aboutsummaryrefslogtreecommitdiffstats
path: root/util/prosodyctl
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2023-11-03 23:08:07 +0100
committerKim Alvefur <zash@zash.se>2023-11-03 23:08:07 +0100
commit717ea33160ab8c1617b03ad0e292b6235881c568 (patch)
tree3d8bad98ae7c2d78f435f59ec5fd0e325e79cc6f /util/prosodyctl
parentab2dcd80072a76678b494eda7d8fb9338d9e7dea (diff)
downloadprosody-717ea33160ab8c1617b03ad0e292b6235881c568.tar.gz
prosody-717ea33160ab8c1617b03ad0e292b6235881c568.zip
util.prosodyctl.check: Print DANE TLSA records for certificates
Not the prosodyctl check dane I wanted to make but a start.
Diffstat (limited to 'util/prosodyctl')
-rw-r--r--util/prosodyctl/check.lua10
1 files changed, 10 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua
index 99799163..343b062f 100644
--- a/util/prosodyctl/check.lua
+++ b/util/prosodyctl/check.lua
@@ -1115,6 +1115,9 @@ local function check(arg)
local cert_ok;
print"Checking certificates..."
local x509_verify_identity = require"prosody.util.x509".verify_identity;
+ local use_dane = configmanager.get("*", "use_dane");
+ local pem2der = require"prosody.util.x509".pem2der;
+ local sha256 = require"prosody.util.hashes".sha256;
local create_context = require "prosody.core.certmanager".create_context;
local ssl = dependencies.softreq"ssl";
-- local datetime_parse = require"util.datetime".parse_x509;
@@ -1180,6 +1183,13 @@ local function check(arg)
print(" Not valid for server-to-server connections to "..host..".")
cert_ok = false
end
+ if use_dane then
+ if cert.pubkey then
+ print(" DANE: TLSA 3 1 1 "..sha256(pem2der(cert:pubkey()), true))
+ elseif cert.pem then
+ print(" DANE: TLSA 3 0 1 "..sha256(pem2der(cert:pem()), true))
+ end
+ end
end
end
end