Hey all! Since DANE/TLSA has become much more common as a replacement for PKI, I'd really like it if curl could use (or at least verify) DANE certificates when requested/available.
In particular, I'm mostly interested in having libcurl expose a way for users to provide (or request the use of) a set of TLSA records, or somehow communicate that DANE should be used for the connection (as I'm trying to have DANE be a native alternative to PKI in Ladybird[1]). The request side of this is reasonably straightforward with openssl, at least. I do have a patchset[2] that implements this as a proof of concept (though with a broader scope that I expect DNS folks will appreciate), and I'd be happy to implement and help maintain it if there's interest in having this (or the broader implementation) as a feature. [1]: https://github.com/ladybirdbrowser/ladybird [2]: https://github.com/alimpfard/curl/compare/d12129dda5e14f384dbb9f24ddb462479501fc87...master -- Cheers, ~Ali Mohammad Pur
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
