Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Using/validating DANE certs?
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Ali Mohammad Pur via curl-library <curl-library_at_lists.haxx.se>
Date: Wed, 15 Oct 2025 14:59:27 +0200
Am 15.10.25 um 14:10 schrieb Daniel Stenberg:
> On Sun, 12 Oct 2025, Ali Mohammad Pur via curl-library wrote:
>
>> curl --dane --dns-servers ... [--trusted-upstream-dns]
>> https://whatever.wherever
>
> I don't see anyone express interest and I will just repeat myself. I
> don't think these are particularly valuable features when provided
> this "raw".
I'm not sure I understand which part you're referring to, from the cli
perspective we now have two new flags-
one to enable dane itself and one to ignore dnssec (maybe we can just
use -k for that though? I'm open to removing `--trusted-upstream-dns`)
and from the library side, we have the same things plus an equivalent to
CURLOPT_RESOLVE, which is one I'm personally interested in.
If you prefer I can put on my Ladybird network guy hat and tell you that
we already have a stub resolver[1] and I would like to have the option
to "just" pipe the responses to curl[2] without running an actual stub.
[1]:
<https://github.com/LadybirdBrowser/ladybird/blob/master/Libraries/LibDNS/Resolver.h>
[2]:
<https://github.com/alimpfard/ladybird/blob/d82765d82bbb823a0d56f75b9a13180bd5dd383c/Services/RequestServer/ConnectionFromClient.cpp#L446>
Date: Wed, 15 Oct 2025 14:59:27 +0200
Am 15.10.25 um 14:10 schrieb Daniel Stenberg:
> On Sun, 12 Oct 2025, Ali Mohammad Pur via curl-library wrote:
>
>> curl --dane --dns-servers ... [--trusted-upstream-dns]
>> https://whatever.wherever
>
> I don't see anyone express interest and I will just repeat myself. I
> don't think these are particularly valuable features when provided
> this "raw".
I'm not sure I understand which part you're referring to, from the cli
perspective we now have two new flags-
one to enable dane itself and one to ignore dnssec (maybe we can just
use -k for that though? I'm open to removing `--trusted-upstream-dns`)
and from the library side, we have the same things plus an equivalent to
CURLOPT_RESOLVE, which is one I'm personally interested in.
If you prefer I can put on my Ladybird network guy hat and tell you that
we already have a stub resolver[1] and I would like to have the option
to "just" pipe the responses to curl[2] without running an actual stub.
[1]:
<https://github.com/LadybirdBrowser/ladybird/blob/master/Libraries/LibDNS/Resolver.h>
[2]:
<https://github.com/alimpfard/ladybird/blob/d82765d82bbb823a0d56f75b9a13180bd5dd383c/Services/RequestServer/ConnectionFromClient.cpp#L446>
-- -- Cheers, ~ Ali Mohammad Pur -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2025-10-15