|
|
@ -1,13 +1,16 @@
|
|
|
|
#! /bin/bash
|
|
|
|
#! /bin/bash
|
|
|
|
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.1 2015/12/09 10:37:58 root Exp $
|
|
|
|
# @(#)(CAcert) $Id: mk-tlsa-recs,v 1.2 2019/04/02 15:37:17 root Exp $
|
|
|
|
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
|
|
|
# mk-tlsa-recs - generate TLSA records for domains found in the certs subdirectory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
LDNS_DANE=/usr/bin/ldns-dane
|
|
|
|
|
|
|
|
|
|
|
|
PORT=443 # HTTPS
|
|
|
|
PORT=443 # HTTPS
|
|
|
|
|
|
|
|
|
|
|
|
USAGE=3 # 0: CA constraint
|
|
|
|
USAGE=3 # 0: CA constraint
|
|
|
|
# 1: Service certificate constraint
|
|
|
|
# 1: Service certificate constraint
|
|
|
|
# 2: Trust anchor assertion
|
|
|
|
# 2: Trust anchor assertion
|
|
|
|
# 3: Domain-issued certificate
|
|
|
|
# 3: Domain-issued certificate
|
|
|
|
|
|
|
|
ALT_USAGE=2
|
|
|
|
|
|
|
|
|
|
|
|
SELECTOR=1 # 0: Full certificate
|
|
|
|
SELECTOR=1 # 0: Full certificate
|
|
|
|
# 1: SubjectPublicKeyInfo
|
|
|
|
# 1: SubjectPublicKeyInfo
|
|
|
@ -18,7 +21,11 @@ TYPE=1 # 0: No hash used
|
|
|
|
|
|
|
|
|
|
|
|
for crt in certs/*.crt
|
|
|
|
for crt in certs/*.crt
|
|
|
|
do
|
|
|
|
do
|
|
|
|
|
|
|
|
test -L ${crt} || continue
|
|
|
|
DOMAIN=`basename ${crt} .crt`
|
|
|
|
DOMAIN=`basename ${crt} .crt`
|
|
|
|
/usr/local/bin/ldns-dane -c ${crt} create \
|
|
|
|
for usage in ${USAGE} ${ALT_USAGE}
|
|
|
|
${DOMAIN} ${PORT} ${USAGE} ${SELECTOR} ${TYPE}
|
|
|
|
do
|
|
|
|
|
|
|
|
${LDNS_DANE} -c ${crt} create \
|
|
|
|
|
|
|
|
${DOMAIN} ${PORT} ${usage} ${SELECTOR} ${TYPE}
|
|
|
|
|
|
|
|
done
|
|
|
|
done
|
|
|
|
done
|
|
|
|