NAME ldnsdanecreatetlsaowner, ldnsdanecert2rdf, ldnsdaneselectcer‐ tificate, ldnsdanecreatetlsarr SYNOPSIS
#include
#include
#include
ldnsstatus ldnsdanecreatetlsaowner(ldnsrdf** tlsaowner, const ldnsrdf* name, uint16t port, ldnsdanetransport transport); ldnsstatus ldnsdanecert2rdf(ldnsrdf** rdf, X509* cert, ldnstlsaselector selector, ldnstlsamatchingtype matchingtype); ldnsstatus ldnsdaneselectcertificate(X509** selectedcert, X509* cert, STACKOF(X509)* extracerts, X509STORE* pkixvalidationstore, ldnstlsacertificateusage certusage, int index); ldnsstatus ldnsdanecreatetlsarr(ldnsrr** tlsa, ldnstlsacertifi‐ cateusage certificateusage, ldnstlsaselector selector, ldnstlsamatchingtype matchingtype, X509* cert); DESCRIPTION ldnsdanecreatetlsaowner() Creates a dname consisting of the given name, prefixed by the service port and type of transport: <‐ EM>port.transport.name. tlsaowner: The created dname. name: The dname that should be prefixed. port: The service port number for wich the name should be cre‐ ated. transport: The transport for wich the name should be created. Returns LDNSSTATUSOK on success or an error code otherwise. ldnsdanecert2rdf() Creates a LDNSRDFTYPEHEX type rdf based on the binary data choosen by the selector and encoded using match‐ ingtype. rdf: The created created rdf of type LDNSRDFTYPEHEX. cert: The certificate from which the data is selected selector: The full certificate or the public key matchingtype: The full data or the SHA256 or SHA512 hash of the selected data Returns LDNSSTATUSOK on success or an error code otherwise. ldnsdaneselectcertificate() Selects the certificate from cert, extracerts or the pkixvalidationstore based on the value of certusage and index. selectedcert: The selected cert. cert: The certificate to validate (or not) extracerts: Intermediate certificates that might be necessary during validation. May be NULL, except when the certificate usage is "Trust Anchor Assertion" because the trust anchor has to be provided.(otherwise choose a "Domain issued certificate!" pkixvalidationstore: Used when the certificate usage is "CA constraint" or "Service Certificate Constraint" to validate the certificate and, in case of "CA constraint", select the CA. When pkixvalidationstore is NULL, validation is explicitely turned off and the behaviour is then the same as for "Trust anchor assertion" and "Domain issued certificate" respectively. certusage: Which certificate to use and how to validate. index: Used to select the trust anchor when certificate usage is "Trust Anchor Assertion". 0 is the last certificate in the vali‐ dation chain. 1 the one but last, etc. When index is -1, the
last certificate is used that MUST be self-signed. This can help to make sure that the intended (self signed) trust anchor is actually present in extracerts (which is a DANE require‐ ment). Returns LDNSSTATUSOK on success or an error code otherwise. ldnsdanecreatetlsarr() Creates a TLSA resource record from the cer‐ tificate. No PKIX validation is performed! The given certifi‐ cate is used as data regardless the value of certificateusage. tlsa: The created TLSA resource record. certificateusage: The value for the Certificate Usage field selector: The value for the Selector field matchingtype: The value for the Matching Type field cert: The certificate which data will be represented Returns LDNSSTATUSOK on success or an error code otherwise. AUTHOR The ldns team at NLnet Labs. Which consists out of Jelte Jansen and Miek Gieben. REPORTING BUGS
Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.html COPYRIGHT
Copyright (c) 2004 - 2006 NLnet Labs. Licensed under the BSD License. There is NO warranty; not even for MER‐ CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. SEE ALSO ldnsdaneverify, ldnsdaneverifyrr. And perldoc Net::DNS, RFC1034, RFC1035, RFC4033, RFC4034 and RFC4035. REMARKS This manpage was automaticly generated from the ldns source code by use of Doxygen and some perl. 30 May 2006 ldns(3)