support tlsausage

This commit is contained in:
Florian Obser 2017-04-28 11:46:38 +02:00
parent e3a86b476b
commit 94d557f006

View File

@ -36,6 +36,7 @@ my $port = 53;
my $ttl = 3600;
my $help = 0;
my $tsigalgo = 'hmac-sha256';
my $tlsausage = 1;
my $exit_code = 1;
my ($current_cert, $new_cert, $tsigname, $tsigkey, $server, $verbose, $tsig);
my ($domain, $dnsname, $state_file);
@ -50,7 +51,8 @@ GetOptions("help|?" => \$help,
"tsigkey=s" => \$tsigkey,
"tsigalgo=s" => \$tsigalgo,
"domain=s" => \$domain,
"dnsname=s" => \$dnsname)
"dnsname=s" => \$dnsname,
"tlsausage=i" => \$tlsausage)
or die("Error in command line arguments\n");
pod2usage(1) if ($help or scalar(@ARGV) != 2);
@ -74,8 +76,8 @@ if (!defined $dnsname) {
$state_file = STATE_DIR.$dnsname;
$current_cert_tlsa = gen_tlsa($dnsname, $current_cert);
$new_cert_tlsa = gen_tlsa($dnsname, $new_cert);
$current_cert_tlsa = gen_tlsa($dnsname, $tlsausage, $current_cert);
$new_cert_tlsa = gen_tlsa($dnsname, $tlsausage, $new_cert);
$new_cert_tlsa = undef if (defined $new_cert_tlsa && $new_cert_tlsa->cert eq
$current_cert_tlsa->cert);
@ -223,7 +225,7 @@ sub get_tlsa_state_at_signer {
}
sub gen_tlsa {
my ($label, $cert_file) = @_;
my ($label, $usage, $cert_file) = @_;
my $state = WAIT_BEGIN;
my $pem = '';
my ($fh, $line, $rr);
@ -249,7 +251,7 @@ sub gen_tlsa {
return undef if ($state != END_FOUND);
$rr = new Net::DNS::RR(join(' ', $label, $ttl, 'IN TLSA 1 0 1',
$rr = new Net::DNS::RR(join(' ', $label, $ttl, 'IN TLSA '.$usage.' 0 1',
Digest::SHA::sha256_hex(decode_base64($pem))));
return $rr;
}