pub async fn resolve_dane(mx_host: &str, port: u16) -> Result<DaneStatus>Expand description
Resolves DANE TLSA records for the given MX host and port, applying the RFC 7672 rules required for downgrade-resistant DANE SMTP.
mx_host must be the MX hostname (RFC 7672 section 3.2.2: the MX hostname is
the only reference identifier), not the envelope/routing domain.
The caller is responsible for only invoking this when the chain to the MX
host was securely (DNSSEC) resolved: both the MX RRset (see
MailExchanger::is_secure) and the MX host’s address records (see
ResolvedAddress::is_secure) must be
secure. RFC 7672 section 2.2 requires the address records to be secure
before it is safe to rely on TLSA records; we satisfy that by gating on the
secure status of the very address we are about to connect to.