ldns  1.7.0
dane.h
Go to the documentation of this file.
1 /*
2  * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
3  * Transport Layer Security (TLS) Protocol: TLSA
4  *
5  * Copyright (c) 2012, NLnet Labs. All rights reserved.
6  *
7  * See LICENSE for the license.
8  *
9  */
10 
23 #ifndef LDNS_DANE_H
24 #define LDNS_DANE_H
25 
26 #include <ldns/common.h>
27 #include <ldns/rdata.h>
28 #include <ldns/rr.h>
29 #if LDNS_BUILD_CONFIG_HAVE_SSL
30 #include <openssl/ssl.h>
31 #include <openssl/err.h>
32 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
33 
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37 
42 {
57 };
59 
64 {
71 
78 
81 };
83 
88 {
100 };
102 
107 {
114 };
116 
117 
118 #if LDNS_BUILD_CONFIG_USE_DANE
119 
130  const ldns_rdf* name, uint16_t port,
131  ldns_dane_transport transport);
132 
133 
134 #if LDNS_BUILD_CONFIG_HAVE_SSL
135 
146 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
147  ldns_tlsa_selector selector,
148  ldns_tlsa_matching_type matching_type);
149 
150 
179 ldns_status ldns_dane_select_certificate(X509** selected_cert,
180  X509* cert, STACK_OF(X509)* extra_certs,
181  X509_STORE* pkix_validation_store,
182  ldns_tlsa_certificate_usage cert_usage, int index);
183 
198  ldns_tlsa_certificate_usage certificate_usage,
199  ldns_tlsa_selector selector,
200  ldns_tlsa_matching_type matching_type,
201  X509* cert);
202 
243  X509* cert, STACK_OF(X509)* extra_certs,
244  X509_STORE* pkix_validation_store);
245 
280  X509* cert, STACK_OF(X509)* extra_certs,
281  X509_STORE* pkix_validation_store);
282 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
283 #endif /* LDNS_BUILD_CONFIG_USE_DANE */
284 
285 #ifdef __cplusplus
286 }
287 #endif
288 
289 #endif /* LDNS_DANE_H */
290 
SHA-512 hash of selected content [RFC6234].
Definition: dane.h:96
Full certificate: the Certificate binary structure as defined in [RFC5280].
Definition: dane.h:69
Defines ldns_rdf and functions to manipulate those.
List or Set of Resource Records.
Definition: rr.h:330
ldns_status ldns_dane_create_tlsa_owner(ldns_rdf **tlsa_owner, const ldns_rdf *name, uint16_t port, ldns_dane_transport transport)
Creates a dname consisting of the given name, prefixed by the service port and type of transport: _po...
Definition: dane.c:33
ldns_status ldns_dane_select_certificate(X509 **selected_cert, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int index)
Selects the certificate from cert, extra_certs or the pkix_validation_store based on the value of cer...
Definition: dane.c:348
Reserved for Private Use.
Definition: dane.h:99
ldns_enum_dane_transport
Known transports to use with TLSA owner names.
Definition: dane.h:106
Contains the definition of ldns_rr and functions to manipulate those.
SubjectPublicKeyInfo: DER-encoded binary structure as defined in [RFC5280].
Definition: dane.h:76
Resource Record.
Definition: rr.h:302
ldns_enum_tlsa_matching_type
The different "Matching type" rdata field values for a TLSA RR.
Definition: dane.h:87
ldns_status ldns_dane_verify(const ldns_rr_list *tlsas, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification functions instead of the ones pr...
Definition: dane.c:784
Trust anchor assertion.
Definition: dane.h:50
Reserved for Private Use.
Definition: dane.h:80
enum ldns_enum_dane_transport ldns_dane_transport
Definition: dane.h:115
Exact match on selected content.
Definition: dane.h:90
ldns_status ldns_dane_create_tlsa_rr(ldns_rr **tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509 *cert)
Creates a TLSA resource record from the certificate.
Definition: dane.c:454
CA constraint.
Definition: dane.h:44
enum ldns_enum_tlsa_selector ldns_tlsa_selector
Definition: dane.h:82
Reserved for Private Use.
Definition: dane.h:56
enum ldns_enum_status ldns_status
Definition: error.h:134
ldns_status ldns_dane_verify_rr(const ldns_rr *tlsa_rr, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
BEWARE! We strongly recommend to use OpenSSL 1.1.0 dane verification functions instead of the ones pr...
Definition: dane.c:601
enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type
Definition: dane.h:101
ldns_status ldns_dane_cert2rdf(ldns_rdf **rdf, X509 *cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type)
Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by the selector and encoded usin...
Definition: dane.c:77
Domain issued certificate.
Definition: dane.h:53
Resource record data field.
Definition: rdata.h:174
Sevice certificate constraint.
Definition: dane.h:47
ldns_enum_tlsa_certificate_usage
The different "Certificate usage" rdata field values for a TLSA RR.
Definition: dane.h:41
Common definitions for LDNS.
enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage
Definition: dane.h:58
SHA-256 hash of selected content [RFC6234].
Definition: dane.h:93
ldns_enum_tlsa_selector
The different "Selector" rdata field values for a TLSA RR.
Definition: dane.h:63