unweb/tokio-gemini
1
2
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(SECURITY): return error on failed DANE verification

Browse source 
and add raw cert caching in DANE verificator
This commit is contained in:
DarkCat09 2024-08-28 17:02:56 +04:00
parent c3b50e4ecc
commit 32b888b3c1
Signed by: DarkCat09
GPG key ID: BD3CE9B65916CD82
2 changed files with 18 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

3
examples/main.rs
View file

@ -149,8 +149,7 @@ impl SelfsignedCertVerifier for CertVerifier {
CertFingerprint::new_sha256(cert)
}
Err(e) => {
// some other problem (e.g. DNS server rejected the request),
// we shouldn't continue
// cert not matched, DNS server rejected request, etc.
eprintln!("DANE verification failed: {:?}", e);
return Err(e);
}