netwatch-dns: give warning on CRL use

author: Christian Hesse <mail@eworm.de> 2024-09-04 12:02:20 +0200
committer: Christian Hesse <mail@eworm.de> 2024-09-05 09:54:35 +0200
commit: 09dcd51feb0d17e7c0715aa10786df169936760a (patch)
tree: 94dd6a0d9e38ba875b87ebf80a9fb4b55e1982ca
parent: 9737bfa46ad5b08f39ba0442061d08e974cb14c5 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index e205081..09d471d 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -19,6 +19,7 @@
   :global IsDNSResolving;
   :global IsTimeSync;
   :global LogPrint;
+  :global LogPrintOnce;
   :global ParseKeyValueStore;
   :global ScriptLock;
 
@@ -126,6 +127,9 @@
     :if ($Data != false) do={
       :if ([ :typeof [ :find $Data "doh-check-OK" ] ] = "num") do={
         /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes;
+        :if ([ /certificate/settings/get crl-use ] = true) do={
+          $LogPrintOnce warning $ScriptName ("Configured to use CRL, that can cause severe issue!");
+        }
         /ip/dns/cache/flush;
         $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url"));
         :error true;
author	Christian Hesse <mail@eworm.de>	2024-09-04 12:02:20 +0200
committer	Christian Hesse <mail@eworm.de>	2024-09-05 09:54:35 +0200
commit	09dcd51feb0d17e7c0715aa10786df169936760a (patch)
tree	94dd6a0d9e38ba875b87ebf80a9fb4b55e1982ca
parent	9737bfa46ad5b08f39ba0442061d08e974cb14c5 (diff)