]>
git.siccegge.de Git - dane-monitoring-plugins.git/blob - check_dane/tlsa.py
7 from .cert
import get_spki
9 from unbound
import RR_TYPE_A
, RR_TYPE_AAAA
10 from unbound
import idn2dname
, ub_strerror
12 def verify_tlsa_record(resolver
, record
, certificate
):
14 print(hashlib
.sha256(certificate
).hexdigest())
15 s
, r
= resolver
.resolve(record
, rrtype
=52)
20 for record
in r
.data
.data
:
21 hexencoder
= codecs
.getencoder('hex')
28 sys
.stderr
.write("Only 'Domain-issued certificate' records supported\n")
31 verifieddata
= certificate
33 verifieddata
= get_spki(certificate
)
35 # currently only 0 and 1 are assigned
36 sys
.stderr
.write("Only selectors 0 and 1 supported\n")
39 if verifieddata
== data
:
43 if hashlib
.sha256(verifieddata
).digest() == data
:
47 if hashlib
.sha512(verifieddata
).digest() == data
:
51 # currently only 0, 1 and 2 are assigned
52 sys
.stderr
.write("Only matching types 0, 1 and 2 supported\n")
54 sys
.stderr
.write("could not verify any tlsa record\n")