From d1daee5d0278fc62162c506150a7bdcb067d2bb4 Mon Sep 17 00:00:00 2001
From: Nathan Woodburn <github@nathan.woodburn.au>
Date: Wed, 27 Sep 2023 17:47:57 +1000
Subject: [PATCH] bot: Check TLSA from dns

---
 bot.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/bot.py b/bot.py
index 543c806..772dd14 100644
--- a/bot.py
+++ b/bot.py
@@ -192,10 +192,23 @@ async def ssl(ctx, domain: str):
             tlsa_process = subprocess.Popen(" ".join(tlsa_command), shell=True, stdout=subprocess.PIPE)
             tlsa_output, _ = tlsa_process.communicate()
 
-            tlsa_hex = binascii.hexlify(tlsa_output).decode("utf-8")
+            tlsa_server = binascii.hexlify(tlsa_output).decode("utf-8")
 
             
-            message = message + "\n## TLSA Record from webserver: `3 1 1 " + tlsa_hex + "`\n"
+            message = message + "\n## TLSA Record from webserver:\n`3 1 1 " + tlsa_server + "`\n"
+
+            # Check for TLSA record
+            response = resolver.resolve("_443._tcp."+domain, "TLSA")
+            tlsa_records = []
+            message = message + "\n## TLSA Records:\n"
+            for record in response:
+                tlsa_records.append(str(record))
+                message = message + "- " +str(record) + "\n"
+
+            if not tlsa_records:
+                message = message + "\n## TLSA Record not found\n"
+
+
             await ctx.response.send_message(message)
         else:
             ctx.response.send_message(f"No certificate found for {domain}")