crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[bind] Seul le selecteur 0 est supporté pour l'enregistrement TLSA

Browse source 
On rend aussi accessible le condensa du certificat
This commit is contained in:
Valentin Samir 2015-10-25 19:15:36 +01:00
parent d58b92b957
commit f4e5ce3104
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gestion/gen_confs/bind.py
View file

@ -73,6 +73,9 @@ class TLSA(ResourceRecord):
if not r_format in ['pem', 'der']: if not r_format in ['pem', 'der']:
raise ValueError("format should be pem or der") raise ValueError("format should be pem or der")
if selector != 0:
raise NotImplementedError("selector different form 0 not implemented")
if cert is None and proto == 'tcp' and name[-1] == '.': if cert is None and proto == 'tcp' and name[-1] == '.':
try: try:
cert = ssl.get_server_certificate((name[:-1], port), ca_certs='/etc/ssl/certs/ca-certificates.crt') cert = ssl.get_server_certificate((name[:-1], port), ca_certs='/etc/ssl/certs/ca-certificates.crt')
@ -90,6 +93,7 @@ class TLSA(ResourceRecord):
raise ValueError("Impossible de convertir le certificat au format DER %s %s %s\n%s" % (name, port, proto, cert)) raise ValueError("Impossible de convertir le certificat au format DER %s %s %s\n%s" % (name, port, proto, cert))
certhex = TLSA.hashCert(reftype, str(dercert)) certhex = TLSA.hashCert(reftype, str(dercert))
self.certhex = certhex
if compat: if compat:
super(TLSA, self).__init__( super(TLSA, self).__init__(
'TYPE52', 'TYPE52',