portable icon indicating copy to clipboard operation
portable copied to clipboard

Published 20 hours ago verified publisher icon libressl

DANE-TA

Open hdatma opened this issue 6 years ago • 2 comments

I get the following when compiling ldns without "--disable-dane-ta-usage".

Configure: error: OpenSSL [LibreSSL] does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage

Are there any plans to support offline DANE verification?

hdatma avatar Feb 05 '19 17:02 hdatma

Support for DANE-TA would be great.

yonas avatar Apr 06 '21 13:04 yonas

Support for DANE-TA would be great.

Although libressl is the default in openbsd, and openbsd claims to be the best in security, the lack of DANE support is undermining the claim. The openbsd project does not use DANE, so they have no experience with it. We rely on DANE, and therefore we deprecated libressl in our projects. Three years are a long time to hold breath.

hdatma avatar Apr 13 '21 10:04 hdatma