git.svenne.dk / public / dnssec-swede-utility.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4276ddc)
Add two patches by David Voit (thanks!)
authorPieter Lexis <pieter.lexis@os3.nl>
Tue, 7 Feb 2012 22:33:21 +0000 (23:33 +0100)
committerPieter Lexis <pieter.lexis@os3.nl>
Tue, 7 Feb 2012 22:56:07 +0000 (23:56 +0100)
 * 1 patch adds DNSSEC Look-aside Validation support
 * 1 patch fixes a bug introduced in commit 7d20d367

dlv.isc.org.key [new file with mode: 0644] patch | blob
swede patch | blob | history

diff --git a/dlv.isc.org.key b/dlv.isc.org.key
new file mode 100644 (file)
index 0000000..c73944f
--- /dev/null
+++ b/dlv.isc.org.key
@@ -0,0 +1,2 @@
+; https://secure.isc.org/ops/dlv/dlv.isc.org.key
+dlv.isc.org. IN DNSKEY 257 3 5 BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh
diff --git a/swede b/swede
index bc1952a455465e9f5a6dc72027abb11ded73017e..cc2b21da04582ec839b9439a41c1f42faab50a40 100755 (executable)
--- a/swede
+++ b/swede
@@ -127,6 +127,7 @@ def getRecords(hostname, rrtype='A', secure=True):
        global resolvconf
        ctx = unbound.ub_ctx()
        ctx.add_ta_file('root.key')
+       ctx.set_option("dlv-anchor-file:", "dlv.isc.org.key")
        # Use the local cache
        if resolvconf and os.path.isfile(resolvconf):
                ctx.resolvconf(resolvconf)
@@ -466,7 +467,8 @@ if __name__ == '__main__':
 
                                # Good, now let's verify
                                if record.usage == 1: # End-host cert
-                                       if verifyCertMatch(record, chain[0]):
+                                       cert = chain[0]
+                                       if verifyCertMatch(record, cert):
                                                if verify_result == 0: # The cert chains to a valid CA cert according to the system-certificates
                                                        print 'SUCCESS (Usage 1): Certificate offered by the server matches the one mentioned in the TLSA record and chains to a valid CA certificate'
                                                else:
Unnamed repository; edit this file 'description' to name the repository.