On 02/09/2022 16:16, Carl Byington via mailop wrote: > Years ago I setup automation for tlsa records to support smtp dane here. > However, something is now broken, and I am not sure what is wrong. > > _25._tcp.mail3.five-ten-sg.com. IN TLSA 3 0 1 ( > 834d710b2feb790cc9b2c6d251c65b1fedc24c51a4149bdfeae4d40e0be11892 > ) > > https://www.huque.com/bin/danecheck-smtp shows DANE TLSA 3 0 1 > [834d710b..]: not checked and a failed result.
Looks like the latest version of this (https://github.com/shuque/gotls) returns the reason why it fails, which appears to be a bug in the tool caused by the expired DST X3 CA: Result: FAILED: DANE TLS error: cert chain: x509: certificate has expired or is not yet valid: current time 2022-09-03T09:10:15Z is after 2021-09-30T14:01:15Z -- Simon Arlott _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
