Avatar for Username

Sök i support

Akta dig för supportbedrägerier: Vi kommer aldrig att be dig att ringa eller skicka ett sms till ett telefonnummer eller dela personlig information. Rapportera misstänkt aktivitet med alternativet "Rapportera missbruk".

Läs mer

Denna tråd har arkiverats. Ställ en ny fråga om du behöver hjälp.

How can I provide my own list of CA-certificates for TLS-connections from within a Add-On

  • 1 svar
  • 1 har detta problem
  • 2 visningar
  • Senaste svar av guidow

guidow
guidow
more options

I'm considering writing an Add-On that does a DNSSEC/DANE lookup.

My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.)

I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA.

My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

I'm considering writing an Add-On that does a DNSSEC/DANE lookup. My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.) I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA. My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

Alla svar (1)

guidow
guidow Frågans ägare
more options

Replying to myself to add some more information.

For doing the DNSSEC-DANE lookup, I use a strategy as pioneered by the DNSSEC validation Add On.

My question is how to create a TLS-connection context with a certain Root CA before connection to the site.