Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Using/validating DANE certs?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ali Mohammad Pur via curl-library <curl-library_at_lists.haxx.se>
Date: Sun, 12 Oct 2025 17:55:53 +0200
Hey all!
I've cleaned up the proof-of-concept a bit (same place as before [1]).
The general use-cases remain the same as I mentioned before:
curl --dane --dns-servers ... [--trusted-upstream-dns]
https://whatever.wherever
and on the libcurl side, `CURLOPT_ADD_DNS_RR` can be used to inject RRs
into the cache; DANE can be enabled by `CURLOPT_DANE` and
`CURLOPT_UPSTREAM_DNS_TRUSTED` can be used to ignore DNSSEC failures.
If the general outlook is positive, I can open a PR; otherwise I'm open
to suggestions on how to make this better :^)
[1]:
<https://github.com/alimpfard/curl/commit/179bef4b25dcd3c88e0a16197f94e0d41a72595d>
Date: Sun, 12 Oct 2025 17:55:53 +0200
Hey all!
I've cleaned up the proof-of-concept a bit (same place as before [1]).
The general use-cases remain the same as I mentioned before:
curl --dane --dns-servers ... [--trusted-upstream-dns]
https://whatever.wherever
and on the libcurl side, `CURLOPT_ADD_DNS_RR` can be used to inject RRs
into the cache; DANE can be enabled by `CURLOPT_DANE` and
`CURLOPT_UPSTREAM_DNS_TRUSTED` can be used to ignore DNSSEC failures.
If the general outlook is positive, I can open a PR; otherwise I'm open
to suggestions on how to make this better :^)
[1]:
<https://github.com/alimpfard/curl/commit/179bef4b25dcd3c88e0a16197f94e0d41a72595d>
-- Cheers, ~ Ali Mohammad Pur -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-10-12