Created attachment 546857 [details] verification library Add a dnssec verification library (based on the ldns library) to enable DNSSEC TLS.
No longer depends on: 672244
Created attachment 546858 [details] [diff] [review] verification library The actual patch this time.
Attachment #546857 - Attachment is obsolete: true
Depends on: 672244
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
Created attachment 547137 [details] [diff] [review] verification library The library now also makes sure the certificate matches the TLSA record (except when the TLSA certificate type is CA certificate).
Attachment #546858 - Attachment is obsolete: true
Created attachment 555224 [details] [diff] [review] verification library + tests latest version
Depends on: 681497
Created attachment 557974 [details] [diff] [review] verification library + tests
Comment on attachment 557974 [details] [diff] [review] verification library + tests Clearing review request until we re-assess how this fits in with our certificate validation improvement plans.
I need to integrate ldns as libunbound depends on it. I'm going to do it in my own bug for now, bug 773365.
Closing this bug as WONTFIX until it's clear we have an active use for this library.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.