What's the proper way to validate a (possible) self signed cert with DANE?

74 Views Asked by At

In a nutshell, DANE means: check the SSL certificate fingerprint against a DNS record.

What I'd like to do is: in a HTTPS request:

  1. Check the regular SSL cert; If ok, done!
  2. if it's a self signed cert (or failed to validate for any other reason) check the DNS for DANE records

I can implement the 2. work using rejectUnauthorized: false, but that means I'm skipping the 1.

Is it possible to intercept/replace the function that decides if a SSL cert is valid or not?

0

There are 0 best solutions below