DANE

Go library for DANE TLSA authentication

Usage

t := &http.Transport{
    DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
        dialer := &net.Dialer{
            Timeout:   30 * time.Second,
            KeepAlive: 30 * time.Second,
        }

        conn, err := tls.DialWithDialer(dialer, network, addr, &tls.Config{
            InsecureSkipVerify: true,
            VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
                return dane.VerifyPeerCertificate(network, addr, rawCerts, nil)
            },
        })
        if err != nil {
            return conn, err
        }
        return conn, nil
    },
}
client := http.Client{Transport: t}

resp, err := client.Get("https://getfedora.org")
if err != nil {
    log.Fatal(err)
}
fmt.Println(resp)

the only requirement is to set InsecureSkipVerify to true and use dane.VerifyPeerCertificate() for custom verification. all dnssec query and validation are done transparently.

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
LICENSE.md		LICENSE.md
README.md		README.md
acme.ca		acme.ca
dns.go		dns.go
dns_test.go		dns_test.go
example_test.go		example_test.go
go.mod		go.mod
go.sum		go.sum
rootca.go		rootca.go
tls.go		tls.go
trust_anchor.go		trust_anchor.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

DANE

Usage

About

Releases 3

Packages

Languages

License

hawell/dane

Folders and files

Latest commit

History

Repository files navigation

DANE

Usage

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 3

Packages 0

Languages

Packages