Skip to content

hawell/dane

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits

LICENSE.md

LICENSE.md

 
 

README.md

README.md

 
 

acme.ca

acme.ca

 
 

dns.go

dns.go

 
 

dns_test.go

dns_test.go

 
 

example_test.go

example_test.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

rootca.go

rootca.go

 
 

tls.go

tls.go

 
 

trust_anchor.go

trust_anchor.go

 
 

Repository files navigation

DANE

Go library for DANE TLSA authentication

Usage

t := &http.Transport{
    DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
        dialer := &net.Dialer{
            Timeout:   30 * time.Second,
            KeepAlive: 30 * time.Second,
        }

        conn, err := tls.DialWithDialer(dialer, network, addr, &tls.Config{
            InsecureSkipVerify: true,
            VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {
                return dane.VerifyPeerCertificate(network, addr, rawCerts, nil)
            },
        })
        if err != nil {
            return conn, err
        }
        return conn, nil
    },
}
client := http.Client{Transport: t}

resp, err := client.Get("https://getfedora.org")
if err != nil {
    log.Fatal(err)
}
fmt.Println(resp)

the only requirement is to set InsecureSkipVerify to true and use dane.VerifyPeerCertificate() for custom verification. all dnssec query and validation are done transparently.

About

dane provides functionalities to use DNS-based Authentication of Named Entities aka DANE in standard go tls connections

Topics

tls dnssec dane golang-package tlsa-records

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 3

v0.1.2 Latest
Apr 28, 2021
+ 2 releases

Packages

No packages published

Languages