changeset 13900:d7e907830260

mod_s2s_auth_dane_in: Skip further TLSA lookups if the first is insecure Because the later ones wouldn't be secure either. Code reduction and fewer DNS lookups that should result in a speedup.
author Kim Alvefur <zash@zash.se>
date Fri, 20 Jun 2025 13:33:09 +0200
parents b019a30cc1b2
children cc406878209d
files plugins/mod_s2s_auth_dane_in.lua
diffstat 1 files changed, 2 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_dane_in.lua	Thu Jun 19 11:19:49 2025 +0100
+++ b/plugins/mod_s2s_auth_dane_in.lua	Fri Jun 20 13:33:09 2025 +0200
@@ -24,11 +24,6 @@
 	return r;
 end
 
-local function ensure_nonempty(r)
-	assert(r[1], "empty");
-	return r;
-end
-
 local function flatten(a)
 	local seen = {};
 	local ret = {};
@@ -95,7 +90,8 @@
 		return promise.all(tlsas):next(flatten);
 	end
 
-	local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(ensure_nonempty):catch(function()
+	local ret = async.wait_for(resolver:lookup_promise("_xmpp-server." .. dns_domain, "TLSA"):next(ensure_secure):next(function(ret)
+		if ret[1] then return ret; end
 		return promise.all({
 			resolver:lookup_promise("_xmpps-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);
 			resolver:lookup_promise("_xmpp-server._tcp." .. dns_domain, "SRV"):next(ensure_secure):next(fetch_tlsa);