Tweaks.

ashdwilson · May 31, 2020 · 6976785 · 6976785
1 parent a36b8b9
commit 6976785
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -38,7 +38,7 @@ Appname and Servicename methods on the Config structure.
 ### Example code
 
 Example code that uses this library can be found in example_test.go.
-A detailed example program that uses the library can be found at
+A detailed diagnostic tool that uses the library can be found at
 https://github.com/shuque/gotls
 
 ### Documentation

diff --git a/byname.go b/byname.go
@@ -41,7 +41,6 @@ func ConnectByName(hostname string, port int) (*tls.Conn, *Config, error) {
  }
 
  for _, ip := range iplist {
-
  config := NewConfig(hostname, ip, port)
  config.SetTLSA(tlsa)
  conn, err = DialTLS(config)

diff --git a/dns.go b/dns.go
@@ -217,7 +217,10 @@ func GetTLSA(resolver *Resolver, hostname string, port int) (*TLSAinfo, error) {
  }
 
  if response.MsgHdr.Rcode == dns.RcodeNameError {
- return nil, fmt.Errorf("%s: Non-existent domain name", qname)
+ if resolver.Pkixfallback {
+ return nil, nil
+ }
+ return nil, fmt.Errorf("ERROR: %s: Non-exist domain name", hostname)
  }
 
  tlsa := new(TLSAinfo)

diff --git a/tls.go b/tls.go
@@ -25,14 +25,12 @@ func verifyChain(certs []*x509.Certificate, config *tls.Config,
  if root {
  opts.Roots = config.RootCAs
  opts.Intermediates = x509.NewCertPool()
-
  for _, cert := range certs[1:] {
  opts.Intermediates.AddCert(cert)
  }
  verifiedChains, err = certs[0].Verify(opts)
  } else {
  opts.Roots = x509.NewCertPool()
-
  chainlength := len(certs)
  last := certs[chainlength-1]
  opts.Roots.AddCert(last)

diff --git a/tlsa.go b/tlsa.go
@@ -10,26 +10,26 @@ import (
 )
 
 //
-// DANE Usage modes
+// DANE Certificte Usage modes
 //
 const (
- PkixTA = 0
- PkixEE = 1
- DaneTA = 2
- DaneEE = 3
+ PkixTA = 0 // Certificate Authority Constraint
+ PkixEE = 1 // Service Certificate Constraint
+ DaneTA = 2 // Trust Anchor Assertion
+ DaneEE = 3 // Domain Issued Certificate
 )
 
 //
 // TLSArdata - TLSA rdata structure
 //
 type TLSArdata struct {
- Usage uint8
- Selector uint8
- Mtype uint8
- Data string
- Checked bool
- Ok bool
- Message string
+ Usage uint8 // Certificate Usage
+ Selector uint8 // Selector: 0: full cert, 1: subject public key
+ Mtype uint8 // Matching Type: 0 full content, 1: SHA256, 2: SHA512
+ Data string // Certificate association Data field (hex encoding)
+ Checked bool // Have we tried to match this TLSA rdata?
+ Ok bool // Did it match?
+ Message string // Diagnostic message for matching
 }
 
 //