Manual Pages for Linux CentOS command on man ldns_dane_verify
MyWebUniversity

Manual Pages for Linux CentOS command on man ldns_dane_verify

ldns(3) Library Functions Manual ldns(3)




NAME
       ldnsdaneverify, ldnsdaneverifyrr


SYNOPSIS

       #include 

       #include 


       #include 

       ldnsstatus    ldnsdaneverify(ldnsrrlist*    tlsas,   X509*   cert,
       STACKOF(X509)* extracerts, X509STORE* pkixvalidationstore);

       ldnsstatus ldnsdaneverifyrr(const  ldnsrr*  tlsarr,  X509*  cert,
       STACKOF(X509)* extracerts, X509STORE* pkixvalidationstore);

DESCRIPTION
       ldnsdaneverify()  Verify  if  any  of the given TLSA resource records
              matches the given certificate.

              tlsas: The resource records that specify what and how  to  match
              the  certificate.  One  must match for this function to succeed.
              With tlsas == NULL or the number of TLSA records in tlsas ==  0,
              regular PKIX validation is performed.
              cert: The certificate to match (and validate)
              extracerts:  Intermediate  certificates that might be necessary
              creating the validation chain.
              pkixvalidationstore: Used when the certificate  usage  is  "CA
              constraint"  or "Service Certificate Constraint" to validate the
              certificate.

              Returns           LDNSSTATUSOK           on           success,
              LDNSSTATUSDANEPKIXDIDNOTVALIDATE  when  one  of the TLSA's
              matched      but      the      PKIX      validation      failed,
              LDNSSTATUSDANETLSADIDNOTMATCH  when  none  of  the  TLSA's
              matched, or other ldnsstatus errors.

       ldnsdaneverifyrr() Verify if the given TLSA resource record  matches
              the  given  certificate.   Reporting  on  a  TLSA rr mismatch (‐
              LDNSSTATUSDANETLSADIDNOTMATCH)  is  preferred  over   PKIX
              failure  (LDNSSTATUSDANEPKIXDIDNOTVALIDATE).  So when PKIX
              validation is required by the TLSA Certificate  usage,  but  the
              TLSA data does not match, LDNSSTATUSDANETLSADIDNOTMATCH is
              returned whether the PKIX validated or not.

              tlsarr: The resource record that  specifies  what  and  how  to
              match  the certificate. With tlsarr == NULL, regular PKIX vali‐
              dation is performed.
              cert: The certificate to match (and validate)
              extracerts: Intermediate certificates that might  be  necessary
              creating the validation chain.
              pkixvalidationstore:  Used  when  the certificate usage is "CA
              constraint" or "Service Certificate Constraint" to validate  the
              certificate.

              Returns           LDNSSTATUSOK           on           success,
              LDNSSTATUSDANETLSADIDNOTMATCH  on  TLSA   data   mismatch,
              LDNSSTATUSDANEPKIXDIDNOTVALIDATE  when  TLSA  matched, but
              the PKIX validation failed, or other ldnsstatus errors.

AUTHOR
       The ldns team at NLnet Labs. Which consists out  of  Jelte  Jansen  and
       Miek Gieben.


REPORTING BUGS

       Please  report  bugs  to  ldns-team@nlnetlabs.nl  or in our bugzilla at
       http://www.nlnetlabs.nl/bugs/index.html


COPYRIGHT

       Copyright (c) 2004 - 2006 NLnet Labs.

       Licensed under the BSD License. There is NO warranty; not even for MER‐
       CHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


SEE ALSO
       ldnsdanecreatetlsaowner,  ldnsdanecert2rdf, ldnsdaneselectcer‐
       tificate, ldnsdanecreatetlsarr.   And  perldoc  Net::DNS,  RFC1034,
       RFC1035, RFC4033, RFC4034  and RFC4035.

REMARKS
       This manpage was automaticly generated from the ldns source code by use
       of Doxygen and some perl.



                                  30 May 2006                          ldns(3)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™