forked from critical/dns-zones
Updates for mk-tlsa-recs script:
- use ldns-dane from /usr/bin (parametrized) - only generate TLSA records for symlink'ed certificates - generate both domain and trust anchor TLSA records git-svn-id: http://svn.cacert.org/CAcert/SystemAdministration/ns/var/opendnssec/unsigned@2728 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
wytze@deboca.net
parent
ef022f1e09
commit
e4637553b6
2 changed files with 19 additions and 5 deletions
13
mk-tlsa-recs
13
mk-tlsa-recs
|
|
@ -1,13 +1,16 @@
|
|||
#! /bin/bash
|
||||
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
|
||||
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.2 2019/04/02 15:37:17 root Exp $
|
||||
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
||||
|
||||
LDNS_DANE=/usr/bin/ldns-dane
|
||||
|
||||
PORT=443 # HTTPS
|
||||
|
||||
USAGE=3 # 0: CA constraint
|
||||
# 1: Service certificate constraint
|
||||
# 2: Trust anchor assertion
|
||||
# 3: Domain-issued certificate
|
||||
ALT_USAGE=2
|
||||
|
||||
SELECTOR=1 # 0: Full certificate
|
||||
# 1: SubjectPublicKeyInfo
|
||||
|
|
@ -18,7 +21,11 @@ TYPE=1 # 0: No hash used
|
|||
|
||||
for crt in certs/*.crt
|
||||
do
|
||||
test -L ${crt} || continue
|
||||
DOMAIN=`basename ${crt} .crt`
|
||||
/usr/local/bin/ldns-dane -c ${crt} create \
|
||||
${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
|
||||
for usage in ${USAGE} ${ALT_USAGE}
|
||||
do
|
||||
${LDNS_DANE} -c ${crt} create \
|
||||
${DOMAIN} ${PORT} ${usage} ${SELECTOR} ${TYPE}
|
||||
done
|
||||
done
|
||||
|
|
|
|||
|
|
@ -1,16 +1,23 @@
|
|||
|
||||
RCS file: /var/opendnssec/unsigned/RCS/mk-tlsa-recs,v
|
||||
Working file: /var/opendnssec/unsigned/mk-tlsa-recs
|
||||
head: 1.1
|
||||
head: 1.2
|
||||
branch:
|
||||
locks: strict
|
||||
access list:
|
||||
symbolic names:
|
||||
keyword substitution: kv
|
||||
total revisions: 1; selected revisions: 1
|
||||
total revisions: 2; selected revisions: 2
|
||||
description:
|
||||
mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
||||
----------------------------
|
||||
revision 1.2
|
||||
date: 2019/04/02 15:37:17; author: root; state: Exp; lines: +10 -3
|
||||
Updates:
|
||||
- use ldns-dane from /usr/bin (parametrized)
|
||||
- only generate TLSA records for symlink'ed certificates
|
||||
- generate both domain and trust anchor TLSA records
|
||||
----------------------------
|
||||
revision 1.1
|
||||
date: 2015/12/09 10:37:58; author: root; state: Exp;
|
||||
Initial revision
|
||||
|
|
|
|||
Loading…
Reference in a new issue