[ldns-users] TLSA verification using ldns-dane
A. Schulze
sca at andreasschulze.de
Tue May 31 21:52:33 UTC 2016
Hello,
i use the command "ldns-dane verify www.example.org 443" to check if
the TLSA-Record _443._tcp.www.example.org match the certificate at https://www.example.org.
That works.
Now I try to check a mailserver that support STARTTLS.
I assume "-i : Interact after connecting" is my friend. But what's the intended use?
I tried variations of "echo STARTTLS | ldns-dane -i verify mail.example.org 25" but that fail:
handshaking SSL_get_error: 1
error: could not get cert chain from ssl
140217346352784:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
Or does the above error say "ldns-dane don't understand the TLS version used by mail.example.org" ???
Andreas
More information about the ldns-users
mailing list