libcurl and DANE support
Date: Thu, 7 Mar 2013 12:31:51 -0500
Attached is a patch that adds DANE support to libcurl (tested on 7.29.0).
Local validation of the TLSA record is enabled through dnsval (libval,
libsres) from the dnssec-tools package. The validation of the SSL/TLS
certificate against the certificate provided in the TLSA record is
currently enabled only when openssl is used as the crypto engine.
After applying the patch execute the following commands before running 'make':
The DANE support can be tested as follows:
$ curl -v https://www.dnssec-tools.org/readme/README.curl -o outfile
* DANE: TLSA record for www.dnssec-tools.org exists.
* DANE: SSL certificate verified using DANE.
* DANE: Skipping additional ceritificate checks.
- application/octet-stream attachment: curl-7.29.0.patch