X-Git-Url: https://git.siccegge.de//index.cgi?p=dane-monitoring-plugins.git;a=blobdiff_plain;f=check_dane%2Ftlsa.py;h=3f8b48919343ea8986d1453bd32a00004b8bd235;hp=3cd1d943e4ec18b6bb526354028cf1727c48497a;hb=09dac38abb21edcb36853b9f756f84d876c52566;hpb=d753e7fe2c11c8afa93a6194cb9e03ff10155841 diff --git a/check_dane/tlsa.py b/check_dane/tlsa.py index 3cd1d94..3f8b489 100644 --- a/check_dane/tlsa.py +++ b/check_dane/tlsa.py @@ -7,15 +7,15 @@ import logging from .cert import get_spki -from unbound import RR_TYPE_A, RR_TYPE_AAAA -from unbound import idn2dname, ub_strerror +from unbound import ub_strerror try: from unbound import RR_TYPE_TLSA except ImportError: - RR_TYPE_TLSA=52 + RR_TYPE_TLSA = 52 def verify_tlsa_record(resolver, record, certificate): + logging.debug("searching for TLSA record on %s", record) s, r = resolver.resolve(record, rrtype=RR_TYPE_TLSA) if 0 != s: ub_strerror(s) @@ -45,15 +45,18 @@ def verify_tlsa_record(resolver, record, certificate): if matching == 0: if verifieddata == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0]) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0]) return 0 elif matching == 1: if hashlib.sha256(verifieddata).digest() == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0].decode()) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0].decode()) return 0 elif matching == 2: if hashlib.sha512(verifieddata).digest() == data: - logging.info("Found matching record: `TLSA %d %d %d %s`", usage, selector, matching, hexencoder(data)[0].decode()) + logging.info("Found matching record: `TLSA %d %d %d %s`", + usage, selector, matching, hexencoder(data)[0].decode()) return 0 else: # currently only 0, 1 and 2 are assigned