.ad l .TH ldns 3 "30 May 2006" .SH NAME ldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate \- TLSA RR creation functions .SH SYNOPSIS #include .br #include .br .PP #include .PP ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509* cert); .PP ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, uint16_t port, ldns_dane_transport transport); .PP ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type); .PP ldns_status ldns_dane_select_certificate(X509** selected_cert, X509* cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int index); .PP .SH DESCRIPTION .HP \fIldns_dane_create_tlsa_rr\fR() Creates a \%TLSA resource record from the certificate. No \%PKIX validation is performed! The given certificate is used as data regardless the value of certificate_usage. \.br \fBtlsa\fR: The created \%TLSA resource record. \.br \fBcertificate_usage\fR: The value for the Certificate Usage field \.br \fBselector\fR: The value for the Selector field \.br \fBmatching_type\fR: The value for the Matching Type field \.br \fBcert\fR: The certificate which data will be represented \.br Returns \%LDNS_STATUS_OK on success or an error code otherwise. .PP .HP \fIldns_dane_create_tlsa_owner\fR() Creates a dname consisting of the given name, prefixed by the service port and type of transport: \%_<\%EM>port.\%_<\%EM>transport.<\%EM>name. \.br \fBtlsa_owner\fR: The created dname. \.br \fBname\fR: The dname that should be prefixed. \.br \fBport\fR: The service port number for which the name should be created. \.br \fBtransport\fR: The transport for which the name should be created. \.br Returns \%LDNS_STATUS_OK on success or an error code otherwise. .PP .HP \fIldns_dane_cert2rdf\fR() Creates a \%LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by the selector and encoded using matching_type. \.br \fBrdf\fR: The created created rdf of type \%LDNS_RDF_TYPE_HEX. \.br \fBcert\fR: The certificate from which the data is selected \.br \fBselector\fR: The full certificate or the public key \.br \fBmatching_type\fR: The full data or the SHA256 or SHA512 hash of the selected data \.br Returns \%LDNS_STATUS_OK on success or an error code otherwise. .PP .HP \fIldns_dane_select_certificate\fR() Selects the certificate from cert, extra_certs or the pkix_validation_store based on the value of cert_usage and index. \.br \fBselected_cert\fR: The selected cert. \.br \fBcert\fR: The certificate to validate (or not) \.br \fBextra_certs\fR: Intermediate certificates that might be necessary during validation. May be \%NULL, except when the certificate usage is "Trust Anchor Assertion" because the trust anchor has to be provided.(otherwise choose a "Domain issued certificate!" \.br \fBpkix_validation_store\fR: Used when the certificate usage is "\%CA constraint" or "Service Certificate Constraint" to validate the certificate and, in case of "\%CA constraint", select the \%CA. When pkix_validation_store is \%NULL, validation is explicitly turned off and the behaviour is then the same as for "Trust anchor assertion" and "Domain issued certificate" respectively. \.br \fBcert_usage\fR: Which certificate to use and how to validate. \.br \fBindex\fR: Used to select the trust anchor when certificate usage is "Trust Anchor Assertion". 0 is the last certificate in the validation chain. 1 the one but last, etc. When index is -1, the last certificate is used that \%MUST be self-signed. This can help to make sure that the intended (self signed) trust anchor is actually present in extra_certs (which is a \%DANE requirement). \.br Returns \%LDNS_STATUS_OK on success or an error code otherwise. .PP .SH AUTHOR The ldns team at NLnet Labs. .SH REPORTING BUGS Please report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.html .SH COPYRIGHT Copyright (c) 2004 - 2006 NLnet Labs. .PP Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. .SH SEE ALSO \fIldns_dane_verify\fR, \fIldns_dane_verify_rr\fR. And \fBperldoc Net::DNS\fR, \fBRFC1034\fR, \fBRFC1035\fR, \fBRFC4033\fR, \fBRFC4034\fR and \fBRFC4035\fR. .SH REMARKS This manpage was automatically generated from the ldns source code.