On 1/9/2013 2:46 PM, Bry8 Star wrote:
(reposting this on users list) Hi, When can we expect an OpenSSL release, that will support DANE protocol to verify SSL/TLS certificates (which are added/kept in the DNS RR) using DNSSEC protocols ?
Is there an RFC for DANE, or is it still an experimental or project- specific protocol. Since OpenSSL is mostly a library, the normal/expected way would be for OpenSSL to pass back to the OpenSSL-using application with a certificate that needs locating/verification by external means. This application callback can then implement any needed mechanisms, such as ldap lookups over SSL, http(s) downloads, lookup in a database or querying using a DNSSEC supporting DNS resolver library or simply prompting the user to accept a certificate. Each of those mechanisms can of cause itself use OpenSSL for its cryptographic security. Others on this list may be able to point you to precisely which existing OpenSSL mechanisms can do the trick. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
