From 94d557f0066ba177a8f4c8f910709e3544272872 Mon Sep 17 00:00:00 2001
From: Florian Obser <florian@narrans.de>
Date: Fri, 28 Apr 2017 11:46:38 +0200
Subject: [PATCH] support tlsausage

---
 tlsaroll | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tlsaroll b/tlsaroll
index 6f8d251..9484dc8 100755
--- a/tlsaroll
+++ b/tlsaroll
@@ -36,6 +36,7 @@ my $port = 53;
 my $ttl = 3600;
 my $help = 0;
 my $tsigalgo = 'hmac-sha256';
+my $tlsausage = 1;
 my $exit_code = 1;
 my ($current_cert, $new_cert, $tsigname, $tsigkey, $server, $verbose, $tsig);
 my ($domain, $dnsname, $state_file);
@@ -50,7 +51,8 @@ GetOptions("help|?" => \$help,
 	   "tsigkey=s" => \$tsigkey,
 	   "tsigalgo=s" => \$tsigalgo,
 	   "domain=s" => \$domain,
-	   "dnsname=s" => \$dnsname)
+	   "dnsname=s" => \$dnsname,
+	   "tlsausage=i" => \$tlsausage)
     or die("Error in command line arguments\n");
 
 pod2usage(1) if ($help or scalar(@ARGV) != 2);
@@ -74,8 +76,8 @@ if (!defined $dnsname) {
 
 $state_file = STATE_DIR.$dnsname;
 
-$current_cert_tlsa = gen_tlsa($dnsname, $current_cert);
-$new_cert_tlsa = gen_tlsa($dnsname, $new_cert);
+$current_cert_tlsa = gen_tlsa($dnsname, $tlsausage, $current_cert);
+$new_cert_tlsa = gen_tlsa($dnsname, $tlsausage, $new_cert);
 
 $new_cert_tlsa = undef if (defined $new_cert_tlsa && $new_cert_tlsa->cert eq
 			   $current_cert_tlsa->cert);
@@ -223,7 +225,7 @@ sub get_tlsa_state_at_signer {
 }
 
 sub gen_tlsa {
-    my ($label, $cert_file) = @_;
+    my ($label, $usage, $cert_file) = @_;
     my $state = WAIT_BEGIN;
     my $pem = '';
     my ($fh, $line, $rr);
@@ -249,7 +251,7 @@ sub gen_tlsa {
 
     return undef if ($state != END_FOUND);
     
-    $rr = new Net::DNS::RR(join(' ', $label, $ttl, 'IN TLSA 1 0 1',
+    $rr = new Net::DNS::RR(join(' ', $label, $ttl, 'IN TLSA '.$usage.' 0 1',
 			   Digest::SHA::sha256_hex(decode_base64($pem))));
     return $rr;
 }