Skip to content
/ libcertpatrol Public

Library for TLS certificate pinning and verification

4 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tg-x/libcertpatrol

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

tg-xtg-x
typofix
Feb 15, 2016
14f08a0 · Feb 15, 2016

History

54 Commits
bin
bin
Feb 10, 2013
etc
etc
Feb 10, 2013
include/certpatrol
include/certpatrol
Jan 25, 2013
src
src
Feb 15, 2016
.gitignore
.gitignore
Feb 1, 2013
CMakeLists.txt
CMakeLists.txt
Feb 15, 2016
Doxyfile.in
Doxyfile.in
Feb 1, 2013
README.org
README.org
Dec 27, 2015

Repository files navigation

Certificate Patrol

Introduction

libcertpatrol implements public key pinning for TLS using a trust on first use (TOFU) model.

It is intended as a fallback mechanism when there’s no pinning protocol in use by the server, such as DANE or TACK.

It is described in more detail in https://gnunet.org/tofu-pinning

Authors

  • Gabor X Toth
  • Tjebbe Vlieg

License

TBD

Installation

Prerequisites

The following libraries are required:

  • GnuTLS
  • dconf
  • uuid
  • OpenSSL (optional)
  • NSS (optional)
  • gcr-3

Compiling

Run cmake to use the default options:

cmake .

Or use ccmake for a text-based configuration:

ccmake .

Or use cmake-gui for GUI configuration:

cmake-gui .

Add the following option for a debug build:

cmake -DCMAKE_BUILD_TYPE=Debug .

Compile and install:

make
sudo make install

Usage

API documentation is available after

make doc

For testing purposes a bin/certpatrol script is also provided that uses LD_PRELOAD to override certificate verification functionality of TLS libraries:

certpatrol curl -i https://en.wikipedia.org

About

Library for TLS certificate pinning and verification

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages