Re: Contributing to GNUnet

[Tanguy Le Carrour]

Hi GNUnet, Hi Christian,

Le 03/10, Tanguy Le Carrour a écrit :
> Le 03/09, Christian Grothoff a écrit :
> > 2) try adding a TLSA record for gnunet.org to GNS, thereby avoiding
> >    the use of Letsencrypt and really directly verifying via GNS.
> 
> I'll try this and let you know, thanks!

So, I did my homework, used a generator [1][] and ended up with this:

```
_443._tcp.gnunet.org. IN TLSA 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
```

[1]: https://www.huque.com/bin/gen_tlsa

So I now have:

```
$ gnunet-namestore -z myself -a -e "1 d" -p -t TLSA -n gnunet -V "3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939"
$ gnunet-gns --type ANY --lookup gnunet.myself
gnunet.myself:
Got `TLSA' record: 3 1 1 
26145f39399c7625a95d290bde5731566a81e1cbe6baf84f37ba60b333b05939
Got `LEHO' record: gnunet.org
Got `A' record: 131.159.74.67
```

I didn't know where to put the `_443._tcp` part. `gnunet-namestore` complained
about the name containing a `.`.

There's something in the doc [2][] about `_port._proto.`, but it's for
BOX records only.

[2]: https://docs.gnunet.org/handbook/gnunet.html#BOX-1

Having done that, I still don't get much in the logs:

```
$ […]/lib/gnunet/libexec/gnunet-gns-proxy --log DEBUG
Mar 13 18:15:11-622297 gnunet-gns-proxy-3803 ERROR Download curl gnunet.org/ 
failed: SSL peer certificate or SSH remote key was not OK
```

Is my TLSA record correct? Is there something else I can try?

Regards

-- 
Tanguy