Avatar for Username

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Learn More

Táto téma bola archivovaná. Ak potrebujete pomôcť, založte prosím novú otázku.

How can I provide my own list of CA-certificates for TLS-connections from within a Add-On

  • 1 odpoveď
  • 1 má tento problém
  • 3 zobrazenia
  • Posledná odpoveď od guidow

guidow
guidow
more options

I'm considering writing an Add-On that does a DNSSEC/DANE lookup.

My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.)

I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA.

My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

I'm considering writing an Add-On that does a DNSSEC/DANE lookup. My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.) I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA. My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

Všetky odpovede (1)

guidow
guidow Autor otázky
more options

Replying to myself to add some more information.

For doing the DNSSEC-DANE lookup, I use a strategy as pioneered by the DNSSEC validation Add On.

My question is how to create a TLS-connection context with a certain Root CA before connection to the site.