On 02/19/2017 08:23 PM, Viktor Dukhovni wrote:
Are you sure that base64 works in this context??? The presentation format for TLSA records is hex encoded.
Oups. I re-wrote the macro in my message from memory instead of pasting it from my actual script, and of course I messed up.
(Coincidentally, I spent the last few hours writing an introduction to HTTP Public-Key Pinning, which does use base64 encoding.)
My real macro is: m4_define(SPKI_DGST, `m4_esyscmd(openssl x509 -in $1 -pubkey -noout | \ openssl rsa -pubin -outform DER | \ openssl dgst -sha256 | cut -d" " -f2)') Sorry about that, Damien
signature.asc
Description: OpenPGP digital signature
