cURL / Mailing Lists / curl-library / Single Mail

curl-library

libcurl and DANE support

From: Suresh Krishnaswamy <suresh_at_tislabs.com>
Date: Thu, 7 Mar 2013 12:31:51 -0500

Hello,

Attached is a patch that adds DANE support to libcurl (tested on 7.29.0).

Local validation of the TLSA record is enabled through dnsval (libval,
libsres) from the dnssec-tools package. The validation of the SSL/TLS
certificate against the certificate provided in the TLSA record is
currently enabled only when openssl is used as the crypto engine.

After applying the patch execute the following commands before running 'make':
$ autoconf
$ autoheader

The DANE support can be tested as follows:
$ curl -v https://www.dnssec-tools.org/readme/README.curl -o outfile
...
* DANE: TLSA record for www.dnssec-tools.org exists.
...
* DANE: SSL certificate verified using DANE.
* DANE: Skipping additional ceritificate checks.
...

Thanks!
Suresh

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/octet-stream attachment: curl-7.29.0.patch

Received on 2013-03-07

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: libcurl and DANE support"
Previous message: Steve Holme: "RE: Problem with SMTP using libcurl"
Next in thread: Daniel Stenberg: "Re: libcurl and DANE support"
Reply: Daniel Stenberg: "Re: libcurl and DANE support"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]