cURL / Mailing Lists / curl-library / Single Mail


libcurl and DANE support

From: Suresh Krishnaswamy <>
Date: Thu, 7 Mar 2013 12:31:51 -0500


Attached is a patch that adds DANE support to libcurl (tested on 7.29.0).

Local validation of the TLSA record is enabled through dnsval (libval,
libsres) from the dnssec-tools package. The validation of the SSL/TLS
certificate against the certificate provided in the TLSA record is
currently enabled only when openssl is used as the crypto engine.

After applying the patch execute the following commands before running 'make':
$ autoconf
$ autoheader

The DANE support can be tested as follows:
$ curl -v -o outfile
* DANE: TLSA record for exists.
* DANE: SSL certificate verified using DANE.
* DANE: Skipping additional ceritificate checks.


List admin:

Received on 2013-03-07