Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

How can I provide my own list of CA-certificates for TLS-connections from within a Add-On

  • 1 antwurd
  • 1 hat dit probleem
  • 3 werjeftes
  • Lêste antwurd fan guidow

guidow
guidow
more options

I'm considering writing an Add-On that does a DNSSEC/DANE lookup.

My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.)

I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA.

My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

I'm considering writing an Add-On that does a DNSSEC/DANE lookup. My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.) I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA. My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

Alle antwurden (1)

guidow
guidow Fraacheigener
more options

Replying to myself to add some more information.

For doing the DNSSEC-DANE lookup, I use a strategy as pioneered by the DNSSEC validation Add On.

My question is how to create a TLS-connection context with a certain Root CA before connection to the site.