From 257999ac7a08789cc421983493e43ecf5e169bab Mon Sep 17 00:00:00 2001
From: defanor <defanor@uberspace.net>
Date: Thu, 12 Nov 2020 14:23:30 +0300
Subject: Check server certificates using DANE (TLSA)

Currently it is just experimental and does not affect the
verification (except for adding a delay); perhaps the verification
should be made configurable, including an option to rely on DANE.
---
 README | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'README')

diff --git a/README b/README
index 211030d..b03ddce 100644
--- a/README
+++ b/README
@@ -14,7 +14,7 @@ rely on any particular UI, should be flexible and not stay in the way
 of implementing additional XEPs on top of it, and should try to make
 it easy to implement a decent client application using it.
 
-Current dependencies: c-ares, libxml2, gnutls, gsasl.
+Current dependencies: c-ares, libxml2, gnutls, gnutls-dane, gsasl.
 
 
 A rough roadmap:
@@ -39,6 +39,7 @@ A rough roadmap:
 [+] XEP-0368: SRV records for XMPP over TLS.
 [+] SOCKS5 (RFC 1928) support. Implemented, though can be improved.
 [+] XEP-0199: XMPP Ping.
+[.] Certificate verification using DANE (experimental).
 
 
 - Library refinement:
-- 
cgit v1.2.3