Import from initial devel-repo

pieterlexis · Jan 24, 2012 · 7e40b63 · 7e40b63
commit 7e40b63
Show file tree

Hide file tree

Showing 3 changed files with 638 additions and 0 deletions.
diff --git a/README b/README
@@ -0,0 +1,57 @@
+                          SWEDE - tools to create and verify TLSA (DANE) records
+================================================================================
+Swede aims to provide a one-stop solutions to create and test TLSA records.
+
+                                                                         LICENSE
+--------------------------------------------------------------------------------
+swede is copyright Pieter Lexis <pieter@os3.nl> and is licensed under the terms
+of the GNU General Public Licence version 2 or higher.
+
+                                                                    DEPENDENCIES
+--------------------------------------------------------------------------------
+- Python (>= 2.6)
+- python-{unbound, argparse, ipaddr, m2crypto}
+
+swede has been tested on Debian 6 (Squeeze) using the python-unbound package
+from squeeze-backports.
+
+                                                                        FEATURES
+--------------------------------------------------------------------------------
+- Creation of all 18 permutations of TLSA records
+- Output in draft and RFC format
+- Ability to load certificates from disk to create records from
+- Verify TLSA records 'in the field' with the certificates offered by the TLS
+  service running on the server
+
+                                                                           USAGE
+--------------------------------------------------------------------------------
+See EXAMPLES below and try the following:
+swede --help
+swede create --help
+swede verify --help
+
+                                                                        EXAMPLES
+--------------------------------------------------------------------------------
+swede create --usage 1 --output rfc www.os3.nl
+swede --insecure create --usage 0 mail.google.com
+
+swede verify -p 1516 dane.kiev.practicum.os3.nl
+swede verify ulthar.us
+                                                                            TODO
+--------------------------------------------------------------------------------
+- Creation tool that checks the CN in the Subject of the certificate
+- IPv6 support (M2Crypto doesnt support it at the moment)
+- Creation tool that does an AXFR for a full zone, collects all hostnames, gets
+  the certificates (or the CA certificate from the commandline) and creates all
+  TLSA records.
+- Test certificates (other than using the functions in M2Crypto) when no chain
+  is presented during the TLS session
+- Manpage
+
+                                                                      KNOWN BUGS
+--------------------------------------------------------------------------------
+- swede is mostly untested.
+- Not everything that can raise an exception is in a try/except block
+- No support for SRV record indirection (see Issue 28 of the DANE-WG)
+- No support for TLS/SSL over UDP or SCTP
+- No support for STARTTLS type protocols (only 'straight' SSL/TLS conections)
diff --git a/root.key b/root.key
@@ -0,0 +1,9 @@
+; autotrust trust anchor file
+;;id: . 1
+;;last_queried: 1326888589 ;;Wed Jan 18 13:09:49 2012
+;;last_success: 1326888589 ;;Wed Jan 18 13:09:49 2012
+;;next_probe_time: 1326929661 ;;Thu Jan 19 00:34:21 2012
+;;query_failed: 0
+;;query_interval: 43200
+;;retry_time: 8640
+.	172800	IN	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ;{id = 19036 (ksk), size = 2048b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=1326804159 ;;Tue Jan 17 13:42:39 2012