shuque / dane Goto Github PK
View Code? Open in Web Editor NEWGo library for DANE authentication
License: MIT License
Go library for DANE authentication
License: MIT License
Hi,
When I tested the good.dane.huque.com, I found a discrepancy between the results I ran locally and the results I got from the DANE Test site and the results I got from the SIDN test site. After double-checking the TLSA record, I found that SIDN should be correct. There seems to be a problem with the TLSA validation process for the dane project.
I'm trying to check if I can introduce the ability of making requests to DANE-powered addresses in an app I have (I'm not very familiar with DANE and I'm not sure this even makes sense, but I'm just playing with it) and then I'm trying to test this library as a drop-in replacement to my http.Transport
TLS thing.
The problem is that the only two DANE domains I know, falci.me and www.huque.com, return Okdane == false
and Okpkix == true
.
This is the code I'm using:
package main
import (
"context"
"fmt"
"log"
"net"
"net/http"
"strconv"
"strings"
"github.com/shuque/dane"
)
func main() {
t := &http.Transport{
DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
spl := strings.Split(addr, ":")
host := spl[0]
port, _ := strconv.Atoi(spl[1])
conn, s, err := dane.ConnectByNameAsync(host, port)
if err != nil {
return conn, err
}
log.Print(s.Okdane)
log.Print(s.Okpkix)
return conn, nil
},
}
client := http.Client{Transport: t}
resp, err := client.Get("https://www.huque.com")
if err != nil {
log.Fatal(err)
}
fmt.Println(resp)
}
These two domains succeed on the DANE verification at https://www.huque.com/bin/danecheck.
Hi,
in tlsa.go there is a function to print the result:
Lines 81 to 98 in 312d7e1
Is it possible to make it returning the result instead?
I want to make some docker container that mail when something goes wrong, now it can only mail: it failed. If I can use this function to see what is failing, it is a bit more informative.
Dear developer,
I found your library and it looks very useful and I'd like to use it. But I'd need to be able to configure custom resolvers (classic DNS and DNS over TLS (DoT)) but looking at https://pkg.go.dev/github.com/shuque/dane#Resolver it seems like the latter is not supported. The DNS library miekg/dns seems to support DoT so I'd like to ask whether you would consider to add DoT support?
Best regards,
Martin
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.