git.svenne.dk / public / dnssec-swede-utility.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add two patches by David Voit (thanks!)
[public/dnssec-swede-utility.git] / swede
diff --git a/swede b/swede
index bc1952a455465e9f5a6dc72027abb11ded73017e..cc2b21da04582ec839b9439a41c1f42faab50a40 100755 (executable)
--- a/swede
+++ b/swede
@@ -127,6 +127,7 @@ def getRecords(hostname, rrtype='A', secure=True):
        global resolvconf
        ctx = unbound.ub_ctx()
        ctx.add_ta_file('root.key')
+       ctx.set_option("dlv-anchor-file:", "dlv.isc.org.key")
        # Use the local cache
        if resolvconf and os.path.isfile(resolvconf):
                ctx.resolvconf(resolvconf)
@@ -466,7 +467,8 @@ if __name__ == '__main__':
 
                                # Good, now let's verify
                                if record.usage == 1: # End-host cert
-                                       if verifyCertMatch(record, chain[0]):
+                                       cert = chain[0]
+                                       if verifyCertMatch(record, cert):
                                                if verify_result == 0: # The cert chains to a valid CA cert according to the system-certificates
                                                        print 'SUCCESS (Usage 1): Certificate offered by the server matches the one mentioned in the TLSA record and chains to a valid CA certificate'
                                                else:
Unnamed repository; edit this file 'description' to name the repository.