On Sat, Dec 14, 2013 at 06:30:15PM +0000, Viktor Dukhovni wrote:
> Well, you're unlikely to have working TLSA RRs for your SMTP service
> just by happenstance. If you want to create a TLSA RRset for your
> SMTP server, run the attached "tlsagen" shell script as follows:
>
> $ tlsagen cert.pem $(uname -n) DANE-EE PKEY SHA2-256
> _25._tcp.mail.example.com IN TLSA 3 1 1 {hex string}
For the record, looks like a typo in the script:
--- tlsagen 2014-04-25 14:22:02.000000000 +0000
+++ tlsagen 2014-04-25 13:50:17.000000000 +0000
@@ -20,7 +23,7 @@
$/=undef;
($a=<STDIN>) =~ s/(.)/sprintf("%02X", ord($1))/egs;
printf "_%d._tcp.%s. IN TLSA %d %d %d %s\n",
- $port, $host, $usage, $s, $m, $a;
+ $port, $host, $u, $s, $m, $a;
' "$@"
}
--
Eray
