WARC

[tofuproxy.git] / dane.go

diff --git a/dane.go b/dane.go
index 2b850d83a4345435061eb2da09399845f4ce71d1..9ab950413f8d00e931f01c6108e3123eba2e850d 100644 (file)
--- a/dane.go
+++ b/dane.go
@@ -1,4 +1,5 @@
 /*
+tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
@@ -14,7 +15,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-package main
+package tofuproxy
 
 import (
        "crypto/sha256"
@@ -28,8 +29,10 @@ import (
        "github.com/miekg/dns"
 )
 
+var DNSSrv string
+
 func dane(addr string, cert *x509.Certificate) (bool, bool) {
-       if *dnsSrv == "" {
+       if DNSSrv == "" {
                return false, false
        }
        host := addr
@@ -41,7 +44,7 @@ func dane(addr string, cert *x509.Certificate) (bool, bool) {
        }
        m := new(dns.Msg)
        m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)
-       msg, err := dns.Exchange(m, *dnsSrv)
+       msg, err := dns.Exchange(m, DNSSrv)
        if err != nil {
                log.Printf("DNS: %+v\n", err)
                return false, false
@@ -69,6 +72,8 @@ func dane(addr string, cert *x509.Certificate) (bool, bool) {
                }
                var hsh []byte
                switch tlsa.MatchingType {
+               case 0:
+                       hsh = toMatch
                case 1:
                        our := sha256.Sum256(toMatch)
                        hsh = our[:]