ldns - Online Linux Manual PageSection : 3
Updated : 30 May 2006

NAMEldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate − TLSA RR creation functions

SYNOPSIS#include <stdint.h>
#include <stdbool.h>
#include <ldns/ldns.h> ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509* cert); ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, uint16_t port, ldns_dane_transport transport); ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type); ldns_status ldns_dane_select_certificate(X509** selected_cert, X509* cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int index);

DESCRIPTIONldns_dane_create_tlsa_rr() Creates a ­TLSA resource record from the certificate. No ­PKIX validation is performed! The given certificate is used as data regardless the value of certificate_usage.
tlsa: The created ­TLSA resource record.
certificate_usage: The value for the Certificate Usage field
selector: The value for the Selector field
matching_type: The value for the Matching Type field
cert: The certificate which data will be represented
Returns ­LDNS_STATUS_OK on success or an error code otherwise.
ldns_dane_create_tlsa_owner() Creates a dname consisting of the given name, prefixed by the service port and type of transport: ­_<­EM>port</­EM>.­_<­EM>transport</­EM>.<­EM>name</­EM>.
tlsa_owner: The created dname.
name: The dname that should be prefixed.
port: The service port number for which the name should be created.
transport: The transport for which the name should be created.
Returns ­LDNS_STATUS_OK on success or an error code otherwise.
ldns_dane_cert2rdf() Creates a ­LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by the selector and encoded using matching_type.
rdf: The created created rdf of type ­LDNS_RDF_TYPE_HEX.
cert: The certificate from which the data is selected
selector: The full certificate or the public key
matching_type: The full data or the SHA256 or SHA512 hash of the selected data
Returns ­LDNS_STATUS_OK on success or an error code otherwise.
ldns_dane_select_certificate() Selects the certificate from cert, extra_certs or the pkix_validation_store based on the value of cert_usage and index.
selected_cert: The selected cert.
cert: The certificate to validate (or not)
extra_certs: Intermediate certificates that might be necessary during validation. May be ­NULL, except when the certificate usage is "Trust Anchor Assertion" because the trust anchor has to be provided.(otherwise choose a "Domain issued certificate!"
pkix_validation_store: Used when the certificate usage is "­CA constraint" or "Service Certificate Constraint" to validate the certificate and, in case of "­CA constraint", select the ­CA. When pkix_validation_store is ­NULL, validation is explicitly turned off and the behaviour is then the same as for "Trust anchor assertion" and "Domain issued certificate" respectively.
cert_usage: Which certificate to use and how to validate.
index: Used to select the trust anchor when certificate usage is "Trust Anchor Assertion". 0 is the last certificate in the validation chain. 1 the one but last, etc. When index is -1, the last certificate is used that ­MUST be self-signed. This can help to make sure that the intended (self signed) trust anchor is actually present in extra_certs (which is a ­DANE requirement).
Returns ­LDNS_STATUS_OK on success or an error code otherwise.

AUTHORThe ldns team at NLnet Labs.

REPORTING BUGSPlease report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.html

COPYRIGHTCopyright (c) 2004 - 2006 NLnet Labs. Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSOldns_dane_verify, ldns_dane_verify_rr. And perldoc Net::DNS, RFC1034, RFC1035, RFC4033, RFC4034 and RFC4035.

REMARKSThis manpage was automatically generated from the ldns source code.
0
Johanes Gumabo
Data Size   :   12,733 byte
man-l___dns_dane_cert2rdf.3Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   3 / 202,167
Visitor ID   :     :  
Visitor IP   :   3.141.198.75   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.