vdukhovni / danecheck Goto Github PK
View Code? Open in Web Editor NEWDANE SMTP checker
License: BSD 3-Clause "New" or "Revised" License
danecheck's People
Stargazers
Watchers
danecheck's Issues
Git clone error
➜ ~ git clone --recursive https://github.com/vdukhovni/danecheck
Cloning into 'danecheck'...
remote: Enumerating objects: 188, done.
remote: Total 188 (delta 0), reused 0 (delta 0), pack-reused 188
Receiving objects: 100% (188/188), 55.57 KiB | 280.00 KiB/s, done.
Resolving deltas: 100% (97/97), done.
Submodule 'pkgs/dns' (https://github.com/kazu-yamamoto/dns.git) registered for path 'pkgs/dns'
Submodule 'pkgs/idna-hs' (https://github.com/vdukhovni/idna-hs.git) registered for path 'pkgs/idna-hs'
Submodule 'pkgs/optparse-applicative' (https://github.com/pcapriotti/optparse-applicative.git) registered for path 'pkgs/optparse-applicative'
Cloning into '/sne/home/kcsuka/danecheck/pkgs/dns'...
remote: Counting objects: 2678, done.
remote: Total 2678 (delta 0), reused 0 (delta 0), pack-reused 2678
Receiving objects: 100% (2678/2678), 502.20 KiB | 1.37 MiB/s, done.
Resolving deltas: 100% (1532/1532), done.
Cloning into '/sne/home/kcsuka/danecheck/pkgs/idna-hs'...
remote: Enumerating objects: 43, done.
remote: Total 43 (delta 0), reused 0 (delta 0), pack-reused 43
Cloning into '/sne/home/kcsuka/danecheck/pkgs/optparse-applicative'...
remote: Enumerating objects: 17, done.
remote: Counting objects: 100% (17/17), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 3437 (delta 4), reused 8 (delta 2), pack-reused 3420
Receiving objects: 100% (3437/3437), 916.00 KiB | 1.98 MiB/s, done.
Resolving deltas: 100% (1896/1896), done.
Submodule path 'pkgs/dns': checked out 'af5367ccaa8d2200f27a5e32b03caa69497b853a'
error: Server does not allow request for unadvertised object f69c0bf32d6c9144e6278d7972553203777a441a
Fetched in submodule path 'pkgs/idna-hs', but it did not contain f69c0bf32d6c9144e6278d7972553203777a441a. Direct fetching of that commit failed.
Had to manually clone pkgs/idna-hs and pkgs/optparse-applicative to folder.
Please fix.
Perhaps place this whole installation in a docker container...
Module ‘Network.TLS’ does not export
Hi there,
I'm getting the following error whilst building danecheck on Amazon Linux 2:
Building all executables for `danecheck' once. After a successful build of all of them, only specified executables will be rebuilt.
danecheck> build (exe)
danecheck> Preprocessing executable 'danecheck' for danecheck-1.1.0..
danecheck> Building executable 'danecheck' for danecheck-1.1.0..
danecheck> [ 7 of 16] Compiling Dane.Scanner.SMTP.TLS
danecheck>
danecheck> /home/ec2-user/danecheck/Dane/Scanner/SMTP/TLS.hs:30:31: error:
danecheck> Module
danecheck> ‘Network.TLS’
danecheck> does not export
danecheck> ‘Version(TLS10, TLS11, TLS12, TLS13)’
danecheck> |
danecheck> 30 | import Network.TLS (Version(TLS10, TLS11, TLS12, TLS13))
danecheck> | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
danecheck>
-- While building package danecheck-1.1.0 using:
/home/ec2-user/.stack/setup-exe-cache/x86_64-linux/Cabal-simple_mPHDZzAJ_2.4.0.1_ghc-8.6.5 --builddir=.stack-work/dist/x86_64-linux/Cabal-2.4.0.1 build exe:danecheck --ghc-options " -fdiagnostics-color=always"
Process exited with code: ExitFailure 1
Any idea how I could solve this? I tried googling the error but it's not yielding results and I'm not proficient with Haskell.
Kind regards
Meint
Support verifying TLSA for RSA and ECDSA certificates, when a server offers both
README.md says: testing ECDSA in preference to RSA is typically a feature, not a bug.
Note that recently https://github.com/matteocorti/check_ssl_cert got support to check for valid “3 0 1”, “3 0 2”, “3 1 1” and “2 1 1” records for RSA and EC signature types. This means it can verify, that there is valid a TLSA “3 0 2” record for a TLS connection, when a RSA certificate is requested and obtained and (with different command line parameters) verify that there is a valid “3 1 1” TLSA record for the same destination, when ECDSA certificate is requested and obtained (and also verify any other combination of RSA/ECDSA/any + 301/311/302/211/any).
While testing explicitly by danecheck for RSA over ECDSA can be called a lacking feature, for monitoring TLSA https://github.com/matteocorti/check_ssl_cert is more feature-rich. In pure theory, the lack of possibility to monitor TLSA records differentially for RSA and ECDSA in danecheck, could prevent somebody to offer two types of certificates.
Is there sub-domain support?
Does dancheck has sub-domain support? I think it expects a DS record at the subdomain...
To replicate:
We're hosting a DNSSEC server, e.g. example.com.
Showing danecheck works:
➜ danecheck git:(master) ✗ danecheck -n 1.2.3.4
. IN DNSKEY 256 3 8 AwEAA...QBkYGpF78= ; AD=1 NoError
. IN DNSKEY 256 3 8 AwEAA.......J5ZJWLRs= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEA.......+Uk1ihz0= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEAAaz.....V74bU= ; AD=1 NoError
. IN SOA a.root-servers.net. [email protected]. 2018092600 1800 900 604800 86400 ; AD=1 NoError
In this domain, we're hosting a sub-domain in the same zone, e.g. sub.example.com.
danecheck cannot verify this domain since it has no DS records and such.
➜ danecheck git:(master) ✗ danecheck -n 1.2.3.4 sub.example.com
sub.example.com. IN DS ? ; AD=0 NODATA
example.com has a DNSkey and record for the whole zone. Including sub.example.com
postfix.org website problems (not safe)
Dear Viktor,
There are several problems:
- http://posftix.org/ does not work
- https://posftix.org/ does not work
- https://www.posftix.org/ does not work
Only http://www.posftix.org/ and it is not secure.
Can you solve it?
It will be better to have only and all other redirected to this address:
To have for example:
Add libicu-dev to description
sudo apt-get install libicu-dev
then
stack install text-icu
To install the dependencies
Network.Socket.recvBuf; Connection refused
Hello there.
I compiled the software with stack and now when i execute danecheck it prints the following error:
What can i do to solve the problem?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.