From c4219fa156b56e233587846845e75def9a131580 Mon Sep 17 00:00:00 2001
From: Stefan Huber <shuber@sthu.org>
Date: Mon, 29 Feb 2016 21:45:56 +0100
Subject: [PATCH] Add dnssec/gentlsa

---
 dnssec/gentlsa | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 dnssec/gentlsa

diff --git a/dnssec/gentlsa b/dnssec/gentlsa
new file mode 100755
index 0000000..7852151
--- /dev/null
+++ b/dnssec/gentlsa
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -e
+set -u
+
+ports="443"
+while getopts "hp:" opt; do
+  case "$opt" in
+    h)
+      echo "Usage: $0 [-p=ports] certificates..."
+      exit 0
+      ;;
+    p)
+      ports=$OPTARG
+      ;;
+  esac
+done
+shift $((OPTIND-1))
+
+for crt in "$@"; do
+  echo "Certificate ${crt}..."
+  digest=$(openssl x509 -in "$crt" -noout -pubkey | openssl rsa -pubin -outform der 2>/dev/null | sha256sum | awk '{print $1}')
+
+  (
+  openssl x509 -noout -text < "$crt" | awk '/X509v3 Subject Alternative Name/ {getline;gsub(/ /, "", $0); print}' | tr ',' '\n' | awk -F: '$1=="DNS" {print $2}';
+  openssl x509 -noout -subject < "$crt" | sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/'
+  ) | sort -u | while read cn; do
+  for port in $ports; do
+    printf "_%d._tcp.%-40s IN TLSA 3 1 1 %s\n" "${port}" "${cn}." "${digest}"
+  done
+done
+done
-- 
2.30.2