+++ /dev/null
-#!/bin/sh
-# Copyright (C) 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-# Generate a DNS RR from an x.509 certificate
-# Currently only supports TLSA, but can be extended to support
-# other DANE types such as SMIMEA in the future.
-#
-# Requires: openssl
-
-USAGE="$BASENAME [options] <filename>
-Options:
- -f <input format>: PEM | DLR
- -n <name>: record name (default: _443._tcp)
- -o <origin>: zone origin (default: none; name will be relative)
- -m <matching type>: NONE (0) | SHA256 (1) | SHA512 (2)
- -r <RR type>: TLSA
- -s <selector>: FULL (0) | PK (1)
- -t <ttl>: TTL of the TLSA record (default: none)
- -u <certificate usage>: CA (0) | SERVICE (1) | TA (2) | DOMAIN (3)"
-
-NM="_443._tcp"
-CU=2
-SELECTOR=0
-MTYPE=1
-IN=
-FORM=PEM
-TTL=
-RRTYPE=TLSA
-BASENAME=`basename $0`;
-
-while getopts "xn:o:u:s:t:m:i:f:r:" c; do
- case $c in
- x) set -x; DEBUG=-x;;
- m) MTYPE="$OPTARG";;
- n) NM="$OPTARG";;
- o) ORIGIN="$OPTARG";;
- r) RRTYPE="$OPTARG";;
- s) SELECTOR="$OPTARG";;
- t) TTL="$OPTARG";;
- u) CU="$OPTARG";;
- *) echo "$USAGE" 1>&2; exit 1;;
- esac
-done
-shift `expr $OPTIND - 1 || true`
-
-if test "$#" -eq 1; then
- IN=$1
-else
- echo "$USAGE" 1>&2; exit 1
-fi
-
-ORIGIN=`echo $ORIGIN | sed 's/\([^.]$\)/\1./'`
-if [ -n "$ORIGIN" ]; then
- NM=`echo $NM | sed 's/\.$//'`
- NM="$NM.$ORIGIN"
-fi
-
-case "$CU" in
- [Cc][Aa]) CU=0;;
- [Ss][Ee][Rr][Vv]*) CU=1;;
- [Tt][Aa]) CU=2;;
- [Dd][Oo][Mm]*) CU=3;;
- [0123]) ;;
- *) echo "bad certificate usage -u \"$CU\"" 1>&2; exit 1;;
-esac
-
-case "$SELECTOR" in
- [Ff][Uu][Ll][Ll]) SELECTOR=0;;
- [Pp][Kk]) SELECTOR=1;;
- [01]) ;;
- *) echo "bad selector -s \"$SELECTOR\"" 1>&2; exit 1;;
-esac
-
-case "$MTYPE" in
- 0|[Nn][Oo][Nn][Ee]) HASH='od -A n -v -t xC';;
- 1|[Ss][Hh][Aa]256) HASH='openssl dgst -sha256';;
- 2|[Ss][Hh][Aa]512) HASH='openssl dgst -sha512';;
- *) echo "bad matching type -m \"$MTYPE\"" 1>&2; exit 1;;
-esac
-
-case "$FORM" in
- [Pp][Ee][Mm]) FORM=PEM;;
- [Dd][Ll][Rr]) FORM=DLR;;
- *) echo "bad input file format -f \"$FORM\"" 1>&2; exit 1
-esac
-
-case "$RRTYPE" in
- [Tt][Ll][Ss][Aa]) RRTYPE=TLSA;;
- *) echo "invalid RR type" 1>&2; exit 1
-esac
-
-if test -z "$IN" -o ! -s "$IN"; then
- echo "bad input file -i \"$IN\"" 1>&2; exit 1
-fi
-
-echo "; $BASENAME -o$NM -u$CU -s$SELECTOR -m$MTYPE -f$FORM $IN"
-
-(if test "$SELECTOR" = 0; then
- openssl x509 -in "$IN" -inform "$FORM" -outform DER
-else
- openssl x509 -in "$IN" -inform "$FORM" -noout -pubkey \
- | sed -e '/PUBLIC KEY/d' \
- | openssl base64 -d
-fi) \
- | $HASH \
- | awk '
- # format Association Data as in Appendix C of the DANE RFC
- BEGIN {
- print "'"$NM\t\t$TTL\tIN TLSA\t$CU $SELECTOR $MTYPE"' (";
- leader = "\t\t\t\t\t";
- }
- /.+/ {
- gsub(/ +/, "", $0);
- buf = buf $0;
- while (length(buf) >= 36) {
- print leader substr(buf, 1, 36);
- buf = substr(buf, 37);
- }
- }
- END {
- if (length(buf) > 34)
- print leader buf "\n" leader ")";
- else
- print leader buf " )";
- }'
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEVDCCArwCCQCrWNJOd60q9jANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJO
-TDEWMBQGA1UECBMNTm9vcmQtSG9sbGFuZDESMBAGA1UEBxMJQW1zdGVyZGFtMQww
-CgYDVQQKEwNPUzMxIzAhBgNVBAMTGmRhbmUua2lldi5wcmFjdGljdW0ub3MzLm5s
-MB4XDTEyMDExNjE2NTcwM1oXDTIyMDExMzE2NTcwM1owbDELMAkGA1UEBhMCTkwx
-FjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxEjAQBgNVBAcTCUFtc3RlcmRhbTEMMAoG
-A1UEChMDT1MzMSMwIQYDVQQDExpkYW5lLmtpZXYucHJhY3RpY3VtLm9zMy5ubDCC
-AaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOYshKWv5Z8KKmslDe5oesjF
-xgT1fSbOshGRQP+sOMS5y76JIwguf4Fia2rV3qDIdxx048qn9hMFSu+jZz5I/+R7
-P3r5h94oGmgjCyS52hqY3L5RGVtg5C/XUXwyjZg+JqgnyHerkU7kwb/erUi9Jb5f
-LEc7qcHLvd2gw3TQ1Yw4nMPW2MIGYuGc92jzJEG399FK6olmznwyoXIqs4Yj0AgC
-mp5HAog/i5d6Gh5Skr+K1yI51AOTN7hqOsYPoAEpBFIXe/F5hgmgWhMPAzRXpSEm
-KfvduOcOKp5lVoc8T3ykauSosXjwX7MZAF4cHH1L1336NANVY8EmqiwzKLkA55kK
-yXh/AdqC90w9S2Z0zOzh/Uxu+eZkT0Y17e2jnYsOL3yOBtrndWITvT1ggxF1vikE
-QrSvxa5vRrdphVoGfBCX5heWJSnhZvIq7hDduYG4zW/xfT1wcjFpA42/vBpEnI0N
-MbxoPF884mFI5C7Ju9TZ8mFWmyW1PB1/wt3/a0ysBQIDAQABMA0GCSqGSIb3DQEB
-BQUAA4IBgQArKr4GPpyGrEofeDU3IJEHnIJ2qcLF0exXZN5SP92r3qs/005v5sug
-VFgKZ4WmY1ldkBMrk9Rzkp6B+giH0v/3ioHH0BS5d3irasnl5pD29anpK7X7q3G4
-V65ptuGL3MsLpvzZ1LCEo082NRSMSV1I/mNZA7iI7B3rJhBUjt1I1j+GUTpFYkaY
-MUjA1duC1zpMNQpCu2YddjQw/GyOX50T6ht2qlKkw1jl6gQAD3lGGDA6ts7qTpqO
-nHTXPBsLe68W3t52lrXi8gb3dxAPVyfhaE1BMvXmkvR69nVuqLQhAAvgMbXY8CIO
-Q2tR+xVP6VlTM8E6JAP53gjl3cWiL9YYLjOVk+JjdEUCILwU8+QP8z8IRSawnDQl
-BwLoo1KzMszLD53izysziCO5KvxhwLa4q9ta9xjtjdqXwpjka4KgGxSBSGjPpPLD
-Ymi//0pZH0Jli/dZGJAtPkJt/h1f8PxqISBx9tqL2DP+LlYNh3dejukzPAW2+461
-ZYnZENteqQM=
------END CERTIFICATE-----
./conftools/perllib/dnsconf/Makefile.PL PERL 2000,2001,2004,2007,2012,2016,2018,2019,2020,2021
./conftools/perllib/dnsconf/test.pl PERL 2000,2001,2004,2007,2012,2016,2018,2019,2020,2021
./contrib/README X 2014,2015,2016,2017,2018,2019,2020,2021
-./contrib/dane/mkdane.sh X 2012,2018,2019,2020,2021
-./contrib/dane/tlsa6698.pem X 2012,2018,2019,2020,2021
./contrib/dlz/example/Makefile X 2010,2013,2018,2019,2020,2021
./contrib/dlz/example/README X 2011,2012,2013,2014,2018,2019,2020,2021
./contrib/dlz/example/dlz_example.c X 2010,2011,2012,2013,2014,2018,2019,2020,2021
projects / thirdparty / bind9.git / commitdiff
