1ldns(3)                    Library Functions Manual                    ldns(3)
2
3
4

NAME

6       ldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner,
7       ldns_dane_cert2rdf, ldns_dane_select_certificate - TLSA RR creation
8       functions
9
10

SYNOPSIS

12       #include <stdint.h>
13       #include <stdbool.h>
14
15       #include <ldns/ldns.h>
16
17       ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certifi‐
18       cate_usage certificate_usage, ldns_tlsa_selector selector,
19       ldns_tlsa_matching_type matching_type, X509* cert);
20
21       ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const
22       ldns_rdf* name, uint16_t port, ldns_dane_transport transport);
23
24       ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
25       ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type);
26
27       ldns_status ldns_dane_select_certificate(X509** selected_cert, X509*
28       cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store,
29       ldns_tlsa_certificate_usage cert_usage, int index);
30

DESCRIPTION

32       ldns_dane_create_tlsa_rr() Creates a TLSA resource record from the cer‐
33              tificate.  No PKIX validation is performed! The given certifi‐
34              cate is used as data regardless the value of certificate_usage.
35
36              tlsa: The created TLSA resource record.
37              certificate_usage: The value for the Certificate Usage field
38              selector: The value for the Selector field
39              matching_type: The value for the Matching Type field
40              cert: The certificate which data will be represented
41
42              Returns LDNS_STATUS_OK on success or an error code otherwise.
43
44       ldns_dane_create_tlsa_owner() Creates a dname consisting of the given
45              name, prefixed by the service port and type of transport: _<‐
46              EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
47
48              tlsa_owner: The created dname.
49              name: The dname that should be prefixed.
50              port: The service port number for wich the name should be cre‐
51              ated.
52              transport: The transport for which the name should be created.
53              Returns LDNS_STATUS_OK on success or an error code otherwise.
54
55       ldns_dane_cert2rdf() Creates a LDNS_RDF_TYPE_HEX type rdf based on the
56              binary data chosen by the selector and encoded using match‐
57              ing_type.
58
59              rdf: The created created rdf of type LDNS_RDF_TYPE_HEX.
60              cert: The certificate from which the data is selected
61              selector: The full certificate or the public key
62              matching_type: The full data or the SHA256 or SHA512 hash of the
63              selected data
64              Returns LDNS_STATUS_OK on success or an error code otherwise.
65
66       ldns_dane_select_certificate() Selects the certificate from cert,
67              extra_certs or the pkix_validation_store based on the value of
68              cert_usage and index.
69
70              selected_cert: The selected cert.
71              cert: The certificate to validate (or not)
72              extra_certs: Intermediate certificates that might be necessary
73              during validation. May be NULL, except when the certificate
74              usage is "Trust Anchor Assertion" because the trust anchor has
75              to be provided.(otherwise choose a "Domain issued certificate!"
76              pkix_validation_store: Used when the certificate usage is "CA
77              constraint" or "Service Certificate Constraint" to validate the
78              certificate and, in case of "CA constraint", select the CA.
79              When pkix_validation_store is NULL, validation is explicitly
80              turned off and the behaviour is then the same as for "Trust
81              anchor assertion" and "Domain issued certificate" respectively.
82              cert_usage: Which certificate to use and how to validate.
83              index: Used to select the trust anchor when certificate usage is
84              "Trust Anchor Assertion". 0 is the last certificate in the vali‐
85              dation chain. 1 the one but last, etc. When index is -1, the
86              last certificate is used that MUST be self-signed.  This can
87              help to make sure that the intended (self signed) trust anchor
88              is actually present in extra_certs (which is a DANE require‐
89              ment).
90
91              Returns LDNS_STATUS_OK on success or an error code otherwise.
92

AUTHOR

94       The ldns team at NLnet Labs. Which consists out of Jelte Jansen and
95       Miek Gieben.
96
97

REPORTING BUGS

99       Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
100       http://www.nlnetlabs.nl/bugs/index.html
101
102

COPYRIGHT

104       Copyright (c) 2004 - 2006 NLnet Labs.
105
106       Licensed under the BSD License. There is NO warranty; not even for MER‐
107       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
108
109

SEE ALSO

111       ldns_dane_verify, ldns_dane_verify_rr.  And perldoc Net::DNS, RFC1034,
112       RFC1035, RFC4033, RFC4034  and RFC4035.
113

REMARKS

115       This manpage was automatically generated from the ldns source code by
116       use of Doxygen and some perl.
117
118
119
120                                  30 May 2006                          ldns(3)