In a nutshell, DANE means: check the SSL certificate fingerprint against a DNS record.
What I'd like to do is: in a HTTPS request:
- Check the regular SSL cert; If ok, done!
- if it's a self signed cert (or failed to validate for any other reason) check the DNS for DANE records
I can implement the 2. work using rejectUnauthorized: false, but that means I'm skipping the 1.
Is it possible to intercept/replace the function that decides if a SSL cert is valid or not?
