Friday, January 5, 2018

harddns usability

I updated harddns to make use of standard TLS certificate
checking. Usage of pinned certs is now optional. If they
exist inside /etc/harddns/pinned, they have to match
in order for the resovle to succeed. If there don't exist
any pinned certs, the common X509 chain verification
is applied.
This should make harddns much more usable, as
there are plenty of X509's from google endpoints
which may appear if the resolver web API is contacted.

No comments: