resolve: print TLSA packets in hexadecimal

https://tools.ietf.org/html/rfc6698#section-2.2 says: > The certificate association data field MUST be represented as a string > of hexadecimal characters. Whitespace is allowed within the string of > hexadecimal characters
2024-07-22 10:44:58 +00:00 · 2016-02-16 20:36:10 -05:00 · 2016-02-16 20:36:10 -05:00 · 236d312b8d
parent 82d1d24093
commit 236d312b8d
2 changed files with 11 additions and 21 deletions
--- a/man/systemd-resolve.xml
+++ b/man/systemd-resolve.xml
@ -357,7 +357,7 @@ d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproje
      <literal>:443</literal> could be skipped)</title>

      <programlisting>$ systemd-resolve --tlsa=tcp fedoraproject.org:443
-_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
+_443._tcp.fedoraproject.org IN TLSA 0 0 1 19400be5b7a31fb733917700789d2f0a2471c0c9d506c0e504c06c16d7cb17c0
        -- Cert. usage: CA constraint
        -- Selector: Full Certificate
        -- Matching type: SHA-256
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@ -1116,40 +1116,30 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {

        case DNS_TYPE_TLSA: {
                const char *cert_usage, *selector, *matching_type;
-                char *ss;
-                int n;

                cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
                selector = tlsa_selector_to_string(rr->tlsa.selector);
                matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);

-                r = asprintf(&s, "%s %u %u %u %n",
+                t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
+                if (!t)
+                        return NULL;
+
+                r = asprintf(&s,
+                             "%s %u %u %u %s\n"
+                             "        -- Cert. usage: %s\n"
+                             "        -- Selector: %s\n"
+                             "        -- Matching type: %s",
                             k,
                             rr->tlsa.cert_usage,
                             rr->tlsa.selector,
                             rr->tlsa.matching_type,
-                             &n);
-                if (r < 0)
-                        return NULL;
-
-                r = base64_append(&s, n,
-                                  rr->tlsa.data, rr->tlsa.data_size,
-                                  8, columns());
-                if (r < 0)
-                        return NULL;
-
-                r = asprintf(&ss, "%s\n"
-                             "        -- Cert. usage: %s\n"
-                             "        -- Selector: %s\n"
-                             "        -- Matching type: %s",
-                             s,
+                             t,
                             cert_usage,
                             selector,
                             matching_type);
                if (r < 0)
                        return NULL;
-                free(s);
-                s = ss;

                break;
        }