daemon: root trust anchors automatically bootstrapped from IANA
if the root key file doesn’t exist, it will be populated from root DNSKEY query, which will be validated against root trust anchors retrieved over HTTPS with IANA cert verification against built-in current IANA cert CA. it requires luasocket and luasec for it to work. trust anchors XML file signature is not checked, as there’s no facility for PKCS7 checking yet.
Showing
- Makefile 8 additions, 3 deletionsMakefile
- config.mk 2 additions, 1 deletionconfig.mk
- daemon/README.rst 31 additions, 4 deletionsdaemon/README.rst
- daemon/engine.c 4 additions, 0 deletionsdaemon/engine.c
- daemon/lua/trust_anchors.lua 68 additions, 15 deletionsdaemon/lua/trust_anchors.lua
- daemon/main.c 21 additions, 6 deletionsdaemon/main.c
- doc/build.rst 4 additions, 0 deletionsdoc/build.rst
- etc/etc.mk 6 additions, 0 deletionsetc/etc.mk
- etc/icann-ca.pem 82 additions, 0 deletionsetc/icann-ca.pem
Please register or sign in to comment