olli/debian.ansible.mailcow.server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mailcow.yml aktualisiert

Browse Source
This commit is contained in:
olli 2024-02-22 16:49:04 +01:00
parent c2d7caec4d
commit d7e8356cfa
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mailcow.yml
View File

@ -441,7 +441,7 @@
certname=$(openssl x509 -noout -subject -in ${cert} 2>/dev/null | sed -nE 's/.*CN ?= ?(.*)/\1/; s/[ ,*]/_/g; s/__/_/g; s/_-_/-/; s/^_//g;p' | tr '[:upper:]' '[:lower:]').pem
[ "${certname}" != "${host}.pem" ] && continue
tlsa=$(openssl x509 -in "${cert}" -noout -pubkey 2>/dev/null | openssl rsa -pubin -outform DER 2>/dev/null | openssl dgst -sha256 -hex 2>/dev/null | cut -d" " -f2)
dnstlsa=$(host -t TLSA *._tcp.${host} | cut -d" " -f 8,9 | tr '[:upper:]' '[:lower:]' | sed 's/ //g')
dnstlsa=$(host -t TLSA *._tcp.${host} | cut -d" " -f 8,9 | tr '[:upper:]' '[:lower:]' | sed ':a;N;$!ba;s/\n/ /g' | sed 's/ //g')
echo ${dnstlsa} | egrep -q "^bereached$" && continue
[ "${tlsa}" != "${dnstlsa}" ] && g_echo_error "DNS TLSA incorrect! *._tcp.${host} should be ${tlsa} but is ${dnstlsa} (host -t TLSA *._tcp.${host})"
done