Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

تلاش سپورٹ

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

مزید سیکھیں

اس تھریڈ کو آرکائیوکیا گیا تھا۔ اگر آپ کو مدد کی ضرورت ہو تو براہ مہربانی نیا سوال پوچھیں۔

How can I provide my own list of CA-certificates for TLS-connections from within a Add-On

  • 1 جواب دیں
  • 1 میں یہ مسئلہ ہے
  • 83 دیکھیں
  • آخری جواب بذریعہ guidow

guidow
guidow

I'm considering writing an Add-On that does a DNSSEC/DANE lookup.

My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.)

I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA.

My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

I'm considering writing an Add-On that does a DNSSEC/DANE lookup. My scenario is that a DNSSEC query for the TLSA (DANE) records of a site return a full Root Certificate for a site. (2,0,0 in DANE jargon.) I want to create new TLS context with a CA-pool containing just that Certificate, so that when I browse to the site, the TLS-layer verifies the site certificate against the DNSSEC-specified Root CA. My question: how do I program that in an add on? How can I specify a *certain* CA root certificate before opening the connection.

تمام جوابات (1)

guidow
guidow سوال کا مالک

Replying to myself to add some more information.

For doing the DNSSEC-DANE lookup, I use a strategy as pioneered by the DNSSEC validation Add On.

My question is how to create a TLS-connection context with a certain Root CA before connection to the site.