From 49ef50b2b95c3f640b96b9a5b519110066fbfd75 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Wed, 19 Feb 2020 00:44:37 +0100
Subject: [PATCH] dh_tlsgen.sh: add output for 'TLSA 3 0 1' and 'TLSA 2 0 1'.

---
 install_dehydrated.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/install_dehydrated.sh b/install_dehydrated.sh
index a9f790b..9084bd4 100755
--- a/install_dehydrated.sh
+++ b/install_dehydrated.sh
@@ -3477,6 +3477,17 @@ tlsa_record_311=\$(
          hexdump -ve '/1 "%02x"')"
 )
 
+cert=/var/lib/dehydrated/certs/\${hostname}/cert.pem
+tlsa_record_301=\$(
+   printf '_%s._tcp.%s. IN TLSA 3 0 1 %s\n' \\
+   \$port \\
+   \$hostname \\
+   "\$(openssl x509 -in \$cert -outform DER |
+      openssl dgst -sha256 -binary |
+      hexdump -ve '/1 "%02x"')"
+)
+
+
 cert=/var/lib/dehydrated/certs/\${hostname}/chain.pem
 tlsa_record_211_chain=\$(
    printf '_%s._tcp.%s. IN TLSA 2 1 1 %s\n' \\
@@ -3488,6 +3499,16 @@ tlsa_record_211_chain=\$(
          hexdump -ve '/1 "%02x"')"
 )
 
+cert=/var/lib/dehydrated/certs/\${hostname}/chain.pem
+tlsa_record_201_chain=\$(
+   printf '_%s._tcp.%s. IN TLSA 2 0 1 %s\n' \\
+   \$port \\
+   \$hostname \\
+   "\$(openssl x509 -in \$cert -outform DER |
+      openssl dgst -sha256 -binary |
+      hexdump -ve '/1 "%02x"')"
+)
+
 tlsa_record_211_root=""
 cert=/var/lib/dehydrated/certs/\${hostname}/root.ca
 if [[ -f "\$cert" ]]; then
@@ -3507,10 +3528,18 @@ echo "TLSA 3 1 1 certificate"
 echo "======================"
 echo "\$tlsa_record_311"
 echo ""
+echo "TLSA 3 0 1 certificate"
+echo "======================"
+echo "\$tlsa_record_301"
+echo ""
 echo "TLSA 2 1 1 chain"
 echo "================"
 echo "\$tlsa_record_211_chain"
 echo ""
+echo "TLSA 2 0 1 chain"
+echo "================"
+echo "\$tlsa_record_201_chain"
+echo ""
 if [[ -n "\$tlsa_record_211_root" ]]; then
    echo "TLSA 2 1 1 root"
    echo "==============="