[gnutls-devel] GnuTLS | Unclear extent of functionality of danetool --check (#558)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Sep 29 15:01:30 CEST 2018


How about this clarification?

Diff:
```
-    doc = "Obtains the DANE TLSA entry from the given hostname and prints information. Note that the actual certificate of the host can be provided using --load-certificate, otherwise danetool will connect to the server to obtain it. The exit code on verification success will be zero.";
+    doc = "Obtains the DANE TLSA entry for the given hostname, prints information and checks the server certificate chain against the TLSA records. (For the avoidance of doubt danetool does not try verification against the GnuTLS trust store for PKIX-TA or DANE_CERT_USAGE_EE.) Note that the actual certificate of the host can be provided using --load-certificate, otherwise danetool will connect to the server to obtain it. The exit code on verification success will be zero.";
```
wdiff:

doc = "Obtains the DANE TLSA entry [-from-]{+for+} the given [-hostname and-]{+hostname,+} prints [-information.-]{+information and checks the server certificate chain against the TLSA records. (For the avoidance of doubt danetool does not try verification against the GnuTLS trust store for PKIX-TA or DANE_CERT_USAGE_EE.)+} Note that the actual certificate of the host can be provided using --load-certificate, otherwise danetool will connect to the server to obtain it. The exit code on verification success will be zero.";

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/558#note_105287465
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20180929/e19b62fd/attachment-0001.html>


More information about the Gnutls-devel mailing list