--- /dev/null
+/*
+tofuproxy -- flexible HTTP/HTTPS proxy, TLS terminator, X.509 TOFU
+ manager, WARC/geminispace browser
+Copyright (C) 2021-2022 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package main
+
+import (
+ "flag"
+ "fmt"
+ "log"
+
+ "go.cypherpunks.ru/ucspi"
+ ttls "go.stargrave.org/tofuproxy/tls"
+)
+
+func main() {
+ dnsSrv := flag.String("dns", "[::1]:53", "DNS server")
+ crtPath := flag.String("cert", "cert.pem", "Path to X.509 certificate")
+ addr := flag.String("addr", "", "Domain name")
+ flag.Parse()
+ log.SetFlags(log.Lshortfile)
+ _, cert, err := ucspi.CertificateFromFile(*crtPath)
+ if err != nil {
+ log.Fatalln(err)
+ }
+ ttls.DNSSrv = *dnsSrv
+ exists, valid := ttls.DANE(*addr, cert)
+ fmt.Println("Exists:", exists)
+ fmt.Println("Valid:", valid)
+}
if certTheirHash == certOurHash {
return ErrRejected{host}
}
- daneExists, daneMatched := dane(host, certTheir)
+ daneExists, daneMatched := DANE(host, certTheir)
if daneExists {
if daneMatched {
fifos.LogDANE <- fmt.Sprintf("%s\tACK", host)