In the GnuTLS build, getddns can connect to a DoT server and perform lookups. DNSSEC support is not complete, but most other features work. Specifically:
Cipher list specification. Note that these must be specified by GnuTLS priority strings, which are not the same as their OpenSSL counterparts. Cipher lists are therefore not interchangeable.
Hostname certificate verification.
Public key pinning.
Specifying certificate CA file/path.
We also removed support for older OpenSSL versions, so smooth the process of creating this proof of concept.
We are creating this PR as a record of the prototyping work done.
In the GnuTLS build, getddns can connect to a DoT server and perform lookups. DNSSEC support is not complete, but most other features work. Specifically:
We also removed support for older OpenSSL versions, so smooth the process of creating this proof of concept.
We are creating this PR as a record of the prototyping work done.