vdukhovni / danecheck Goto Github PK
View Code? Open in Web Editor NEWDANE SMTP checker
License: BSD 3-Clause "New" or "Revised" License
DANE SMTP checker
License: BSD 3-Clause "New" or "Revised" License
Dear Viktor,
There are several problems:
Only http://www.posftix.org/ and it is not secure.
Can you solve it?
It will be better to have only and all other redirected to this address:
To have for example:
Hi there,
I'm getting the following error whilst building danecheck on Amazon Linux 2:
Building all executables for `danecheck' once. After a successful build of all of them, only specified executables will be rebuilt.
danecheck> build (exe)
danecheck> Preprocessing executable 'danecheck' for danecheck-1.1.0..
danecheck> Building executable 'danecheck' for danecheck-1.1.0..
danecheck> [ 7 of 16] Compiling Dane.Scanner.SMTP.TLS
danecheck>
danecheck> /home/ec2-user/danecheck/Dane/Scanner/SMTP/TLS.hs:30:31: error:
danecheck> Module
danecheck> ‘Network.TLS’
danecheck> does not export
danecheck> ‘Version(TLS10, TLS11, TLS12, TLS13)’
danecheck> |
danecheck> 30 | import Network.TLS (Version(TLS10, TLS11, TLS12, TLS13))
danecheck> | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
danecheck>
-- While building package danecheck-1.1.0 using:
/home/ec2-user/.stack/setup-exe-cache/x86_64-linux/Cabal-simple_mPHDZzAJ_2.4.0.1_ghc-8.6.5 --builddir=.stack-work/dist/x86_64-linux/Cabal-2.4.0.1 build exe:danecheck --ghc-options " -fdiagnostics-color=always"
Process exited with code: ExitFailure 1
Any idea how I could solve this? I tried googling the error but it's not yielding results and I'm not proficient with Haskell.
Kind regards
Meint
➜ ~ git clone --recursive https://github.com/vdukhovni/danecheck
Cloning into 'danecheck'...
remote: Enumerating objects: 188, done.
remote: Total 188 (delta 0), reused 0 (delta 0), pack-reused 188
Receiving objects: 100% (188/188), 55.57 KiB | 280.00 KiB/s, done.
Resolving deltas: 100% (97/97), done.
Submodule 'pkgs/dns' (https://github.com/kazu-yamamoto/dns.git) registered for path 'pkgs/dns'
Submodule 'pkgs/idna-hs' (https://github.com/vdukhovni/idna-hs.git) registered for path 'pkgs/idna-hs'
Submodule 'pkgs/optparse-applicative' (https://github.com/pcapriotti/optparse-applicative.git) registered for path 'pkgs/optparse-applicative'
Cloning into '/sne/home/kcsuka/danecheck/pkgs/dns'...
remote: Counting objects: 2678, done.
remote: Total 2678 (delta 0), reused 0 (delta 0), pack-reused 2678
Receiving objects: 100% (2678/2678), 502.20 KiB | 1.37 MiB/s, done.
Resolving deltas: 100% (1532/1532), done.
Cloning into '/sne/home/kcsuka/danecheck/pkgs/idna-hs'...
remote: Enumerating objects: 43, done.
remote: Total 43 (delta 0), reused 0 (delta 0), pack-reused 43
Cloning into '/sne/home/kcsuka/danecheck/pkgs/optparse-applicative'...
remote: Enumerating objects: 17, done.
remote: Counting objects: 100% (17/17), done.
remote: Compressing objects: 100% (15/15), done.
remote: Total 3437 (delta 4), reused 8 (delta 2), pack-reused 3420
Receiving objects: 100% (3437/3437), 916.00 KiB | 1.98 MiB/s, done.
Resolving deltas: 100% (1896/1896), done.
Submodule path 'pkgs/dns': checked out 'af5367ccaa8d2200f27a5e32b03caa69497b853a'
error: Server does not allow request for unadvertised object f69c0bf32d6c9144e6278d7972553203777a441a
Fetched in submodule path 'pkgs/idna-hs', but it did not contain f69c0bf32d6c9144e6278d7972553203777a441a. Direct fetching of that commit failed.
Had to manually clone pkgs/idna-hs
and pkgs/optparse-applicative
to folder.
Please fix.
Perhaps place this whole installation in a docker container...
README.md says: testing ECDSA in preference to RSA is typically a feature, not a bug.
Note that recently https://github.com/matteocorti/check_ssl_cert got support to check for valid “3 0 1”, “3 0 2”, “3 1 1” and “2 1 1” records for RSA and EC signature types. This means it can verify, that there is valid a TLSA “3 0 2” record for a TLS connection, when a RSA certificate is requested and obtained and (with different command line parameters) verify that there is a valid “3 1 1” TLSA record for the same destination, when ECDSA certificate is requested and obtained (and also verify any other combination of RSA/ECDSA/any + 301/311/302/211/any).
While testing explicitly by danecheck for RSA over ECDSA can be called a lacking feature, for monitoring TLSA https://github.com/matteocorti/check_ssl_cert is more feature-rich. In pure theory, the lack of possibility to monitor TLSA records differentially for RSA and ECDSA in danecheck, could prevent somebody to offer two types of certificates.
Does dancheck
has sub-domain support? I think it expects a DS record at the subdomain...
To replicate:
We're hosting a DNSSEC server, e.g. example.com
.
Showing danecheck works:
➜ danecheck git:(master) ✗ danecheck -n 1.2.3.4
. IN DNSKEY 256 3 8 AwEAA...QBkYGpF78= ; AD=1 NoError
. IN DNSKEY 256 3 8 AwEAA.......J5ZJWLRs= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEA.......+Uk1ihz0= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEAAaz.....V74bU= ; AD=1 NoError
. IN SOA a.root-servers.net. [email protected]. 2018092600 1800 900 604800 86400 ; AD=1 NoError
In this domain, we're hosting a sub-domain in the same zone, e.g. sub.example.com
.
danecheck
cannot verify this domain since it has no DS records and such.
➜ danecheck git:(master) ✗ danecheck -n 1.2.3.4 sub.example.com
sub.example.com. IN DS ? ; AD=0 NODATA
example.com has a DNSkey and record for the whole zone. Including sub.example.com
sudo apt-get install libicu-dev
then
stack install text-icu
To install the dependencies
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.