-
Notifications
You must be signed in to change notification settings - Fork 11
Usage
pieterlexis edited this page Jan 24, 2012
·
4 revisions
The options you can set with swede.
These options can be used by both verify and create.
usage: swede [-h] [--insecure] [--resolvconf /PATH/TO/RESOLV.CONF] [-v] {verify,create} ... hostname
Create and verify DANE records.
positional arguments:
hostname
optional arguments:
-h, --help show this help message and exit
--insecure Allow use of non-dnssec secured answers
--resolvconf /PATH/TO/RESOLV.CONF
Use a recursive resolver from resolv.conf
-v, --version show version and exit
Functions:
{verify,create} Available functions, see swede function -h for function-
specific help
verify Verify a TLSA record, exit 0 when all TLSA records are
matched, exit 2 when a record does not match the received
certificate, exit 1 on error.
create Create a TLSA record
usage: swede create [-h] [--port PORT] [--protocol {tcp,udp,sctp}]
[--certificate CERTIFICATE] [--output {draft,rfc,both}]
[--usage {0,1,2}] [--selector {0,1}] [--mtype {0,1,2}]
optional arguments:
-h, --help show this help message and exit
--port PORT, -p PORT The port where running TLS is located (default: 443).
--protocol {tcp,udp,sctp}
The protocol the TLS service is using (default: tcp).
--certificate CERTIFICATE, -c CERTIFICATE
The certificate used for the host. If certificate is
empty, the certificate will be downloaded from the
server
--output {draft,rfc,both}, -o {draft,rfc,both}
The type of output.
Draft using private RRtype 65468 (default)
RFC (TLSA)
Both
--usage {0,1,2}, -u {0,1,2}
The Usage of the Certificate for Association.
'0' for CA
'1' for End Entity (default)
'2' for trust-anchor
--selector {0,1}, -s {0,1}
The Selector for the Certificate for Association.
'0' for Full Certificate (default)
'1' for SubjectPublicKeyInfo
--mtype {0,1,2}, -m {0,1,2}
The Matching Type of the Certificate for Association.
'0' for Exact match
'1' for SHA-256 (default)
'2' for SHA-512
usage: swede verify [-h] [--port PORT] [--protocol {tcp,udp,sctp}] [--only-rr]
[--ca-cert /PATH/TO/CERTSTORE] [--quiet]
optional arguments:
-h, --help show this help message and exit
--port PORT, -p PORT The port where running TLS is located (default: 443).
--protocol {tcp,udp,sctp}
The protocol the TLS service is using (default: tcp).
--only-rr, -o Only verify that the TLSA resource record is correct
(do not check certificate)
--ca-cert /PATH/TO/CERTSTORE
Path to a CA certificate or a directory containing the
certificates (default: /etc/ssl/certs/)
--quiet, -q Only print the result of the validation