On Wed, May 27, 2015 at 09:03:11AM +0000, Hosnieh Rafiee wrote:
> Is there any open source implementation of DANE? Would you please share
> the link (perhaps not to the list to avoid noises but to me directly)
As yet, there is no robust DANE support in mainstream TLS libraries.
You can find preliminary DANE support based on OpenSSL in:
https://github.com/vdukhovni/ssl_dane
This works with OpenSSL 1.0.0 and later. The application is
responsible for all DNSSEC TLSA record lookups, the library uses
TLSA records provided by the application to verify the TLS peer.
The above is not intended to be supported after DANE is made
available directly in OpenSSL. Also the source is the documentation.
This is for early adopters only, not a long-term API.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
