#565 DNSSEC: better reflect s2s authentication status in error responses and mod_admin_web
Reporter
Ge0rG
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-Blocked
Type-Defect
Priority-Medium
Component-Community
Ge0rG
on
When an s2s connection fails due to DNSSEC DANE TLSA validation, the error message is a very generic TLS error:
| not-authorized (Your server's certificate is invalid, expired, or not trusted by server)
When an s2s connection succeeds, it would be awesome to see the DNSSEC auth status in the server info in mod_admin_web (and maybe also mod_admin_telnet)
Zash
on
See #770 for an explanation on why this is currently tricky to do.
mod_admin_web/_telnet things should be separate feature requests
When an s2s connection fails due to DNSSEC DANE TLSA validation, the error message is a very generic TLS error: | not-authorized (Your server's certificate is invalid, expired, or not trusted by server) When an s2s connection succeeds, it would be awesome to see the DNSSEC auth status in the server info in mod_admin_web (and maybe also mod_admin_telnet)
See #770 for an explanation on why this is currently tricky to do. mod_admin_web/_telnet things should be separate feature requests
Changes