@@ 13,6 13,7 @@ import (
. "xmpp-certwatch/common"
"github.com/redis/go-redis/v9"
+ "github.com/shuque/dane"
"mellium.im/sasl"
"mellium.im/xmpp"
"mellium.im/xmpp/form"
@@ 25,6 26,24 @@ var t *template.Template
var rclient *redis.Client
var xmppSession *xmpp.Session
+// Munge IPv4 and v6 together if we're not gonna show the IPs anyway
+func dedupeTlsa(result *CheckResult) {
+ done := map[string]bool{}
+ for ip, info := range result.Tlsa {
+ deduped := []*dane.TLSArdata{}
+ for _, rdata := range info.Rdata {
+ _, exists := done[info.Qname+" "+rdata.Data]
+ if exists {
+ deduped = append(deduped, rdata)
+ } else {
+ done[info.Qname+" "+rdata.Data] = true
+ }
+ }
+ info.Rdata = deduped
+ result.Tlsa[ip] = info
+ }
+}
+
func checkOneHandler(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
fqdns, ok := r.PostForm["fqdn"]
@@ 40,6 59,7 @@ func checkOneHandler(w http.ResponseWriter, r *http.Request) {
} else if !result.Dnssec {
t.ExecuteTemplate(w, "nodnssec.html", result)
} else if result.Daneok {
+ dedupeTlsa(&result)
err := pubsub.CreateNodeIQ(
context.Background(),
xmppSession,
@@ 61,8 81,10 @@ func checkOneHandler(w http.ResponseWriter, r *http.Request) {
rclient.HSet(context.Background(), "mitm_monitor_hosts", fqdn, "0")
t.ExecuteTemplate(w, "success.html", result)
} else if !result.AllChecked {
+ dedupeTlsa(&result)
t.ExecuteTemplate(w, "setup.html", result)
} else {
+ dedupeTlsa(&result)
t.ExecuteTemplate(w, "failure.html", result)
}
}