~singpolyma/xmpp-certwatch

aff2449939ccae018fb6acb69019553d23fe3533 — Stephen Paul Weber 8 months ago 45212c4
Support ALPN for direct TLS
1 files changed, 13 insertions(+), 2 deletions(-)

M common/common.go
M common/common.go => common/common.go +13 -2
@@ 30,12 30,15 @@ func DialXMPP(ctx context.Context, addr jid.JID, features ...xmpp.StreamFeature)
	}))
}

func getDaneConfig(sni string, appname string, service string, ip net.IP, port uint16) *dane.Config {
func getDaneConfig(sni string, appname string, alpn string, service string, ip net.IP, port uint16) *dane.Config {
	config := dane.NewConfig(sni, ip, int(port))
	config.SetDiagMode(true)
	config.TimeoutTCP = 20
	config.DANE = true
	config.PKIX = true
	if alpn != "" {
		config.ALPN = []string{ alpn }
	}
	if appname != "" {
		config.SetAppName(appname)
		config.SetServiceName(service)


@@ 62,6 65,14 @@ func oneTarget(resolver *dane.Resolver, service string, selector string, target 
		appname = "xmpp-server"
	}

	var alpn string = ""
	if strings.HasPrefix(selector, "_xmpps-client") {
		alpn = "xmpp-client"
	}
	if strings.HasPrefix(selector, "_xmpps-server") {
		alpn = "xmpp-server"
	}

	iplist, err := GetAddresses(resolver, target)
	if err != nil {
		return TargetResult{}, err


@@ 80,7 91,7 @@ func oneTarget(resolver *dane.Resolver, service string, selector string, target 

	infos := map[string]dane.TLSAinfo{}
	for _, ip := range iplist.IPs {
		config := getDaneConfig(service, appname, service, ip, port)
		config := getDaneConfig(service, appname, alpn, service, ip, port)
		config.SetTLSA(tlsa)

		if appname == "" {