1ldns(3)                    Library Functions Manual                    ldns(3)
2
3
4

NAME

6       ldns_dane_create_tlsa_owner,  ldns_dane_cert2rdf, ldns_dane_select_cer‐
7       tificate, ldns_dane_create_tlsa_rr
8
9

SYNOPSIS

11       #include <stdint.h>
12       #include <stdbool.h>
13
14       #include <ldns/ldns.h>
15
16       ldns_status  ldns_dane_create_tlsa_owner(ldns_rdf**  tlsa_owner,  const
17       ldns_rdf* name, uint16_t port, ldns_dane_transport transport);
18
19       ldns_status     ldns_dane_cert2rdf(ldns_rdf**    rdf,    X509*    cert,
20       ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type);
21
22       ldns_status  ldns_dane_select_certificate(X509**  selected_cert,  X509*
23       cert,  STACK_OF(X509)*  extra_certs, X509_STORE* pkix_validation_store,
24       ldns_tlsa_certificate_usage cert_usage, int index);
25
26       ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certifi‐
27       cate_usage      certificate_usage,     ldns_tlsa_selector     selector,
28       ldns_tlsa_matching_type matching_type, X509* cert);
29

DESCRIPTION

31       ldns_dane_create_tlsa_owner() Creates a dname consisting of  the  given
32              name,  prefixed  by  the service port and type of transport: _<‐
33              EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
34
35              tlsa_owner: The created dname.
36              name: The dname that should be prefixed.
37              port: The service port number for wich the name should  be  cre‐
38              ated.
39              transport: The transport for wich the name should be created.
40              Returns LDNS_STATUS_OK on success or an error code otherwise.
41
42       ldns_dane_cert2rdf()  Creates a LDNS_RDF_TYPE_HEX type rdf based on the
43              binary data choosen by the selector  and  encoded  using  match‐
44              ing_type.
45
46              rdf: The created created rdf of type LDNS_RDF_TYPE_HEX.
47              cert: The certificate from which the data is selected
48              selector: The full certificate or the public key
49              matching_type: The full data or the SHA256 or SHA512 hash of the
50              selected data
51              Returns LDNS_STATUS_OK on success or an error code otherwise.
52
53       ldns_dane_select_certificate()  Selects  the  certificate  from   cert,
54              extra_certs  or  the pkix_validation_store based on the value of
55              cert_usage and index.
56
57              selected_cert: The selected cert.
58              cert: The certificate to validate (or not)
59              extra_certs: Intermediate certificates that might  be  necessary
60              during  validation.  May  be  NULL,  except when the certificate
61              usage is "Trust Anchor Assertion" because the trust  anchor  has
62              to be provided.(otherwise choose a "Domain issued certificate!"
63              pkix_validation_store:  Used  when  the certificate usage is "CA
64              constraint" or "Service Certificate Constraint" to validate  the
65              certificate  and,  in  case  of  "CA constraint", select the CA.
66              When pkix_validation_store is NULL,  validation  is  explicitely
67              turned  off  and  the  behaviour  is then the same as for "Trust
68              anchor assertion" and "Domain issued certificate" respectively.
69              cert_usage: Which certificate to use and how to validate.
70              index: Used to select the trust anchor when certificate usage is
71              "Trust Anchor Assertion". 0 is the last certificate in the vali‐
72              dation chain. 1 the one but last, etc. When  index  is  -1,  the
73              last  certificate  is  used  that MUST be self-signed.  This can
74              help to make sure that the intended (self signed)  trust  anchor
75              is  actually  present  in  extra_certs (which is a DANE require‐
76              ment).
77
78              Returns LDNS_STATUS_OK on success or an error code otherwise.
79
80       ldns_dane_create_tlsa_rr() Creates a TLSA resource record from the cer‐
81              tificate.   No  PKIX validation is performed! The given certifi‐
82              cate is used as data regardless the value of certificate_usage.
83
84              tlsa: The created TLSA resource record.
85              certificate_usage: The value for the Certificate Usage field
86              selector: The value for the Selector field
87              matching_type: The value for the Matching Type field
88              cert: The certificate which data will be represented
89
90              Returns LDNS_STATUS_OK on success or an error code otherwise.
91

AUTHOR

93       The ldns team at NLnet Labs. Which consists out  of  Jelte  Jansen  and
94       Miek Gieben.
95
96

REPORTING BUGS

98       Please  report  bugs  to  ldns-team@nlnetlabs.nl  or in our bugzilla at
99       http://www.nlnetlabs.nl/bugs/index.html
100
101
103       Copyright (c) 2004 - 2006 NLnet Labs.
104
105       Licensed under the BSD License. There is NO warranty; not even for MER‐
106       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
107
108

SEE ALSO

110       ldns_dane_verify,  ldns_dane_verify_rr.  And perldoc Net::DNS, RFC1034,
111       RFC1035, RFC4033, RFC4034  and RFC4035.
112

REMARKS

114       This manpage was automaticly generated from the ldns source code by use
115       of Doxygen and some perl.
116
117
118
119                                  30 May 2006                          ldns(3)
Impressum