pieterlexis
commented
10 years ago Hi,
Swede was created as a proof of concept tool and the code quality reflects that (sorry). I'll see if I can squeeze in some time to fix this specific issue this week.
Open df7cb opened 10 years ago
pieterlexis
commented
10 years ago Hi,
Swede was created as a proof of concept tool and the code quality reflects that (sorry). I'll see if I can squeeze in some time to fix this specific issue this week.
Hi,
thanks for swede - the nic.cz dnssec/tlsa firefox plugin is nice, but I also needed something for the command line, so swede came to the rescue.
However, when wrapping it into a monitoring check, I noticed some problems with the exit codes:
This produced exit 0, while that's clearly a problem.
I've just put a new certificate on the server (it is expiring anyway, so luckily I don't need to deal with heartbleed and revocation...). For the time of the switch, I had two TLSA records there. swede correctly tests both, but before I switched the cert, it was exiting non-zero because the second RR was wrong, and after the switch, it exited zero because now the first RR was wrong, but the second was good. I'm find with exit 0 in that case, but it should be consistent (and it should probably mention it was ignoring the other record because there's a good one).