1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-25 01:34:28 +03:00

resolve: print TLSA packets in hexadecimal

https://tools.ietf.org/html/rfc6698#section-2.2 says:
> The certificate association data field MUST be represented as a string
> of hexadecimal characters. Whitespace is allowed within the string of
> hexadecimal characters
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-02-16 20:36:10 -05:00
parent 82d1d24093
commit 236d312b8d
2 changed files with 11 additions and 21 deletions

View File

@ -357,7 +357,7 @@ d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproje
<literal>:443</literal> could be skipped)</title>
<programlisting>$ systemd-resolve --tlsa=tcp fedoraproject.org:443
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
-- Cert. usage: CA constraint
-- Selector: Full Certificate
-- Matching type: SHA-256

View File

@ -1116,40 +1116,30 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
case DNS_TYPE_TLSA: {
const char *cert_usage, *selector, *matching_type;
char *ss;
int n;
cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
selector = tlsa_selector_to_string(rr->tlsa.selector);
matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);
r = asprintf(&s, "%s %u %u %u %n",
t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
if (!t)
return NULL;
r = asprintf(&s,
"%s %u %u %u %s\n"
" -- Cert. usage: %s\n"
" -- Selector: %s\n"
" -- Matching type: %s",
k,
rr->tlsa.cert_usage,
rr->tlsa.selector,
rr->tlsa.matching_type,
&n);
if (r < 0)
return NULL;
r = base64_append(&s, n,
rr->tlsa.data, rr->tlsa.data_size,
8, columns());
if (r < 0)
return NULL;
r = asprintf(&ss, "%s\n"
" -- Cert. usage: %s\n"
" -- Selector: %s\n"
" -- Matching type: %s",
s,
t,
cert_usage,
selector,
matching_type);
if (r < 0)
return NULL;
free(s);
s = ss;
break;
}