blob: 7722dc89534747368cb37c30362bd26a1fe84e21 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
# Lookup table matching next-hop destinations to TLS security policies;
# this allows pining the key material for chosen recipient domains.
#
# {{ ansible_managed }}
# Do NOT edit this file directly!
{% for nexthop in ['fripost.org','.fripost.org'] %}
{{ nexthop }} fingerprint ciphers=high protocols=!SSLv2:!SSLv3:!TLSv1:!TLSv1.1
{% for h in groups.MX | sort %}
match={{ lookup('pipe', 'openssl pkey -pubin -outform DER <"certs/public/mx'+(hostvars[h].mxno | default('') | string)+'.fripost.org.pub" | openssl dgst -sha256 -c | sed "s/[^=]*=\s*//"') }}
{% endfor %}
{% endfor %}
|
