dane.h
Go to the documentation of this file.
1 /*
2  * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
3  * Transport Layer Security (TLS) Protocol: TLSA
4  *
5  * Copyright (c) 2012, NLnet Labs. All rights reserved.
6  *
7  * See LICENSE for the license.
8  *
9  */
10 
23 #ifndef LDNS_DANE_H
24 #define LDNS_DANE_H
25 #if LDNS_BUILD_CONFIG_USE_DANE
26 
27 #include <ldns/common.h>
28 #include <ldns/rdata.h>
29 #include <ldns/rr.h>
30 #if LDNS_BUILD_CONFIG_HAVE_SSL
31 #include <openssl/ssl.h>
32 #include <openssl/err.h>
33 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
42 enum ldns_enum_tlsa_certificate_usage
43 {
45  LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
47  LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
49  LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
51  LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
52 };
53 typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
54 
58 enum ldns_enum_tlsa_selector
59 {
64  LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
65 
70  LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
71 };
72 typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
73 
77 enum ldns_enum_tlsa_matching_type
78 {
80  LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
82  LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
84  LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
85 };
86 typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
87 
91 enum ldns_enum_dane_transport
92 {
94  LDNS_DANE_TRANSPORT_TCP = 0,
96  LDNS_DANE_TRANSPORT_UDP = 1,
98  LDNS_DANE_TRANSPORT_SCTP = 2
99 };
100 typedef enum ldns_enum_dane_transport ldns_dane_transport;
101 
102 
114  const ldns_rdf* name, uint16_t port,
115  ldns_dane_transport transport);
116 
117 
118 #if LDNS_BUILD_CONFIG_HAVE_SSL
119 
130 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
131  ldns_tlsa_selector selector,
132  ldns_tlsa_matching_type matching_type);
133 
134 
163 ldns_status ldns_dane_select_certificate(X509** selected_cert,
164  X509* cert, STACK_OF(X509)* extra_certs,
165  X509_STORE* pkix_validation_store,
166  ldns_tlsa_certificate_usage cert_usage, int index);
167 
182  ldns_tlsa_certificate_usage certificate_usage,
183  ldns_tlsa_selector selector,
184  ldns_tlsa_matching_type matching_type,
185  X509* cert);
186 
211  X509* cert, STACK_OF(X509)* extra_certs,
212  X509_STORE* pkix_validation_store);
213 
236  X509* cert, STACK_OF(X509)* extra_certs,
237  X509_STORE* pkix_validation_store);
238 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
239 
240 #ifdef __cplusplus
241 }
242 #endif
243 
244 #endif /* LDNS_BUILD_CONFIG_USE_DANE */
245 #endif /* LDNS_DANE_H */
246 
ldns_status ldns_dane_verify(ldns_rr_list *tlsas, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
Definition: dane.c:702
Defines ldns_rdf and functions to manipulate those.
List or Set of Resource Records.
Definition: rr.h:327
Contains the definition of ldns_rr and functions to manipulate those.
ldns_status ldns_dane_create_tlsa_rr(ldns_rr **tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509 *cert)
Definition: dane.c:454
Resource Record.
Definition: rr.h:299
ldns_status ldns_dane_select_certificate(X509 **selected_cert, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int offset)
Definition: dane.c:348
ldns_status ldns_dane_cert2rdf(ldns_rdf **rdf, X509 *cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type)
Definition: dane.c:77
ldns_status ldns_dane_create_tlsa_owner(ldns_rdf **tlsa_owner, const ldns_rdf *name, uint16_t port, ldns_dane_transport transport)
Definition: dane.c:33
ldns_status ldns_dane_verify_rr(const ldns_rr *tlsa_rr, X509 *cert, STACK_OF(X509) *extra_certs, X509_STORE *pkix_validation_store)
Definition: dane.c:597
enum ldns_enum_status ldns_status
Definition: error.h:131
Resource record data field.
Definition: rdata.h:166
Common definitions for LDNS.