Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Using/validating DANE certs?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ali Mohammad Pur Fard via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 1 Sep 2025 11:53:11 +0200
Hey all!
Since DANE/TLSA has become much more common as a replacement for PKI, I'd
really like it if curl could use (or at least verify) DANE certificates
when requested/available.
In particular, I'm mostly interested in having libcurl expose a way for
users to provide (or request the use of) a set of TLSA records, or somehow
communicate that DANE should be used for the connection (as I'm trying to
have DANE be a native alternative to PKI in Ladybird[1]). The request side
of this is reasonably straightforward with openssl, at least.
I do have a patchset[2] that implements this as a proof of concept (though
with a broader scope that I expect DNS folks will appreciate), and I'd be
happy to implement and help maintain it if there's interest in having this
(or the broader implementation) as a feature.
[1]: https://github.com/ladybirdbrowser/ladybird
[2]:
https://github.com/alimpfard/curl/compare/d12129dda5e14f384dbb9f24ddb462479501fc87...master
Date: Mon, 1 Sep 2025 11:53:11 +0200
Hey all!
Since DANE/TLSA has become much more common as a replacement for PKI, I'd
really like it if curl could use (or at least verify) DANE certificates
when requested/available.
In particular, I'm mostly interested in having libcurl expose a way for
users to provide (or request the use of) a set of TLSA records, or somehow
communicate that DANE should be used for the connection (as I'm trying to
have DANE be a native alternative to PKI in Ladybird[1]). The request side
of this is reasonably straightforward with openssl, at least.
I do have a patchset[2] that implements this as a proof of concept (though
with a broader scope that I expect DNS folks will appreciate), and I'd be
happy to implement and help maintain it if there's interest in having this
(or the broader implementation) as a feature.
[1]: https://github.com/ladybirdbrowser/ladybird
[2]:
https://github.com/alimpfard/curl/compare/d12129dda5e14f384dbb9f24ddb462479501fc87...master
-- Cheers, ~Ali Mohammad Pur
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-09-01