Skip to content
/ libcertpatrol Public

Library for TLS certificate pinning and verification

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tg-x/libcertpatrol

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
bin
bin
 
 
etc
etc
 
 
include/certpatrol
include/certpatrol
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
Doxyfile.in
Doxyfile.in
 
 
README.org
README.org
 
 

Repository files navigation

Certificate Patrol

Introduction

libcertpatrol implements public key pinning for TLS using a trust on first use (TOFU) model.

It is intended as a fallback mechanism when there’s no pinning protocol in use by the server, such as DANE or TACK.

It is described in more detail in https://gnunet.org/tofu-pinning

Authors

  • Gabor X Toth
  • Tjebbe Vlieg

License

TBD

Installation

Prerequisites

The following libraries are required:

  • GnuTLS
  • dconf
  • uuid
  • OpenSSL (optional)
  • NSS (optional)
  • gcr-3

Compiling

Run cmake to use the default options:

cmake .

Or use ccmake for a text-based configuration:

ccmake .

Or use cmake-gui for GUI configuration:

cmake-gui .

Add the following option for a debug build:

cmake -DCMAKE_BUILD_TYPE=Debug .

Compile and install:

make
sudo make install

Usage

API documentation is available after

make doc

For testing purposes a bin/certpatrol script is also provided that uses LD_PRELOAD to override certificate verification functionality of TLS libraries:

certpatrol curl -i https://en.wikipedia.org

About

Library for TLS certificate pinning and verification

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages