[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: DANE in libressl?
From:       Gilles CHEHADE <gilles () poolp ! org>
Date:       2021-08-29 20:04:55
Message-ID: 71949C9B-2106-4734-A453-2B4191C2123F () poolp ! org
[Download RAW message or body]



> On 29 Aug 2021, at 16:14, Peter J. Philipp <pjp@delphinusdns.org> wrote:
> 
> On Sun, Aug 29, 2021 at 07:16:20AM -0600, Theo de Raadt wrote:
>> Is there a strong reason why this has to be in that specific library?
> 
> Not really.  I did see gnutls has dane functions and openssl has them too.
> I can stick to just rolling the needed functionality in the syslogd.
> 
> Noone out there is doing this already right?
> 

Hello,

I had started working on a standalone dane resolver based upon asr but I decided not to move it forward:

OpenSSL has an interface for DANE and !OpenBSD projects are more likely to implement that interface,
so I thought my plan of a standalone implementation would be inferior to a LibreSSL implementation that
could be picked by ports and a libtls interface that could be picked by base daemons.

I don't have much code but I can share if you're still interested.
[prev in list] [next in list] [prev in thread] [next in thread]