Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00023 #ifndef LDNS_DANE_H
00024 #define LDNS_DANE_H
00025 #if LDNS_BUILD_CONFIG_USE_DANE
00026
00027 #include <ldns/common.h>
00028 #include <ldns/rdata.h>
00029 #include <ldns/rr.h>
00030 #if LDNS_BUILD_CONFIG_HAVE_SSL
00031 #include <openssl/ssl.h>
00032 #include <openssl/err.h>
00033 #endif
00034
00035 #ifdef __cplusplus
00036 extern "C" {
00037 #endif
00038
00042 enum ldns_enum_tlsa_certificate_usage
00043 {
00045 LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
00047 LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
00049 LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
00051 LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
00052 };
00053 typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
00054
00058 enum ldns_enum_tlsa_selector
00059 {
00064 LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
00065
00070 LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
00071 };
00072 typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
00073
00077 enum ldns_enum_tlsa_matching_type
00078 {
00080 LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
00082 LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
00084 LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
00085 };
00086 typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
00087
00091 enum ldns_enum_dane_transport
00092 {
00094 LDNS_DANE_TRANSPORT_TCP = 0,
00096 LDNS_DANE_TRANSPORT_UDP = 1,
00098 LDNS_DANE_TRANSPORT_SCTP = 2
00099 };
00100 typedef enum ldns_enum_dane_transport ldns_dane_transport;
00101
00102
00113 ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
00114 const ldns_rdf* name, uint16_t port,
00115 ldns_dane_transport transport);
00116
00117
00118 #if LDNS_BUILD_CONFIG_HAVE_SSL
00119
00130 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
00131 ldns_tlsa_selector selector,
00132 ldns_tlsa_matching_type matching_type);
00133
00134
00163 ldns_status ldns_dane_select_certificate(X509** selected_cert,
00164 X509* cert, STACK_OF(X509)* extra_certs,
00165 X509_STORE* pkix_validation_store,
00166 ldns_tlsa_certificate_usage cert_usage, int index);
00167
00181 ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
00182 ldns_tlsa_certificate_usage certificate_usage,
00183 ldns_tlsa_selector selector,
00184 ldns_tlsa_matching_type matching_type,
00185 X509* cert);
00186
00210 ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
00211 X509* cert, STACK_OF(X509)* extra_certs,
00212 X509_STORE* pkix_validation_store);
00213
00235 ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
00236 X509* cert, STACK_OF(X509)* extra_certs,
00237 X509_STORE* pkix_validation_store);
00238 #endif
00239
00240 #ifdef __cplusplus
00241 }
00242 #endif
00243
00244 #endif
00245 #endif
00246