global resolvconf
ctx = unbound.ub_ctx()
ctx.add_ta_file('root.key')
+ ctx.set_option("dlv-anchor-file:", "dlv.isc.org.key")
# Use the local cache
if resolvconf and os.path.isfile(resolvconf):
ctx.resolvconf(resolvconf)
# Good, now let's verify
if record.usage == 1: # End-host cert
- if verifyCertMatch(record, chain[0]):
+ cert = chain[0]
+ if verifyCertMatch(record, cert):
if verify_result == 0: # The cert chains to a valid CA cert according to the system-certificates
print 'SUCCESS (Usage 1): Certificate offered by the server matches the one mentioned in the TLSA record and chains to a valid CA certificate'
else: