From 06fd748dc15976da03c9c72030508b2a6f6318c9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Petr=20=C5=A0pa=C4=8Dek?= Date: Tue, 23 Jan 2018 13:27:00 +0100 Subject: [PATCH] TA bootstrap: print obtained values --- daemon/README.rst | 5 ++++- daemon/lua/trust_anchors.lua.in | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/daemon/README.rst b/daemon/README.rst index 830cc22a3..1c2a21f68 100644 --- a/daemon/README.rst +++ b/daemon/README.rst @@ -24,7 +24,10 @@ To enable it, you need to provide trusted root keys. Bootstrapping of the keys i [ ta ] Root trust anchors bootstrapped over https with pinned certificate. You may want to verify them manually, as described on: https://data.iana.org/root-anchors/old/draft-icann-dnssec-trust-anchor.html#sigs - [ ta ] next refresh for . in 23.912361111111 hours + [ ta ] Current root trust anchors are: + . 0 IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5 + . 0 IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D + [ ta ] next refresh for . in 24 hours Alternatively, you can set it in configuration file with ``trust_anchors.file = 'root.keys'``. If the file doesn't exist, it will be automatically populated with root keys validated using root anchors retrieved over HTTPS. diff --git a/daemon/lua/trust_anchors.lua.in b/daemon/lua/trust_anchors.lua.in index 43b8fb1f7..78c990c2b 100644 --- a/daemon/lua/trust_anchors.lua.in +++ b/daemon/lua/trust_anchors.lua.in @@ -43,7 +43,9 @@ local function bootstrap(url, ca) end local msg = '[ ta ] Root trust anchors bootstrapped over https with pinned certificate.\n' .. ' You may want to verify them manually, as described on:\n' - .. ' https://data.iana.org/root-anchors/old/draft-icann-dnssec-trust-anchor.html#sigs' + .. ' https://data.iana.org/root-anchors/old/draft-icann-dnssec-trust-anchor.html#sigs\n' + .. '[ ta ] Current root trust anchors are:' + .. rr return rr, msg end -- 2.47.2