diff options
| author | Kim Alvefur <zash@zash.se> | 2023-11-03 23:08:07 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2023-11-03 23:08:07 +0100 |
| commit | 717ea33160ab8c1617b03ad0e292b6235881c568 (patch) | |
| tree | 3d8bad98ae7c2d78f435f59ec5fd0e325e79cc6f /util | |
| parent | ab2dcd80072a76678b494eda7d8fb9338d9e7dea (diff) | |
| download | prosody-717ea33160ab8c1617b03ad0e292b6235881c568.tar.gz prosody-717ea33160ab8c1617b03ad0e292b6235881c568.zip | |
util.prosodyctl.check: Print DANE TLSA records for certificates
Not the prosodyctl check dane I wanted to make but a start.
Diffstat (limited to 'util')
| -rw-r--r-- | util/prosodyctl/check.lua | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/util/prosodyctl/check.lua b/util/prosodyctl/check.lua index 99799163..343b062f 100644 --- a/util/prosodyctl/check.lua +++ b/util/prosodyctl/check.lua @@ -1115,6 +1115,9 @@ local function check(arg) local cert_ok; print"Checking certificates..." local x509_verify_identity = require"prosody.util.x509".verify_identity; + local use_dane = configmanager.get("*", "use_dane"); + local pem2der = require"prosody.util.x509".pem2der; + local sha256 = require"prosody.util.hashes".sha256; local create_context = require "prosody.core.certmanager".create_context; local ssl = dependencies.softreq"ssl"; -- local datetime_parse = require"util.datetime".parse_x509; @@ -1180,6 +1183,13 @@ local function check(arg) print(" Not valid for server-to-server connections to "..host..".") cert_ok = false end + if use_dane then + if cert.pubkey then + print(" DANE: TLSA 3 1 1 "..sha256(pem2der(cert:pubkey()), true)) + elseif cert.pem then + print(" DANE: TLSA 3 0 1 "..sha256(pem2der(cert:pem()), true)) + end + end end end end |