dane.h

Go to the documentation of this file.
00001 /*
00002  * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
00003  *                           Transport Layer Security (TLS) Protocol: TLSA
00004  *
00005  * Copyright (c) 2012, NLnet Labs. All rights reserved.
00006  *
00007  * See LICENSE for the license.
00008  *
00009  */
00010 
00023 #ifndef LDNS_DANE_H
00024 #define LDNS_DANE_H
00025 
00026 #include <ldns/common.h>
00027 #include <ldns/rdata.h>
00028 #include <ldns/rr.h>
00029 #if LDNS_BUILD_CONFIG_HAVE_SSL
00030 #include <openssl/ssl.h>
00031 #include <openssl/err.h>
00032 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00033 
00034 #ifdef __cplusplus
00035 extern "C" {
00036 #endif
00037 
00041 enum ldns_enum_tlsa_certificate_usage
00042 {
00044         LDNS_TLSA_USAGE_CA_CONSTRAINT                   = 0,
00046         LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT  = 1,
00048         LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION          = 2,
00050         LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE       = 3
00051 };
00052 typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
00053 
00057 enum ldns_enum_tlsa_selector
00058 {
00063         LDNS_TLSA_SELECTOR_FULL_CERTIFICATE     = 0,
00064 
00069         LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
00070 };
00071 typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
00072 
00076 enum ldns_enum_tlsa_matching_type
00077 {
00079         LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED    = 0,
00081         LDNS_TLSA_MATCHING_TYPE_SHA256          = 1,
00083         LDNS_TLSA_MATCHING_TYPE_SHA512          = 2
00084 };
00085 typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
00086 
00090 enum ldns_enum_dane_transport
00091 {
00093         LDNS_DANE_TRANSPORT_TCP  = 0,
00095         LDNS_DANE_TRANSPORT_UDP  = 1,
00097         LDNS_DANE_TRANSPORT_SCTP = 2
00098 };
00099 typedef enum ldns_enum_dane_transport ldns_dane_transport;
00100 
00101 
00112 ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
00113                 const ldns_rdf* name, uint16_t port,
00114                 ldns_dane_transport transport);
00115 
00116 
00117 #if LDNS_BUILD_CONFIG_HAVE_SSL
00118 
00129 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
00130                 ldns_tlsa_selector      selector,
00131                 ldns_tlsa_matching_type matching_type);
00132 
00133 
00162 ldns_status ldns_dane_select_certificate(X509** selected_cert,
00163                 X509* cert, STACK_OF(X509)* extra_certs,
00164                 X509_STORE* pkix_validation_store,
00165                 ldns_tlsa_certificate_usage cert_usage, int index);
00166 
00180 ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
00181                 ldns_tlsa_certificate_usage certificate_usage,
00182                 ldns_tlsa_selector          selector,
00183                 ldns_tlsa_matching_type     matching_type,
00184                 X509* cert);
00185 
00209 ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
00210                 X509* cert, STACK_OF(X509)* extra_certs,
00211                 X509_STORE* pkix_validation_store);
00212 
00234 ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
00235                 X509* cert, STACK_OF(X509)* extra_certs,
00236                 X509_STORE* pkix_validation_store);
00237 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00238 
00239 #ifdef __cplusplus
00240 }
00241 #endif
00242 
00243 #endif /* LDNS_DANE_H */
00244 

Generated on 25 Mar 2016 for ldns by  doxygen 1.6.1