X-Git-Url: https://git.svenne.dk/?p=public%2Fdnssec-swede-utility.git;a=blobdiff_plain;f=swede;h=10325c3fd9649491b22dce978f79e121e5da329c;hp=af8f56006f54120f42047f3945e6e1402121f2ad;hb=e502dc23f12f2d5f34524f3bb3ab59c5731d9123;hpb=0ce3bd26cd99924734059aa465342696c18ab30f

diff --git a/swede b/swede
index af8f560..10325c3 100755
--- a/swede
+++ b/swede
@@ -127,6 +127,7 @@ def getRecords(hostname, rrtype='A', secure=True):
 	global resolvconf
 	ctx = unbound.ub_ctx()
 	ctx.add_ta_file('root.key')
+	ctx.set_option("dlv-anchor-file:", "dlv.isc.org.key")
 	# Use the local cache
 	if resolvconf and os.path.isfile(resolvconf):
 		ctx.resolvconf(resolvconf)
@@ -271,7 +272,7 @@ class TLSARecord:
 			if self.getPort() != '*':
 				err.append('Port %s not a number' % self.getPort())
 		if not self.usage in [0,1,2,3]:
-			err.append('Usage: invalid (%s is not one of 0, 1 or 2)' % self.usage)
+			err.append('Usage: invalid (%s is not one of 0, 1, 2 or 3)' % self.usage)
 		if not self.selector in [0,1]:
 			err.append('Selector: invalid (%s is not one of 0 or 1)' % self.selector)
 		if not self.mtype in [0,1,2]:
@@ -416,8 +417,8 @@ if __name__ == '__main__':
 			if not args.quiet:
 				print 'Received the following record for name %s:' % record.name
 				print '\tUsage:\t\t\t\t%d (%s)' % (record.usage, {0:'CA Constraint', 1:'End-Entity Constraint + chain to CA', 2:'Trust Anchor', 3:'End-Entity'}.get(record.usage, 'INVALID'))
-				print '\tSelector:\t\t\t%d (%s)' % (record.selector, {0:'Certificate', 1:'SubjectPublicKeyInfo'}.get(record.usage, 'INVALID'))
-				print '\tMatching Type:\t\t\t%d (%s)' % (record.mtype, {0:'Full Certificate', 1:'SHA-256', 2:'SHA-512'}.get(record.usage, 'INVALID'))
+				print '\tSelector:\t\t\t%d (%s)' % (record.selector, {0:'Certificate', 1:'SubjectPublicKeyInfo'}.get(record.selector, 'INVALID'))
+				print '\tMatching Type:\t\t\t%d (%s)' % (record.mtype, {0:'Full Certificate', 1:'SHA-256', 2:'SHA-512'}.get(record.mtype, 'INVALID'))
 				print '\tCertificate for Association:\t%s' % record.cert
 
 			try:
@@ -610,6 +611,13 @@ if __name__ == '__main__':
 					else:
 						print genTLSA(args.host, args.protocol, args.port, cert, args.output, args.usage, args.selector, args.mtype)
 
+				# Clear the cert from memory (to stop M2Crypto from segfaulting)
+				# And cleanup the connection and context
+				cert=None
+				connection.clear()
+				connection.close()
+				ctx.close()
+
 		else: # Pass the path to the certificate to the genTLSA function
 			if args.output == 'both':
 				print genTLSA(args.host, args.protocol, args.port, args.certificate, 'draft', args.usage, args.selector, args.mtype)