manpagez: man pages & more
man ldns_dane_cert2rdf(3)
Home | html | info | man
ldns(3)                                                                ldns(3)




NAME

       ldns_dane_create_tlsa_owner,  ldns_dane_cert2rdf, ldns_dane_select_cer-
       tificate, ldns_dane_create_tlsa_rr



SYNOPSIS

       #include <stdint.h>
       #include <stdbool.h>

       #include <ldns/ldns.h>

       ldns_status  ldns_dane_create_tlsa_owner(ldns_rdf**  tlsa_owner,  const
       ldns_rdf* name, uint16_t port, ldns_dane_transport transport);

       ldns_status     ldns_dane_cert2rdf(ldns_rdf**    rdf,    X509*    cert,
       ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type);

       ldns_status  ldns_dane_select_certificate(X509**  selected_cert,  X509*
       cert,  STACK_OF(X509)*  extra_certs, X509_STORE* pkix_validation_store,
       ldns_tlsa_certificate_usage cert_usage, int index);

       ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certifi-
       cate_usage      certificate_usage,     ldns_tlsa_selector     selector,
       ldns_tlsa_matching_type matching_type, X509* cert);




DESCRIPTION

       ldns_dane_create_tlsa_owner() Creates a dname consisting of  the  given
              name,  prefixed  by  the service port and type of transport: _<-
              EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.

              tlsa_owner: The created dname.
              name: The dname that should be prefixed.
              port: The service port number for wich the name should  be  cre-
              ated.
              transport: The transport for wich the name should be created.
              Returns LDNS_STATUS_OK on success or an error code otherwise.


       ldns_dane_cert2rdf()  Creates a LDNS_RDF_TYPE_HEX type rdf based on the
              binary data choosen by the selector  and  encoded  using  match-
              ing_type.

              rdf: The created created rdf of type LDNS_RDF_TYPE_HEX.
              cert: The certificate from which the data is selected
              selector: The full certificate or the public key
              matching_type: The full data or the SHA256 or SHA512 hash of the
              selected data
              Returns LDNS_STATUS_OK on success or an error code otherwise.


       ldns_dane_select_certificate()  Selects  the  certificate  from   cert,
              extra_certs  or  the pkix_validation_store based on the value of
              cert_usage and index.

              selected_cert: The selected cert.
              cert: The certificate to validate (or not)
              extra_certs: Intermediate certificates that might  be  necessary
              during  validation.  May  be  NULL,  except when the certificate
              usage is "Trust Anchor Assertion" because the trust  anchor  has
              to  be provided.(otherwise choose a "Domain issued certificate!"
              pkix_validation_store: Used when the certificate  usage  is  "CA
              constraint"  or "Service Certificate Constraint" to validate the
              certificate and, in case of  "CA  constraint",  select  the  CA.
              When  pkix_validation_store  is  NULL, validation is explicitely
              turned off and the behaviour is then  the  same  as  for  "Trust
              anchor  assertion" and "Domain issued certificate" respectively.
              cert_usage: Which certificate to use and how to validate.
              index: Used to select the trust anchor when certificate usage is
              "Trust Anchor Assertion". 0 is the last certificate in the vali-
              dation chain. 1 the one but last, etc. When  index  is  -1,  the
              last  certificate  is  used  that MUST be self-signed.  This can
              help to make sure that the intended (self signed)  trust  anchor
              is  actually  present  in  extra_certs (which is a DANE require-
              ment).

              Returns LDNS_STATUS_OK on success or an error code otherwise.


       ldns_dane_create_tlsa_rr() Creates a TLSA resource record from the cer-
              tificate.   No  PKIX validation is performed! The given certifi-
              cate is used as data regardless the value of  certificate_usage.

              tlsa: The created TLSA resource record.
              certificate_usage: The value for the Certificate Usage field
              selector: The value for the Selector field
              matching_type: The value for the Matching Type field
              cert: The certificate which data will be represented

              Returns LDNS_STATUS_OK on success or an error code otherwise.



AUTHOR

       The  ldns  team  at  NLnet Labs. Which consists out of Jelte Jansen and
       Miek Gieben.



REPORTING BUGS

       Please report bugs to ldns-team@nlnetlabs.nl  or  in  our  bugzilla  at
       http://www.nlnetlabs.nl/bugs/index.html



COPYRIGHT

       Copyright (c) 2004 - 2006 NLnet Labs.

       Licensed under the BSD License. There is NO warranty; not even for MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.



SEE ALSO

       ldns_dane_verify(3), ldns_dane_verify_rr(3). And perldoc Net::DNS(3),
       RFC1034, RFC1035, RFC4033, RFC4034  and RFC4035.


REMARKS

       This manpage was automaticly generated from the ldns source code by use
       of Doxygen and some perl.



                                  30 May 2006                          ldns(3)

ldns 1.6.17 - Generated Sun Feb 2 10:13:19 CST 2014
© manpagez.com 2000-2025
Individual documents may contain additional copyright information.