diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2014-08-14 21:21:45 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2014-08-14 21:21:45 +0100 |
| commit | 36b894a60b9431d20a8b8b1aa557673c747c4b47 (patch) | |
| tree | 189945466fad247ec6bac8787db67bd6b8b2fcb5 /src | |
| parent | 360c049264151071203aee2f957472321ff0dc41 (diff) | |
Fix fakens TLSA generation and DANE TLSA lookup
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/tls-openssl.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 1ec7786bd..79beffadf 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -1806,6 +1806,7 @@ if (dane) dns_record * rr; dns_scan dnss; uschar * hostnames[2] = { host->name, NULL }; + int found = 0; if (DANESSL_init(client_ssl, NULL, hostnames) != 1) return tls_error(US"hostnames load", host, NULL); @@ -1819,13 +1820,16 @@ if (dane) int usage, selector, mtype; const char * mdname; - GETSHORT(usage, p); - GETSHORT(selector, p); - GETSHORT(mtype, p); + found++; + usage = *p++; + selector = *p++; + mtype = *p++; switch (mtype) { - default: /* log bad */ return FAIL; + default: + log_write(0, LOG_MAIN, "DANE error: TLSA record w/bad mtype 0x%x", mtype); + return FAIL; case 0: mdname = NULL; break; case 1: mdname = "sha256"; break; case 2: mdname = "sha512"; break; @@ -1841,6 +1845,12 @@ if (dane) case 1: break; } } + + if (!found) + { + log_write(0, LOG_MAIN, "DANE error: No TLSA records"); + return FAIL; + } } #endif |