Hey, during the IETF hackathon I implemented DNS over TLS (RFC 7858) for kdig utility in Knot DNS[1] and now I am implementing the different TLS Privacy Profiles (Section 4).
Using the excellent examples and documentation[*] I was able to implement: - Opportunistic Privacy Profile (just return 0) - hostname verification with system ca-file - custom ca-file and now I would like to implement verification of pin-sha256 user-provided values. Could you please guide me to a place where I should start looking? Is there already some other program that implemented HSTS/HPKP using GnuTLS? And if not than a pointer to documentation for SPKI retrieval would be nice (not quite sure https://www.gnutls.org/manual/html_node/X509-certificate-API.html is the right place and what function am I looking for). * - please bear in mind this is my first code longer than few lines in years... and my first encounter with GnuTLS programming, so be nice to me 1. https://gitlab.labs.nic.cz/labs/knot/commits/dns-over-tls Cheers, -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver Vše pro chleba (https://vseprochleba.cz) – Potřeby pro pečení chleba všeho druhu _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
