Coder Social home page Coder Social logo

danecheck's People

Contributors

hs-viktor avatar paulmenzel avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

danecheck's Issues

postfix.org website problems (not safe)

Dear Viktor,

There are several problems:

Only http://www.posftix.org/ and it is not secure.

Can you solve it?

It will be better to have only and all other redirected to this address:

To have for example:

Module ‘Network.TLS’ does not export

Hi there,

I'm getting the following error whilst building danecheck on Amazon Linux 2:

Building all executables for `danecheck' once. After a successful build of all of them, only specified executables will be rebuilt.
danecheck> build (exe)
danecheck> Preprocessing executable 'danecheck' for danecheck-1.1.0..
danecheck> Building executable 'danecheck' for danecheck-1.1.0..
danecheck> [ 7 of 16] Compiling Dane.Scanner.SMTP.TLS
danecheck>
danecheck> /home/ec2-user/danecheck/Dane/Scanner/SMTP/TLS.hs:30:31: error:
danecheck>     Module
danecheck>     ‘Network.TLS’
danecheck>     does not export
danecheck>     ‘Version(TLS10, TLS11, TLS12, TLS13)’
danecheck>    |
danecheck> 30 | import           Network.TLS (Version(TLS10, TLS11, TLS12, TLS13))
danecheck>    |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
danecheck>

--  While building package danecheck-1.1.0 using:
      /home/ec2-user/.stack/setup-exe-cache/x86_64-linux/Cabal-simple_mPHDZzAJ_2.4.0.1_ghc-8.6.5 --builddir=.stack-work/dist/x86_64-linux/Cabal-2.4.0.1 build exe:danecheck --ghc-options " -fdiagnostics-color=always"
    Process exited with code: ExitFailure 1

Any idea how I could solve this? I tried googling the error but it's not yielding results and I'm not proficient with Haskell.

Kind regards
Meint

Git clone error

➜  ~ git clone --recursive https://github.com/vdukhovni/danecheck
Cloning into 'danecheck'...
remote: Enumerating objects: 188, done.
remote: Total 188 (delta 0), reused 0 (delta 0), pack-reused 188
Receiving objects: 100% (188/188), 55.57 KiB | 280.00 KiB/s, done.
Resolving deltas: 100% (97/97), done.
Submodule 'pkgs/dns' (https://github.com/kazu-yamamoto/dns.git) registered for path 'pkgs/dns'
Submodule 'pkgs/idna-hs' (https://github.com/vdukhovni/idna-hs.git) registered for path 'pkgs/idna-hs'
Submodule 'pkgs/optparse-applicative' (https://github.com/pcapriotti/optparse-applicative.git) registered for path 'pkgs/optparse-applicative'
Cloning into '/sne/home/kcsuka/danecheck/pkgs/dns'...
remote: Counting objects: 2678, done.        
remote: Total 2678 (delta 0), reused 0 (delta 0), pack-reused 2678        
Receiving objects: 100% (2678/2678), 502.20 KiB | 1.37 MiB/s, done.
Resolving deltas: 100% (1532/1532), done.
Cloning into '/sne/home/kcsuka/danecheck/pkgs/idna-hs'...
remote: Enumerating objects: 43, done.        
remote: Total 43 (delta 0), reused 0 (delta 0), pack-reused 43        
Cloning into '/sne/home/kcsuka/danecheck/pkgs/optparse-applicative'...
remote: Enumerating objects: 17, done.        
remote: Counting objects: 100% (17/17), done.        
remote: Compressing objects: 100% (15/15), done.        
remote: Total 3437 (delta 4), reused 8 (delta 2), pack-reused 3420        
Receiving objects: 100% (3437/3437), 916.00 KiB | 1.98 MiB/s, done.
Resolving deltas: 100% (1896/1896), done.
Submodule path 'pkgs/dns': checked out 'af5367ccaa8d2200f27a5e32b03caa69497b853a'
error: Server does not allow request for unadvertised object f69c0bf32d6c9144e6278d7972553203777a441a
Fetched in submodule path 'pkgs/idna-hs', but it did not contain f69c0bf32d6c9144e6278d7972553203777a441a. Direct fetching of that commit failed.

Had to manually clone pkgs/idna-hs and pkgs/optparse-applicative to folder.
Please fix.

Perhaps place this whole installation in a docker container...

Support verifying TLSA for RSA and ECDSA certificates, when a server offers both

README.md says: testing ECDSA in preference to RSA is typically a feature, not a bug.

Note that recently https://github.com/matteocorti/check_ssl_cert got support to check for valid “3 0 1”, “3 0 2”, “3 1 1” and “2 1 1” records for RSA and EC signature types. This means it can verify, that there is valid a TLSA “3 0 2” record for a TLS connection, when a RSA certificate is requested and obtained and (with different command line parameters) verify that there is a valid “3 1 1” TLSA record for the same destination, when ECDSA certificate is requested and obtained (and also verify any other combination of RSA/ECDSA/any + 301/311/302/211/any).

While testing explicitly by danecheck for RSA over ECDSA can be called a lacking feature, for monitoring TLSA https://github.com/matteocorti/check_ssl_cert is more feature-rich. In pure theory, the lack of possibility to monitor TLSA records differentially for RSA and ECDSA in danecheck, could prevent somebody to offer two types of certificates.

Is there sub-domain support?

Does dancheck has sub-domain support? I think it expects a DS record at the subdomain...

To replicate:

We're hosting a DNSSEC server, e.g. example.com.
Showing danecheck works:

➜  danecheck git:(master) ✗ danecheck -n 1.2.3.4                              
. IN DNSKEY 256 3 8 AwEAA...QBkYGpF78= ; AD=1 NoError
. IN DNSKEY 256 3 8 AwEAA.......J5ZJWLRs= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEA.......+Uk1ihz0= ; AD=1 NoError
. IN DNSKEY 257 3 8 AwEAAaz.....V74bU= ; AD=1 NoError
. IN SOA a.root-servers.net. [email protected]. 2018092600 1800 900 604800 86400 ; AD=1 NoError

In this domain, we're hosting a sub-domain in the same zone, e.g. sub.example.com.
danecheck cannot verify this domain since it has no DS records and such.

➜  danecheck git:(master) ✗ danecheck -n 1.2.3.4 sub.example.com 
sub.example.com. IN DS ? ; AD=0 NODATA

example.com has a DNSkey and record for the whole zone. Including sub.example.com

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.