/*
+tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
This program is free software: you can redistribute it and/or modify
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-package main
+package tofuproxy
import (
"crypto/sha256"
"github.com/miekg/dns"
)
+var DNSSrv string
+
func dane(addr string, cert *x509.Certificate) (bool, bool) {
- if *dnsSrv == "" {
+ if DNSSrv == "" {
return false, false
}
host := addr
}
m := new(dns.Msg)
m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)
- msg, err := dns.Exchange(m, *dnsSrv)
+ msg, err := dns.Exchange(m, DNSSrv)
if err != nil {
log.Printf("DNS: %+v\n", err)
return false, false
}
var hsh []byte
switch tlsa.MatchingType {
+ case 0:
+ hsh = toMatch
case 1:
our := sha256.Sum256(toMatch)
hsh = our[:]