I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
From the README file:
“Package dane provides a set of functions to perform DANE authentication of a TLS server, with fall back to PKIX authentication if the server does not advertise any signed DANE TLSA records. DANE is a protocol that employs DNSSEC signed records (“TLSA”) to authenticate X.509 certificates used in TLS and other protocols. …”
Formatted documentation for the library is available at:
Using this, I’ve rewritten the backend for my DANE TLS testing tools:
These previously used an older C program of mine that used the OpenSSL library’s DANE verification functions. Rewriting the DANE verification code myself in Go allowed me to expand the capabilities of the tools. They now display more detailed diagnostic information including checking the status of every DANE TLSA record found against the TLS server’s certificates and/or keys. They also now support TLS 1.3 servers.