X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=dane.go;h=9ab950413f8d00e931f01c6108e3123eba2e850d;hb=0c0a261a6ef4fddfc34a9150005f7964cc69c420;hp=2b850d83a4345435061eb2da09399845f4ce71d1;hpb=b103a48ba4f6dd5ecad2ece2529c0aadf9680658;p=tofuproxy.git

diff --git a/dane.go b/dane.go
index 2b850d8..9ab9504 100644
--- a/dane.go
+++ b/dane.go
@@ -1,4 +1,5 @@
 /*
+tofuproxy -- flexible HTTP/WARC proxy with TLS certificates management
 Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
 
 This program is free software: you can redistribute it and/or modify
@@ -14,7 +15,7 @@ You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-package main
+package tofuproxy
 
 import (
 	"crypto/sha256"
@@ -28,8 +29,10 @@ import (
 	"github.com/miekg/dns"
 )
 
+var DNSSrv string
+
 func dane(addr string, cert *x509.Certificate) (bool, bool) {
-	if *dnsSrv == "" {
+	if DNSSrv == "" {
 		return false, false
 	}
 	host := addr
@@ -41,7 +44,7 @@ func dane(addr string, cert *x509.Certificate) (bool, bool) {
 	}
 	m := new(dns.Msg)
 	m.SetQuestion(dns.Fqdn(fmt.Sprintf("_%s._tcp.%s", port, host)), dns.TypeTLSA)
-	msg, err := dns.Exchange(m, *dnsSrv)
+	msg, err := dns.Exchange(m, DNSSrv)
 	if err != nil {
 		log.Printf("DNS: %+v\n", err)
 		return false, false
@@ -69,6 +72,8 @@ func dane(addr string, cert *x509.Certificate) (bool, bool) {
 		}
 		var hsh []byte
 		switch tlsa.MatchingType {
+		case 0:
+			hsh = toMatch
 		case 1:
 			our := sha256.Sum256(toMatch)
 			hsh = our[:]