From 09dcd51feb0d17e7c0715aa10786df169936760a Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 4 Sep 2024 12:02:20 +0200
Subject: netwatch-dns: give warning on CRL use

---
 netwatch-dns.rsc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index e205081..09d471d 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -19,6 +19,7 @@
   :global IsDNSResolving;
   :global IsTimeSync;
   :global LogPrint;
+  :global LogPrintOnce;
   :global ParseKeyValueStore;
   :global ScriptLock;
 
@@ -126,6 +127,9 @@
     :if ($Data != false) do={
       :if ([ :typeof [ :find $Data "doh-check-OK" ] ] = "num") do={
         /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes;
+        :if ([ /certificate/settings/get crl-use ] = true) do={
+          $LogPrintOnce warning $ScriptName ("Configured to use CRL, that can cause severe issue!");
+        }
         /ip/dns/cache/flush;
         $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url"));
         :error true;
-- 
cgit v1.2.3-70-g09d2