cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] Add support for DNSSEC verification (libunbound)

From: Björn Stenberg <bjorn_at_haxx.se>
Date: Thu, 27 Aug 2015 09:37:03 +0200

Hi all.

Here is a patch that adds a new dns resolver, async-unbound, to libcurl. This is a first step towards the goal of full DANE support in curl.

This patch is still a bit crude and not ready for merge:

- It enables unbound by default, instead of using a configure option.
  I'm not fluent in configure so didn't feel comfortable trying to add it.

- It only verifies DNSSEC and does nothing with the TLSA record.

- It probably doesn't always do the right thing with the result of the DNSSEC
  verification.

Still, I've been sitting on this patch for way too long and figured I'd better submit it as-is rather than procrastinate any further. I do intend to continute working on it, but my track record hasn't been impressive over the last year. If anyone feels impatient and wants to pick up the ball and run with it, feel free. Just let me know so we avoid duplication of work.

-- 
Björn
Received on 2015-08-27