From ef3a1a30b2d5edba53f1a8c8d1dc594940cb39c1 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Wed, 3 Aug 2016 11:32:32 +0100
Subject: DANE: treat a TLSA response having only non-TLSA records the same as
 a no-match response

---
 src/src/transports/smtp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index c84323c17..bbfef0632 100644
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -1217,7 +1217,8 @@ switch (dns_lookup(dnsa, buffer, T_TLSA, &fullname))
   case DNS_AGAIN:
     return DEFER; /* just defer this TLS'd conn */
 
-  case DNS_NOMATCH:
+  case DNS_NODATA:	/* no TLSA RR for this lookup */
+  case DNS_NOMATCH:	/* no records at all for this lookup */
     return dane_required ? FAIL : FAIL_FORCED;
 
   default:
-- 
cgit v1.2.3