Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ldns(3)			   Library Functions Manual		       ldns(3)

NAME
       ldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner,
       ldns_dane_cert2rdf, ldns_dane_select_certificate	- TLSA RR creation
       functions

SYNOPSIS
       #include	<stdint.h>
       #include	<stdbool.h>

       #include	<ldns/ldns.h>

       ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certifi-
       cate_usage certificate_usage, ldns_tlsa_selector	selector,
       ldns_tlsa_matching_type matching_type, X509* cert);

       ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const
       ldns_rdf* name, uint16_t	port, ldns_dane_transport transport);

       ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
       ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type);

       ldns_status ldns_dane_select_certificate(X509** selected_cert, X509*
       cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store,
       ldns_tlsa_certificate_usage cert_usage, int index);

DESCRIPTION
       ldns_dane_create_tlsa_rr() Creates a TLSA resource record from the cer-
	      tificate.	 No PKIX validation is performed! The given certifi-
	      cate is used as data regardless the value	of certificate_usage.

	      tlsa: The	created	TLSA resource record.
	      certificate_usage: The value for the Certificate Usage field
	      selector:	The value for the Selector field
	      matching_type: The value for the Matching	Type field
	      cert: The	certificate which data will be represented

	      Returns LDNS_STATUS_OK on	success	or an error code otherwise.

       ldns_dane_create_tlsa_owner() Creates a dname consisting	of the given
	      name, prefixed by	the service port and type of transport:	_<-
	      EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.

	      tlsa_owner: The created dname.
	      name: The	dname that should be prefixed.
	      port: The	service	port number for	which the name should be cre-
	      ated.
	      transport: The transport for which the name should be created.
	      Returns LDNS_STATUS_OK on	success	or an error code otherwise.

       ldns_dane_cert2rdf() Creates a LDNS_RDF_TYPE_HEX	type rdf based on the
	      binary data chosen by the	selector and encoded using match-
	      ing_type.

	      rdf: The created created rdf of type LDNS_RDF_TYPE_HEX.
	      cert: The	certificate from which the data	is selected
	      selector:	The full certificate or	the public key
	      matching_type: The full data or the SHA256 or SHA512 hash	of the
	      selected data
	      Returns LDNS_STATUS_OK on	success	or an error code otherwise.

       ldns_dane_select_certificate() Selects the certificate from cert, ex-
	      tra_certs	or the pkix_validation_store based on the value	of
	      cert_usage and index.

	      selected_cert: The selected cert.
	      cert: The	certificate to validate	(or not)
	      extra_certs: Intermediate	certificates that might	be necessary
	      during validation. May be	NULL, except when the certificate us-
	      age is "Trust Anchor Assertion" because the trust	anchor has to
	      be provided.(otherwise choose a "Domain issued certificate!"
	      pkix_validation_store: Used when the certificate usage is	"CA
	      constraint" or "Service Certificate Constraint" to validate the
	      certificate and, in case of "CA constraint", select the CA.
	      When pkix_validation_store is NULL, validation is	explicitly
	      turned off and the behaviour is then the same as for "Trust an-
	      chor assertion" and "Domain issued certificate" respectively.
	      cert_usage: Which	certificate to use and how to validate.
	      index: Used to select the	trust anchor when certificate usage is
	      "Trust Anchor Assertion".	0 is the last certificate in the vali-
	      dation chain. 1 the one but last,	etc. When index	is -1, the
	      last certificate is used that MUST be self-signed.  This can
	      help to make sure	that the intended (self	signed)	trust anchor
	      is actually present in extra_certs (which	is a DANE require-
	      ment).

	      Returns LDNS_STATUS_OK on	success	or an error code otherwise.

AUTHOR
       The ldns	team at	NLnet Labs.

REPORTING BUGS
       Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
       http://www.nlnetlabs.nl/bugs/index.html

COPYRIGHT
       Copyright (c) 2004 - 2006 NLnet Labs.

       Licensed	under the BSD License. There is	NO warranty; not even for MER-
       CHANTABILITY or FITNESS FOR A PARTICULAR	PURPOSE.

SEE ALSO
       ldns_dane_verify, ldns_dane_verify_rr.  And perldoc Net::DNS, RFC1034,
       RFC1035,	RFC4033, RFC4034  and RFC4035.

REMARKS
       This manpage was	automatically generated	from the ldns source code.

				  30 May 2006			       ldns(3)

NAME | SYNOPSIS | DESCRIPTION | AUTHOR | REPORTING BUGS | COPYRIGHT | SEE ALSO | REMARKS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ldns_dane_create_tlsa_rr&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help