dh_tlsgen.sh: add output for 'TLSA 3 0 1' and 'TLSA 2 0 1'.

2020-02-19 00:44:37 +01:00 · 2020-02-19 00:44:37 +01:00 · 49ef50b2b9
commit 49ef50b2b9
parent 549e501031
1 changed files with 29 additions and 0 deletions
--- a/install_dehydrated.sh
+++ b/install_dehydrated.sh
@ -3477,6 +3477,17 @@ tlsa_record_311=\$(
         hexdump -ve '/1 "%02x"')"
 )

+cert=/var/lib/dehydrated/certs/\${hostname}/cert.pem
+tlsa_record_301=\$(
+   printf '_%s._tcp.%s. IN TLSA 3 0 1 %s\n' \\
+   \$port \\
+   \$hostname \\
+   "\$(openssl x509 -in \$cert -outform DER |
+      openssl dgst -sha256 -binary |
+      hexdump -ve '/1 "%02x"')"
+)
+
+
 cert=/var/lib/dehydrated/certs/\${hostname}/chain.pem
 tlsa_record_211_chain=\$(
   printf '_%s._tcp.%s. IN TLSA 2 1 1 %s\n' \\
@ -3488,6 +3499,16 @@ tlsa_record_211_chain=\$(
         hexdump -ve '/1 "%02x"')"
 )

+cert=/var/lib/dehydrated/certs/\${hostname}/chain.pem
+tlsa_record_201_chain=\$(
+   printf '_%s._tcp.%s. IN TLSA 2 0 1 %s\n' \\
+   \$port \\
+   \$hostname \\
+   "\$(openssl x509 -in \$cert -outform DER |
+      openssl dgst -sha256 -binary |
+      hexdump -ve '/1 "%02x"')"
+)
+
 tlsa_record_211_root=""
 cert=/var/lib/dehydrated/certs/\${hostname}/root.ca
 if [[ -f "\$cert" ]]; then
@ -3507,10 +3528,18 @@ echo "TLSA 3 1 1 certificate"
 echo "======================"
 echo "\$tlsa_record_311"
 echo ""
+echo "TLSA 3 0 1 certificate"
+echo "======================"
+echo "\$tlsa_record_301"
+echo ""
 echo "TLSA 2 1 1 chain"
 echo "================"
 echo "\$tlsa_record_211_chain"
 echo ""
+echo "TLSA 2 0 1 chain"
+echo "================"
+echo "\$tlsa_record_201_chain"
+echo ""
 if [[ -n "\$tlsa_record_211_root" ]]; then
   echo "TLSA 2 1 1 root"
   echo "==============="