changeset 13923:e6087c733899 13.0

mod_s2s_auth_dane_in: Fix caching SHA2-512 hash This unintentionally stored the SHA2-512 hash in the slot for SHA2-256, so that if something compares the same entry again against a SHA2-256 hash it would fail. However a matching SHA2-512 entry should still match. RFC 7671 RECOMMENDS SHA2-256 so SHA2-512 entries are expected to be less common. DANE support not being enabled by default. Expected impact is low.
author Kim Alvefur <zash@zash.se>
date Tue, 05 Aug 2025 21:49:58 +0200
parents 2169be3581ae
children 7fdf7645b0da 334fb7adb0bc
files plugins/mod_s2s_auth_dane_in.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/mod_s2s_auth_dane_in.lua	Sun Aug 03 15:14:20 2025 +0200
+++ b/plugins/mod_s2s_auth_dane_in.lua	Tue Aug 05 21:49:58 2025 +0200
@@ -51,7 +51,7 @@
 			return h;
 		elseif i == 2 then
 			local h = sha512(t[0]);
-			t[1] = h;
+			t[2] = h;
 			return h;
 		end
 	end;