Skip to content

DrWhax/libcertpatrol

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits

bin

bin

 
 

etc

etc

 
 

include/certpatrol

include/certpatrol

 
 

src

src

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

Doxyfile.in

Doxyfile.in

 
 

README.org

README.org

 
 

Repository files navigation

Certificate Patrol

Introduction

libcertpatrol implements public key pinning for TLS using a trust on first use (TOFU) model.

It is intended as a fallback mechanism when there’s no pinning protocol in use by the server, such as DANE or TACK.

It is described in more detail in https://gnunet.org/tofu-pinning

Authors

  • Gabor X Toth
  • Tjebbe Vlieg

License

TBD

Installation

Prerequisites

The following libraries are required:

  • GnuTLS
  • dconf
  • uuid
  • OpenSSL (optional)
  • NSS (optional)
  • gcr-3

Compiling

Run cmake to use the default options:

cmake .

Or use ccmake for a text-based configuration:

ccmake .

Or use cmake-gui for GUI configuration:

cmake-gui .

Add the following option for a debug build:

cmake -DCMAKE_BUILD_TYPE=Debug .

Compile and install:

make
sudo make install

Usage

API documentation is available after

make doc

For testing purposes a bin/certpatrol script is also provided that uses LD_PRELOAD to override certificate verification functionality of TLS libraries:

certpatrol curl -i https://en.wikipedia.org

About

library for TLS certificate pinning and verification

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 84.5%
  • CMake 7.4%
  • C++ 6.7%
  • Shell 1.4%