dns_record * rr;
dns_scan dnss;
uschar * hostnames[2] = { host->name, NULL };
+ int found = 0;
if (DANESSL_init(client_ssl, NULL, hostnames) != 1)
return tls_error(US"hostnames load", host, NULL);
int usage, selector, mtype;
const char * mdname;
- GETSHORT(usage, p);
- GETSHORT(selector, p);
- GETSHORT(mtype, p);
+ found++;
+ usage = *p++;
+ selector = *p++;
+ mtype = *p++;
switch (mtype)
{
- default: /* log bad */ return FAIL;
+ default:
+ log_write(0, LOG_MAIN, "DANE error: TLSA record w/bad mtype 0x%x", mtype);
+ return FAIL;
case 0: mdname = NULL; break;
case 1: mdname = "sha256"; break;
case 2: mdname = "sha512"; break;
case 1: break;
}
}
+
+ if (!found)
+ {
+ log_write(0, LOG_MAIN, "DANE error: No TLSA records");
+ return FAIL;
+ }
}
#endif
return pk;
}
+uschar *
+bytefield(uschar ** pp, uschar * pk)
+{
+unsigned value = 0;
+uschar * p = *pp;
+
+while (isdigit(*p)) value = value*10 + *p++ - '0';
+while (isspace(*p)) p++;
+*pp = p;
+*pk++ = value & 255;
+return pk;
+}
+
uschar *
shortfield(uschar ** pp, uschar * pk)
{
break;
case ns_t_tlsa:
- pk = shortfield(&p, pk); /* usage */
- pk = shortfield(&p, pk); /* selector */
- pk = shortfield(&p, pk); /* match type */
+ pk = bytefield(&p, pk); /* usage */
+ pk = bytefield(&p, pk); /* selector */
+ pk = bytefield(&p, pk); /* match type */
while (isxdigit(*p))
{
value = toupper(*p) - (isdigit(*p) ? '0' : '7') << 4;
>
-> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000
+> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
>
>
projects / exim.git / commitdiff