Improved DANE patch

app/src/main/java/org/minidns/dane/DaneVerifier.java

@@ -17,6 +17,7 @@ import org.minidns.dnssec.DnssecQueryResult;
 import org.minidns.dnssec.DnssecUnverifiedReason;
 import org.minidns.record.Data;
 import org.minidns.record.Record;
+import org.minidns.record.CNAME;
 import org.minidns.record.TLSA;
 
 import javax.net.ssl.HttpsURLConnection;
@@ -120,8 +121,8 @@ public class DaneVerifier {
         List<DaneCertificateException.CertificateMismatch> certificateMismatchExceptions = new LinkedList<>();
         boolean verified = false;
         for (Record<? extends Data> record : res.answerSection) {
-            // https://github.com/MiniDNS/minidns/issues/140
+            if (record.name.equals(req)) {
-            if (record.type == Record.TYPE.TLSA /*&& record.name.equals(req)*/) {
+                if (record.type == Record.TYPE.TLSA) {
                     TLSA tlsa = (TLSA) record.payloadData;
                     try {
                         verified |= checkCertificateMatches(chain[0], tlsa, hostName);
@@ -133,6 +134,11 @@ public class DaneVerifier {
                     }
                     if (verified) break;
                 }
+                // https://github.com/MiniDNS/minidns/issues/140
+                else if (record.type == Record.TYPE.CNAME) {
+                    req = ((CNAME) record.payloadData).target;
+                }
+            }
         }
 
         if (!verified && !certificateMismatchExceptions.isEmpty()) {