[gnutls-devel] usage of --dane option without dane support should fail
Björn JACKE
bj at SerNet.DE
Fri Feb 5 18:28:37 CET 2016
Hi,
when gnutls is built without dane support this is not visible to the user. The
man page says that there is the --date option, gnutls-cli shows that there is a
--dane option, using the option succeeds. Even though gnutls-cli was not linked
agains libunbound and no dane support exists. This might people use and truse
the dane support even though is is non-existent.
I suggest that without dane support the use of the --dane option whould result
in a certificate trust check failure - or gnutls-cli should refuse to accept
the --dane option right from the start.
Björn
More information about the Gnutls-devel
mailing list