[DNS] TLSA records [HTTPS] DANE request

[Falci]

Is your feature request related to a problem? Please describe.
I'd like to make an HTTPS request to a server that uses a self-signed certificate that follows the DANE protocol (Wikipedia)

Describe the solution you'd like
I believe the best option would be an extra option on HTTPS request:

https.get('https://example.com', {dane: true})

Describe alternatives you've considered
I tried to create a new https.Agent that forces rejectUnauthorized: false;
Then, I got the tlsSocket instance in the keylog event and added a listener for the secureConnect event;
This moment I realised that the DNS api don't have a resolveTLSA.
Not sure how to continue from here.

[gireeshpunathil]

@nodejs/dns

[github-actions]

There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment.

For more information on how the project manages feature requests, please consult the feature request management document.

[rithvikvibhu]

This request is a bit old, but I'd like to +1, it would be really helpful.

Even if dane isn't added to https, at least resolveTLSA can be.

Looks like it's just adding a few lines next to

node/lib/dns.js

Line 304 in 1000eb1

Resolver.prototype.resolveTxt = resolveMap.TXT = resolver('queryTxt');

and

node/src/cares_wrap.h

Line 457 in 3914354

static constexpr const char* name = "resolveTxt";

For reference, I'm looking at how resolveTxt was added: d9c67ae

[bnoordhuis]

The first step would be to add TLSA support to upstream c-ares, then add a binding to node.

[Iso5786]

In some time I also would be in need of this feature.