1ldns(3) Library Functions Manual ldns(3)
2
6 ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist, ldns_ver‐
7 ify_rrsig_keylist_notime, ldns_verify_notime - verify rrsigs
8
11 #include <stdint.h>
12 #include <stdbool.h>
13 #include <ldns/ldns.h>
15 ldns_status ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const
17 ldns_rr_list *keys, ldns_rr_list *good_keys);
18 ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig,
20 ldns_rr *key);
21 ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, ldns_rr
23 *rrsig, const ldns_rr_list *keys, ldns_rr_list *good_keys);
24 ldns_status ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset,
26 const ldns_rr *rrsig, const ldns_rr_list *keys, ldns_rr_list
27 *good_keys);
28 ldns_status ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list
30 *rrsig, const ldns_rr_list *keys, ldns_rr_list *good_keys);
31
33 ldns_verify() Verifies a list of signatures for one rrset.
34 rrset: the rrset to verify
36 rrsig: a list of signatures to check
37 keys: a list of keys to check with
38 good_keys: if this is a (initialized) list, the pointer to keys
39 from keys that validate one of the signatures are added to it
40 Returns status LDNS_STATUS_OK if there is at least one correct
41 key
42 ldns_verify_rrsig() verify an rrsig with 1 key
44 rrset: the rrset
45 rrsig: the rrsig to verify
46 key: the key to use
47 Returns status message whether verification succeeded.
48 ldns_verify_rrsig_keylist() Verifies an rrsig. All keys in the keyset
50 are tried.
51 rrset: the rrset to check
52 rrsig: the signature of the rrset
53 keys: the keys to try
54 good_keys: if this is a (initialized) list, the pointer to keys
55 from keys that validate one of the signatures are added to it
56 Returns a list of keys which validate the rrsig + rrset. Returns
57 status LDNS_STATUS_OK if at least one key matched. Else an er‐
58 ror.
59 ldns_verify_rrsig_keylist_notime() Verifies an rrsig. All keys in the
61 keyset are tried. Time is not checked.
62 rrset: the rrset to check
63 rrsig: the signature of the rrset
64 keys: the keys to try
65 good_keys: if this is a (initialized) list, the pointer to keys
66 from keys that validate one of the signatures are added to it
67 Returns a list of keys which validate the rrsig + rrset. Returns
68 status LDNS_STATUS_OK if at least one key matched. Else an er‐
69 ror.
70 ldns_verify_notime() Verifies a list of signatures for one rrset, but
72 disregard the time. Inception and Expiration are not checked.
73 rrset: the rrset to verify
75 rrsig: a list of signatures to check
76 keys: a list of keys to check with
77 good_keys: if this is a (initialized) list, the pointer to keys
78 from keys that validate one of the signatures are added to it
79 Returns status LDNS_STATUS_OK if there is at least one correct
80 key
81
83 The ldns team at NLnet Labs.
84
87 Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at
88 http://www.nlnetlabs.nl/bugs/index.html
89
92 Copyright (c) 2004 - 2006 NLnet Labs.
93 Licensed under the BSD License. There is NO warranty; not even for MER‐
95 CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
96
99 ldns_verify_rrsig_evp, ldns_verify_rrsig_dsa, ldns_ver‐
100 ify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public,
101 ldns_zone_sign, ldns_key. And perldoc Net::DNS, RFC1034, RFC1035,
102 RFC4033, RFC4034 and RFC4035.
103
105 This manpage was automatically generated from the ldns source code.
106 30 May 2006 ldns(3)