Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Using/validating DANE certs?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ali Mohammad Pur via curl-library <curl-library_at_lists.haxx.se>
Date: Fri, 26 Sep 2025 00:07:17 +0200
Am 25. September 2025 22:50:02 MESZ schrieb Daniel Stenberg <daniel_at_haxx.se>:
>On Thu, 25 Sep 2025, Ali Mohammad Pur via curl-library wrote:
>
>> curl -vv --dane --upstream-dns 8.8.8.8 https://badhash.dane.huque.com/
>
>We already have --dns-servers
Noted, I'll switch over to that.
This was just a "quick" flag to show my proposed flow, so I didn't do much in the way of integration.
>> curl -vv --dane https://cxbyte.me --add-dns-rr AACBoAABAAIAAAABBmN4Ynl0ZQJtZQAAAQABwAwAAQABAAABGAAEkjtcrcAMAC4AAQAAARgAXQABDQIAAAEsaMmYTmjG2S6GyQZjeGJ5dGUCbWUA88TCNXPd4zVdaAVXfPTQelw1WHeLkH92ZUcrEUoR2Zm2kqxgg9MRtSrI+b0YuqWwfpts3PgOhfs8IMk6aDbGOAAAKQTQAACAAAAA --resolve cxbyte.me:443:146.59.92.173
>
>Who would want and be able to pass in the RR field like that? What exactly is the purpose of that?
Definitely not on the command line, but as an analogue for `CURLOPT_ADD_DNS_RR` when using libcurl, I think it shows the point that you don't need an upstream resolver and anything explicitly placed in the cache is trusted.
Date: Fri, 26 Sep 2025 00:07:17 +0200
Am 25. September 2025 22:50:02 MESZ schrieb Daniel Stenberg <daniel_at_haxx.se>:
>On Thu, 25 Sep 2025, Ali Mohammad Pur via curl-library wrote:
>
>> curl -vv --dane --upstream-dns 8.8.8.8 https://badhash.dane.huque.com/
>
>We already have --dns-servers
Noted, I'll switch over to that.
This was just a "quick" flag to show my proposed flow, so I didn't do much in the way of integration.
>> curl -vv --dane https://cxbyte.me --add-dns-rr AACBoAABAAIAAAABBmN4Ynl0ZQJtZQAAAQABwAwAAQABAAABGAAEkjtcrcAMAC4AAQAAARgAXQABDQIAAAEsaMmYTmjG2S6GyQZjeGJ5dGUCbWUA88TCNXPd4zVdaAVXfPTQelw1WHeLkH92ZUcrEUoR2Zm2kqxgg9MRtSrI+b0YuqWwfpts3PgOhfs8IMk6aDbGOAAAKQTQAACAAAAA --resolve cxbyte.me:443:146.59.92.173
>
>Who would want and be able to pass in the RR field like that? What exactly is the purpose of that?
Definitely not on the command line, but as an analogue for `CURLOPT_ADD_DNS_RR` when using libcurl, I think it shows the point that you don't need an upstream resolver and anything explicitly placed in the cache is trusted.
-- Cheers, ~Ali Mohammad Pur
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-09-26