changeset 13900:d7e907830260
mod_s2s_auth_dane_in: Skip further TLSA lookups if the first is insecure
Because the later ones wouldn't be secure either.
Code reduction and fewer DNS lookups that should result in a speedup.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Fri, 20 Jun 2025 13:33:09 +0200 |
| parents | b019a30cc1b2 |
| children | cc406878209d |
| files | plugins/mod_s2s_auth_dane_in.lua |
| diffstat | 1 files changed, 2 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_dane_in.lua Thu Jun 19 11:19:49 2025 +0100 +++ b/plugins/mod_s2s_auth_dane_in.lua Fri Jun 20 13:33:09 2025 +0200 @@ -24,11 +24,6 @@ return r; end -local function ensure_nonempty(r) - assert(r[1], "empty"); - return r; -end - local function flatten(a) local seen = {}; local ret = {}; @@ -95,7 +90,8 @@ return promise.all(tlsas):next(flatten); end - local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(ensure_nonempty):catch(function() + local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(function(ret) + if ret[1] then return ret; end return promise.all({ resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa); resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
