add dnssec library (based on ldns) for use by DNSSEC TLS system

RESOLVED WONTFIX

Status

()

Core
Security: PSM
--
enhancement
RESOLVED WONTFIX
6 years ago
a year ago

People

(Reporter: keeler, Unassigned)

Tracking

(Depends on: 2 bugs, Blocks: 1 bug)

Trunk
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 4 obsolete attachments)

Created attachment 546857 [details]
verification library

Add a dnssec verification library (based on the ldns library) to enable DNSSEC TLS.
(Reporter)

Updated

6 years ago
No longer depends on: 672244
Created attachment 546858 [details] [diff] [review]
verification library

The actual patch this time.
Attachment #546857 - Attachment is obsolete: true
(Reporter)

Updated

6 years ago
Blocks: 672600
(Reporter)

Updated

6 years ago
Depends on: 672244
Assignee: nobody → nobody
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Version: trunk → Trunk
Created attachment 547137 [details] [diff] [review]
verification library

The library now also makes sure the certificate matches the TLSA record (except when the TLSA certificate type is CA certificate).
Attachment #546858 - Attachment is obsolete: true
Created attachment 555224 [details] [diff] [review]
verification library + tests

latest version
Attachment #547137 - Attachment is obsolete: true
Attachment #555224 - Flags: review?(bsmith)
(Reporter)

Updated

6 years ago
Depends on: 681497
Created attachment 557974 [details] [diff] [review]
verification library + tests
Attachment #555224 - Attachment is obsolete: true
Attachment #557974 - Flags: review?(bsmith)
Attachment #555224 - Flags: review?(bsmith)
Comment on attachment 557974 [details] [diff] [review]
verification library + tests

Clearing review request until we re-assess how this fits in with our certificate validation improvement plans.
Attachment #557974 - Flags: review?(bsmith)

Comment 6

5 years ago
I need to integrate ldns as libunbound depends on it. I'm going to do it in my own bug for now, bug 773365.
Closing this bug as WONTFIX until it's clear we have an active use for this library.
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.