[gnutls-devel] GnuTLS | gnutls-cli - incomplete DANE support (#557)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri Sep 14 16:14:04 CEST 2018
That was intentional when DANE was implemented. I found the "trust anchor assertion" [obsurd at the time](https://nikmav.blogspot.com/2012/10/some-thoughts-on-dane-protocol.html). So the way it was implemented was for the validation intention/plan has to be specified by the user, not the server. As such gnutls-cli is supposed to be used with the flags `--no-ca-verification`/`--ca-verification` and `--dane`/`--no-dane`.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/557#note_101455857
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel