You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
As discussed on the mailing list between Tom and me. Topic: "Generation of correct TLSA record variables - How?"
My issue basically could be solved by an monstrocity of escaped ", " and ' combinations. It's not readable code. It would be way more easy, if the project would allow an easy option to load plaintext from files into a variable.
where all the variable parts I generated with some other script had to be reconstructed from json. I could have altered the generation of the script to just the plaintext TLSA() string.
Additional context
Should be sufficient, I hope.
Just for reference: My TLSA() script to generate the variables, if someone cares to do DANE as well. Could be altered to read the certificate file instead or talk to a webserver, not mail by changing the openssl options.
-------- ./get_smtp_tls_hash.sh -----------------
#!/bin/bash
# Defaults
PORT=25
DOMAIN=""
# get CLI-Options
while getopts "d:p:" opt; do
case $opt in
d) DOMAIN="$OPTARG" ;;
p) PORT="$OPTARG" ;;
*) echo "Usage: $0 -d <domain> [-p <port>]" && exit 1 ;;
esac
done
# Check if DOMAIN exists
if [[ -z "$DOMAIN" ]]; then
echo "Error: Domain (-d) is required."
exit 1
fi
# get live certificat information
CERTIFICATE=$(echo | openssl s_client -starttls smtp -connect ${DOMAIN}:${PORT} 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p')
ROOT_CA=$(echo "$CERTIFICATE" | openssl x509 -noout -issuer -next_serial)
# SHA256-Hash calculation
CERT_HASH=$(echo "$CERTIFICATE" | openssl x509 -noout -pubkey | openssl sha256 | awk '{print $2}')
ROOT_CA_HASH=$(echo "$ROOT_CA" | openssl sha256 | awk '{print $2}')
# Generate TLSA() records
# echo "TLSA(\"_${PORT}._tcp.${DOMAIN}.\", 3, 1, 1, \"${CERT_HASH}\")" > ./TLSA-${PORT}-3-${DOMAIN}.txt
# echo "TLSA(\"_${PORT}._tcp.${DOMAIN}.\", 2, 1, 1, \"${ROOT_CA_HASH}\")" > ./TLSA-${PORT}-2-${DOMAIN}.txt
# Generate as JSON
echo '{
"port": "'${PORT}'",
"domain": "'${DOMAIN}'",
"cert_hash": "'${CERT_HASH}'",
"root_ca_hash": "'${ROOT_CA_HASH}'"
}' > ./TLSA-${PORT}-${DOMAIN}.json
Thank you for considering this request.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
As discussed on the mailing list between Tom and me. Topic: "Generation of correct TLSA record variables - How?"
My issue basically could be solved by an monstrocity of escaped ", " and ' combinations. It's not readable code. It would be way more easy, if the project would allow an easy option to load plaintext from files into a variable.
Describe the solution you'd like
------ ./somefile.txt ------
CNAME("foo", "foo.example.com."),------ ./dnscontrol.js -------
Result:
CNAME foo.example.com was added to D()
Describe alternatives you've considered
I had to generate this:
where all the variable parts I generated with some other script had to be reconstructed from json. I could have altered the generation of the script to just the plaintext TLSA() string.
Additional context
Should be sufficient, I hope.
Just for reference: My TLSA() script to generate the variables, if someone cares to do DANE as well. Could be altered to read the certificate file instead or talk to a webserver, not mail by changing the openssl options.
-------- ./get_smtp_tls_hash.sh -----------------
Thank you for considering this request.
The text was updated successfully, but these errors were encountered: