X-Git-Url: https://git.svenne.dk/?p=public%2Fdnssec-swede-utility.git;a=blobdiff_plain;f=swede;h=10325c3fd9649491b22dce978f79e121e5da329c;hp=bc1952a455465e9f5a6dc72027abb11ded73017e;hb=e502dc23f12f2d5f34524f3bb3ab59c5731d9123;hpb=4276ddcb5239e329de76ad405f175d03d20cd767

diff --git a/swede b/swede
index bc1952a..10325c3 100755
--- a/swede
+++ b/swede
@@ -127,6 +127,7 @@ def getRecords(hostname, rrtype='A', secure=True):
 	global resolvconf
 	ctx = unbound.ub_ctx()
 	ctx.add_ta_file('root.key')
+	ctx.set_option("dlv-anchor-file:", "dlv.isc.org.key")
 	# Use the local cache
 	if resolvconf and os.path.isfile(resolvconf):
 		ctx.resolvconf(resolvconf)
@@ -466,7 +467,8 @@ if __name__ == '__main__':
 
 				# Good, now let's verify
 				if record.usage == 1: # End-host cert
-					if verifyCertMatch(record, chain[0]):
+					cert = chain[0]
+					if verifyCertMatch(record, cert):
 						if verify_result == 0: # The cert chains to a valid CA cert according to the system-certificates
 							print 'SUCCESS (Usage 1): Certificate offered by the server matches the one mentioned in the TLSA record and chains to a valid CA certificate'
 						else:
@@ -609,6 +611,13 @@ if __name__ == '__main__':
 					else:
 						print genTLSA(args.host, args.protocol, args.port, cert, args.output, args.usage, args.selector, args.mtype)
 
+				# Clear the cert from memory (to stop M2Crypto from segfaulting)
+				# And cleanup the connection and context
+				cert=None
+				connection.clear()
+				connection.close()
+				ctx.close()
+
 		else: # Pass the path to the certificate to the genTLSA function
 			if args.output == 'both':
 				print genTLSA(args.host, args.protocol, args.port, args.certificate, 'draft', args.usage, args.selector, args.mtype)