[gnutls-devel] GnuTLS | gnutls-cli - incomplete DANE support (#557)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Sep 14 16:14:04 CEST 2018


That was intentional when DANE was implemented. I found the "trust anchor assertion" [obsurd at the time](https://nikmav.blogspot.com/2012/10/some-thoughts-on-dane-protocol.html). So the way it was implemented was for the validation intention/plan has to be specified by the user, not the server. As such gnutls-cli is supposed to be used with the flags `--no-ca-verification`/`--ca-verification` and `--dane`/`--no-dane`.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/557#note_101455857
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180914/43c2f67b/attachment.html>


More information about the Gnutls-devel mailing list