View Issue Details

IDProjectCategoryView StatusLast Update
0002526GNUnetGNSpublic2018-06-07 00:25
ReporterChristian GrothoffAssigned ToChristian Grothoff 
PriorityurgentSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product VersionSVN HEAD 
Target Version0.11.0pre66Fixed in Version0.11.0pre66 
Summary0002526: GNS proxy does not validate DANE/TLSA records
DescriptionCurrently, SSL-validation is still CA based. We should parse DANE records as well and use those to check X.509 certs.
TagsNo tags attached.

Relationships

related to 0003003 closedChristian Grothoff New GNS does not properly support SRV records 
child of 0003038 closedChristian Grothoff gnunet-gns-proxy does not properly validate SSL certificates 

Activities

Christian Grothoff

2012-12-04 15:45

manager   ~0006638

Last edited: 2013-10-21 23:56

View 2 revisions

With latest GnuTLS, we now theoretically support DANE records; however, serialization/deserialization and gnunet-setup support are still missing/untested.

Christian Grothoff

2014-04-24 20:49

manager   ~0008271

For ways to specify DANE/TLSA records, see also:

https://forum.namecoin.info/viewtopic.php?f=5&t=1137

Christian Grothoff

2014-05-13 17:43

manager   ~0008334

Last edited: 2014-05-13 17:43

View 2 revisions

For GNS resolver support, see: https://gnunet.org/srv_in_gns (implemented in SVN 33265).

Christian Grothoff

2014-06-03 10:47

manager   ~0008387

I now think the above is actually not an ideal solution, as the DANE/TLSA record is then not included with the original result, making it hard to tell if/when such a record exists or not (timeout, delay, wait, etc.). So instead, we might want to "encapsulate" the TLSA-record in a GNS-specific "BOX" record that includes the protocol/port information and then the original SRV/TLSA record data. The BOX record could then be included with the original label, without the _FOO._BAR nonsense.

Christian Grothoff

2014-06-07 22:03

manager   ~0008413

Implemented in SVN 33592.

Issue History

Date Modified Username Field Change
2012-08-28 11:49 Christian Grothoff New Issue
2012-08-28 11:49 Christian Grothoff Status new => assigned
2012-08-28 11:49 Christian Grothoff Assigned To => schanzen
2012-08-28 11:50 Christian Grothoff Priority normal => urgent
2012-10-07 14:14 Christian Grothoff Target Version => 0.10.1
2012-12-04 15:45 Christian Grothoff Note Added: 0006638
2012-12-04 15:47 Christian Grothoff Summary GNS proxy does not validate DANE records => GNS proxy does not validate DANE/TLSA records
2013-03-18 15:01 Christian Grothoff Assigned To schanzen =>
2013-06-03 13:14 Christian Grothoff Status assigned => confirmed
2013-08-15 12:55 Christian Grothoff Priority urgent => low
2013-09-18 15:35 Christian Grothoff Relationship added child of 0003038
2013-09-18 15:36 Christian Grothoff Target Version 0.10.1 => 0.11.0pre66
2013-10-20 20:33 Christian Grothoff Target Version 0.11.0pre66 => 0.10.1
2013-10-20 20:33 Christian Grothoff Priority low => normal
2013-10-21 23:55 Christian Grothoff Assigned To => Christian Grothoff
2013-10-21 23:55 Christian Grothoff Status confirmed => assigned
2013-10-21 23:56 Christian Grothoff Note Edited: 0006638 View Revisions
2013-10-23 12:55 Christian Grothoff Assigned To Christian Grothoff =>
2013-10-23 12:55 Christian Grothoff Status assigned => confirmed
2013-10-23 12:58 Christian Grothoff Target Version 0.10.1 => 0.11.0pre66
2014-02-09 19:50 Christian Grothoff Target Version 0.11.0pre66 =>
2014-04-11 15:10 Christian Grothoff Target Version => 0.11.0pre66
2014-04-22 18:48 Christian Grothoff Assigned To => Christian Grothoff
2014-04-22 18:48 Christian Grothoff Status confirmed => assigned
2014-04-23 19:28 Christian Grothoff Priority normal => urgent
2014-04-24 20:49 Christian Grothoff Note Added: 0008271
2014-05-13 16:52 Christian Grothoff Relationship added related to 0003003
2014-05-13 17:43 Christian Grothoff Note Added: 0008334
2014-05-13 17:43 Christian Grothoff Note Edited: 0008334 View Revisions
2014-06-03 10:47 Christian Grothoff Note Added: 0008387
2014-06-07 22:03 Christian Grothoff Note Added: 0008413
2014-06-07 22:03 Christian Grothoff Status assigned => resolved
2014-06-07 22:03 Christian Grothoff Fixed in Version => 0.11.0pre66
2014-06-07 22:03 Christian Grothoff Resolution open => fixed
2018-06-07 00:25 Christian Grothoff Status resolved => closed