1ldns(3) Library Functions Manual ldns(3)
2
6 ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist, ldns_ver‐
7 ify_rrsig_keylist_notime, ldns_verify_notime - verify rrsigs
8
11 #include <stdint.h>
12 #include <stdbool.h>
13 #include <ldns/ldns.h>
15 ldns_status ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const
17 ldns_rr_list *keys, ldns_rr_list *good_keys);
18 ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig,
20 ldns_rr *key);
21 ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, ldns_rr
23 *rrsig, const ldns_rr_list *keys, ldns_rr_list *good_keys);
24 ldns_status ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset,
26 const ldns_rr *rrsig, const ldns_rr_list *keys, ldns_rr_list
27 *good_keys);
28 ldns_status ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list
30 *rrsig, const ldns_rr_list *keys, ldns_rr_list *good_keys);
31
33 ldns_verify() Verifies a list of signatures for one rrset.
34 rrset: the rrset to verify
36 rrsig: a list of signatures to check
37 keys: a list of keys to check with
38 good_keys: if this is a (initialized) list, the pointer to keys
39 from keys that validate one of the signatures are added to it
40 Returns status LDNS_STATUS_OK if there is at least one correct
41 key
42 ldns_verify_rrsig() verify an rrsig with 1 key
44 rrset: the rrset
45 rrsig: the rrsig to verify
46 key: the key to use
47 Returns status message wether verification succeeded.
48 ldns_verify_rrsig_keylist() Verifies an rrsig. All keys in the keyset
50 are tried.
51 rrset: the rrset to check
52 rrsig: the signature of the rrset
53 keys: the keys to try
54 good_keys: if this is a (initialized) list, the pointer to keys
55 from keys that validate one of the signatures are added to it
56 Returns a list of keys which validate the rrsig + rrset. Returns
57 status LDNS_STATUS_OK if at least one key matched. Else an
58 error.
59 ldns_verify_rrsig_keylist_notime() Verifies an rrsig. All keys in the
61 keyset are tried. Time is not checked.
62 rrset: the rrset to check
63 rrsig: the signature of the rrset
64 keys: the keys to try
65 good_keys: if this is a (initialized) list, the pointer to keys
66 from keys that validate one of the signatures are added to it
67 Returns a list of keys which validate the rrsig + rrset. Returns
68 status LDNS_STATUS_OK if at least one key matched. Else an
69 error.
70 ldns_verify_notime() Verifies a list of signatures for one rrset, but
72 disregard the time. Inception and Expiration are not checked.
73 rrset: the rrset to verify
75 rrsig: a list of signatures to check
76 keys: a list of keys to check with
77 good_keys: if this is a (initialized) list, the pointer to keys
78 from keys that validate one of the signatures are added to it
79 Returns status LDNS_STATUS_OK if there is at least one correct
80 key
81
83 The ldns team at NLnet Labs. Which consists out of Jelte Jansen and
84 Miek Gieben.
85
88 Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
89 http://www.nlnetlabs.nl/bugs/index.html
90
93 Copyright (c) 2004 - 2006 NLnet Labs.
94 Licensed under the BSD License. There is NO warranty; not even for MER‐
96 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
97
100 ldns_verify_rrsig_evp, ldns_verify_rrsig_dsa, ldns_ver‐
101 ify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public,
102 ldns_zone_sign, ldns_key. And perldoc Net::DNS, RFC1034, RFC1035,
103 RFC4033, RFC4034 and RFC4035.
104
106 This manpage was automatically generated from the ldns source code by
107 use of Doxygen and some perl.
108 30 May 2006 ldns(3)