💾 Archived View for rawtext.club › ~sloum › geminilist › 005789.gmi captured on 2024-02-05 at 11:07:01. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

[spec] Certificate trust

cas carsten at strotmann.de

Mon Mar 1 09:42:15 GMT 2021

- - - - - - - - - - - - - - - - - - - 

Hi,

On 1. Mar 2021, at 10:26, Stephane Bortzmeyer <stephane at sources.org> wrote:
On Sun, Feb 28, 2021 at 10:07:02PM -0500,
Sean Conner <sean at conman.org> wrote
a message of 56 lines which said:
If you want *any* other type of DNS record, you are pretty much
forced to either use one of the horrible DNS resolving libraries or
roll your own. I would tout my own DNS library [1], but it's in C
(and has a Lua wrapper for it).
C programmers are lucky, there are two excellent free, documented,
maintained and complete libraries to do DNS requests, ldns
<https://www.nlnetlabs.nl/projects/ldns/> and getdns
<https://getdnsapi.net/>.
Python programmers have one, dnspython <https://www.dnspython.org/>.
Other languages… it depends. Last time I checked for Elixir, it was
not good.

No need to do manual/extra DNS queries to verify certificates via DANE.

GnuTLS has DANE validation build in<https://www.gnutls.org/manual/html_node/Verifying-a-certificate-using-DANE.html>

and OpenSSL has that as well<https://www.openssl.org/docs/man1.1.0/man3/SSL_dane_enable.html>

Greetings

Carsten