From: Sergey Matveev <stargrave@stargrave.org>
Date: Sun, 19 Mar 2023 15:01:45 +0000 (+0300)
Subject: Aggregate CAAs
X-Git-Url: http://www.git.stargrave.org/?p=zdns.git;a=commitdiff_plain

Aggregate CAAs
---

diff --git a/rc.tcl b/rc.tcl
index 2fe3d04..99bb0b6 100644
--- a/rc.tcl
+++ b/rc.tcl
@@ -59,15 +59,19 @@ proc dane {dn {port 443}} {
     set dn [fqdn $dn]
     set dirname [string trimright $dn .]
     set was [pwd]
+    set caas [list]
     cd tls
     foreach ca [lsort [glob ca/*/*]] {
         set ca [join [lrange [split $ca /] 1 end] /]
         set ee [file join ee $ca $dirname]
         if {![file exists $ee]} { continue }
-        puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\""
+        set caas [lappend $caas [lindex [split $ca /] end]]
         puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]"
     }
     cd $was
+    foreach ca [lsort -unique $caas] {
+        puts "[shorten $dn] CAA 0 issue \"$ca\""
+    }
 }
 
 proc ssh {dn} {