Man page - ldns_dane_create_tlsa_rr(3)

Packages contains this manual

Package:  libldns-dev
apt-get install libldns-dev

Manuals in package:
• ldns_rr2wire(3)
• ldns_buffer_new(3)
• ldns_buffer_export(3)
• ldns_rr_list2str(3)
• ldns_pkt_set_edns_udp_size(3)
• ldns_pkt_set_edns_version(3)
• ldns_dnssec_rrsets_new(3)
• ldns_getaddrinfo(3)
• ldns_pkt_query_new_frm_str(3)
• ldns_dnssec_data_chain(3)
• ldns_rr_rrsig_set_keytag(3)
• ldns_dnssec_derive_trust_tree_dnskey_rrset(3)
• ldns_buffer_copy(3)
• ldns_key_list_push_key(3)
• ldns_rr_dnskey_set_algorithm(3)
• ldns_pkt_verify(3)
• ldns_pkt_set_rd(3)
• ldns_pkt_edns_extended_rcode(3)
• ldns_dnssec_trust_tree_contains_keys(3)
• ldns_update_set_zocount(3)
• ldns_rr_rrsig_origttl(3)
• ldns_buffer_read_u32_at(3)
• ldns_dnssec_zone_sign(3)
• ldns_b32_ntop_calculate_size(3)
• ldns_rr_get_class(3)
• ldns_verify(3)
• ldns_rr_set_ttl(3)
• ldns_dnssec_name_new_frm_rr(3)
• ldns_dnssec_rrs_new(3)
• ldns_key_new_frm_fp_dsa_l(3)
• ldns_rr_mx_preference(3)
• ldns_pkt_set_aa(3)
• ldns_rr_rdf(3)
• ldns_zone_new_frm_fp_l(3)
• ldns_rdf_new(3)
• ldns_duration2string(3)
• ldns_rr2canonical(3)
• ldns_key_pubkey_owner(3)
• ldns_bgetc(3)
• ldns_pkt_aa(3)
• ldns_pkt_tc(3)
• ldns_create_nsec(3)
• ldns_rr_list(3)
• ldns_pkt_set_qr(3)
• ldns_rr_set_class(3)
• ldns_rr_list_new(3)
• ldns_pkt_set_flags(3)
• ldns_pkt_set_tc(3)
• ldns_pkt2str(3)
• ldns_rr_rrsig_signame(3)
• ldns_rr_compress(3)
• ldns_dnssec_zone_new(3)
• ldns_update_pkt_tsig_add(3)
• ldns_buffer_flip(3)
• ldns_dnssec_derive_trust_tree_no_sig(3)
• ldns_bubblebabble(3)
• ldns_key_list_key(3)
• ldns_rr_dnskey_key(3)
• ldns_rr_descript(3)
• ldns_duration_create_from_string(3)
• ldns_pkt_query_new(3)
• ldns_dnssec_rrsets_print(3)
• ldns_zone_push_rr_list(3)
• ldns_rr_label_count(3)
• ldns_pkt_answerfrom(3)
• ldns_dnssec_name_node_next_nonglue(3)
• ldns_pkt_question(3)
• ldns_str2period(3)
• ldns_dname_new(3)
• ldns_key_new(3)
• ldns_rr_rrsig_sig(3)
• ldns_zone_new(3)
• ldns_verify_notime(3)
• ldns_rdf2buffer_str_hex(3)
• ldns_dnssec_zone_create_nsecs(3)
• ldns_rdf_type(3)
• ldns_rr_rd_count(3)
• ldns_rdf2buffer_wire(3)
• ldns_rdf2buffer_str_b64(3)
• ldns_key_set_algorithm(3)
• ldns_pkt_cd(3)
• ldns_buffer_at(3)
• ldns_update_upcount(3)
• ldns_rr_set_pop_rr(3)
• ldns_rdf2buffer_str_nsap(3)
• ldns_rr_descriptor_minimum(3)
• ldns_rr_new(3)
• ldns_key_list_free(3)
• ldns_dnssec_data_chain_print(3)
• ldns_verify_rrsig_keylist_notime(3)
• ldns_rdf2wire(3)
• ldns_buffer_write(3)
• ldns_dane_verify_rr(3)
• ldns_sign_public(3)
• ldns_pkt_size(3)
• ldns_pkt_set_ra(3)
• ldns_key_set_keytag(3)
• ldns_dane_create_tlsa_owner(3)
• ldns_rr_new_frm_fp(3)
• ldns_fget_token(3)
• ldns_buffer_read_u16(3)
• ldns_key_rr2ds(3)
• ldns_dane_cert2rdf(3)
• ldns_pkt_rd(3)
• ldns_octet(3)
• ldns_dnssec_rrsets_type(3)
• ldns_dname_label_count(3)
• ldns_pkt_set_arcount(3)
• ldns_rr_rrsig_set_inception(3)
• ldns_dnssec_build_data_chain(3)
• ldns_buffer_end(3)
• ldns_pkt_set_querytime(3)
• ldns_rr_rrsig_inception(3)
• ldns_fskipcs(3)
• ldns_rdf_deep_free(3)
• ldns_pkt_rr_list_by_name_and_type(3)
• ldns_dnssec_zone_sign_nsec3(3)
• ldns_duration2time(3)
• ldns_key_print(3)
• ldns_rdf2buffer_str_int16(3)
• ldns_buffer_set_limit(3)
• ldns_key_origttl(3)
• ldns_key_expiration(3)
• ldns_key2str(3)
• ldns_rr_owner(3)
• ldns_rr2str(3)
• ldns_pkt_new(3)
• ldns_buffer_export2str(3)
• ldns_rr_rrsig_keytag(3)
• ldns_buffer_free(3)
• ldns_dnssec_name(3)
• ldns_rr_set_push_rr(3)
• ldns_rdf2buffer_str_str(3)
• ldns_get_rr_class_by_name(3)
• ldns_dnssec_zone_mark_glue(3)
• ldns_zone_rrs(3)
• ldns_sign_public_rsamd5(3)
• ldns_rdf2buffer_str_class(3)
• ldns_dnssec_zone_add_empty_nonterminals(3)
• ldns_dnssec_remove_signatures(3)
• ldns_dname_new_frm_data(3)
• ldns_update_set_adcount(3)
• ldns_pkt_section(3)
• ldns_buffer_read_at(3)
• ldns_buffer_read_u16_at(3)
• ldns_dnssec_zone_print(3)
• ldns_rdf(3)
• ldns_rr_dnskey_flags(3)
• ldns_pkt_print(3)
• ldns_rr_set_rdf(3)
• ldns_pkt_querytime(3)
• ldns_rr_rrsig_expiration(3)
• ldns_get_rr_list_hosts_frm_fp_l(3)
• ldns_rr_rrsig_set_origttl(3)
• ldns_key_inception(3)
• ldns_buffer_status_ok(3)
• ldns_zone_deep_free(3)
• ldns_verify_rrsig_rsasha1(3)
• ldns_zone_free(3)
• ldns_buffer_current(3)
• ldns_key_buf2rsa(3)
• ldns_dnssec_rrsets_set_type(3)
• ldns_rdf_free(3)
• ldns_rr_rrsig_set_sig(3)
• ldns_update_prcount(3)
• ldns_rdf2buffer_str_aaaa(3)
• ldns_get_rr_list_name_by_addr(3)
• ldns_rr_free(3)
• ldns_rdf2buffer_str_period(3)
• ldns_b64_ntop_calculate_size(3)
• ldns_rr_rrsig_set_algorithm(3)
• ldns_rdf2buffer_str_alg(3)
• ldns_calc_keytag(3)
• ldns_update_set_prcount(3)
• ldns_pkt_type(3)
• ldns_duration_compare(3)
• ldns_dnssec_zone(3)
• ldns_buffer_status(3)
• ldns_rr_dnskey_set_key(3)
• ldns_buffer_write_u8_at(3)
• ldns_dnssec_zone_names_print(3)
• ldns_rr_ns_nsdname(3)
• ldns_pkt_set_edns_data(3)
• ldns_get_errorstr_by_id(3)
• ldns_wire2rdf(3)
• ldns_rdf2str(3)
• ldns_dname_compare(3)
• ldns_axfr_complete(3)
• ldns_dnssec_verify_denial(3)
• ldns_rr_ttl(3)
• ldns_dname_str_absolute(3)
• ldns_buffer_write_u16_at(3)
• ldns_dnssec_zone_create_rrsigs(3)
• ldns_pkt_reply_type(3)
• ldns_native2rdf_int8(3)
• ldns_get_rr_type_by_name(3)
• ldns_key_buf2dsa(3)
• ldns_dnssec_rrsets_free(3)
• ldns_dnssec_rrsets_add_rr(3)
• ldns_pkt2buffer_wire(3)
• ldns_key_deep_free(3)
• ldns_pkt_authority(3)
• ldns_rr_rrsig_typecovered(3)
• ldns_pkt(3)
• ldns_pkt_tsig_verify(3)
• ldns_pkt_tsig_sign(3)
• ldns_buffer_begin(3)
• ldns_dnssec_derive_trust_tree_normal_rrset(3)
• ldns_get_rr_list_hosts_frm_file(3)
• ldns_native2rdf_int16_data(3)
• ldns_rdf_new_frm_str(3)
• ldns_key_list_set_key_count(3)
• ldns_pkt_additional(3)
• ldns_dnssec_verify_denial_nsec3(3)
• ldns_rdf2buffer_str_wks(3)
• ldns_key_dsa_key(3)
• ldns_dnssec_data_chain_free(3)
• ldns_key_new_frm_fp_rsa_l(3)
• ldns_buffer_available(3)
• ldns_dnssec_zone_free(3)
• ldns_dnssec_rrsets(3)
• ldns_buffer_set_position(3)
• ldns_key_set_flags(3)
• ldns_buffer_write_u8(3)
• ldns_dnssec_name_cmp(3)
• ldns_buffer_rewind(3)
• ldns_pkt2wire(3)
• ldns_key_set_hmac_key(3)
• ldns_rr_list_clone(3)
• ldns_dname_cat_clone(3)
• ldns_verify_rrsig_rsamd5(3)
• ldns_rdf_new_frm_data(3)
• ldns_pkt_get_rcode(3)
• ldns_dane_verify(3)
• ldns_duration_create(3)
• ldns_key2rr(3)
• ldns_rr_mx_exchange(3)
• ldns_dnssec_name_add_rr(3)
• ldns_dnssec_trust_tree_depth(3)
• ldns_buffer_read(3)
• ldns_native2rdf_int16(3)
• ldns_version(3)
• ldns_dname_new_frm_str(3)
• ldns_wire2dname(3)
• ldns_key_rsa_key(3)
• ldns_rdf2native_int16(3)
• ldns_buffer_limit(3)
• ldns_rdf2native_sockaddr_storage(3)
• ldns_update_zocount(3)
• ldns_dane_create_tlsa_rr(3)
• ldns_pkt_set_section_count(3)
• ldns_buffer_read_u32(3)
• ldns_key_set_rsa_key(3)
• ldns_rr_set_type(3)
• ldns_rr_dnskey_set_flags(3)
• ldns_zone_soa(3)
• ldns_rdf2buffer_str_apl(3)
• ldns_rr_rrsig_set_typecovered(3)
• ldns_rdf_clone(3)
• ldns_key_set_expiration(3)
• ldns_rr_rdata2buffer_wire(3)
• ldns_pkt_edns_data(3)
• ldns_get_rr_list_hosts_frm_fp(3)
• ldns_pkt_answer(3)
• ldns_key_flags(3)
• ldns_pkt_set_nscount(3)
• ldns_key(3)
• ldns_pkt_free(3)
• ldns_pkt_qr(3)
• ldns_pkt_set_cd(3)
• ldns_rdf_size(3)
• ldns_rdf_compare(3)
• ldns_pkt_rr_list_by_name(3)
• ldns_pkt_get_section_clone(3)
• ldns_pkt_set_ancount(3)
• ldns_pkt_set_tsig(3)
• ldns_rdf2native_time_t(3)
• ldns_dnssec_rrs_add_rr(3)
• ldns_rr_rrsig_algorithm(3)
• ldns_pkt_id(3)
• ldns_rdf_print(3)
• ldns_update_pkt_new(3)
• ldns_key_new_frm_fp_rsa(3)
• ldns_pktheader2buffer_str(3)
• ldns_dnssec_name_new(3)
• ldns_zone_set_rrs(3)
• ldns_buffer_write_string(3)
• ldns_rdf2buffer_str_tsigtime(3)
• ldns_duration_cleanup(3)
• ldns_dname_is_subdomain(3)
• ldns_dnssec_data_chain_new(3)
• ldns_key_new_frm_fp_dsa(3)
• ldns_buffer_write_u32_at(3)
• ldns_wire2pkt(3)
• ldns_zone_set_soa(3)
• ldns_rrsig2buffer_wire(3)
• ldns_b64_pton_calculate_size(3)
• ldns_pkt_ad(3)
• ldns_rdf_address_reverse(3)
• ldns_buffer_remaining(3)
• ldns_rdf_new_frm_fp(3)
• ldns_buffer_read_u8(3)
• ldns_duration_type(3)
• ldns_rr_push_rdf(3)
• ldns_rr_dnskey_protocol(3)
• ldns_pkt_set_answerfrom(3)
• ldns_buffer_printf(3)
• ldns_pkt_set_rcode(3)
• ldns_pkt_get_opcode(3)
• ldns_zone(3)
• ldns_bget_token(3)
• ldns_pkt2buffer_str(3)
• ldns_rr_pop_rdf(3)
• ldns_buffer_write_at(3)
• ldns_buffer_available_at(3)
• ldns_rr_set_owner(3)
• ldns_rr(3)
• ldns_zone_sign_nsec3(3)
• ldns_dnssec_rrs_print(3)
• ldns_zone_print_fmt(3)
• ldns_is_rrset(3)
• ldns_dnssec_zone_find_rrset(3)
• ldns_rr_descriptor_maximum(3)
• ldns_rr_list_pop_rr(3)
• ldns_key2buffer_str(3)
• ldns_key_set_origttl(3)
• ldns_pkt_set_qdcount(3)
• ldns_rr_rrsig_set_labels(3)
• ldns_send(3)
• ldns_axfr_last_pkt(3)
• ldns_dnssec_name_set_nsec(3)
• ldns_rr_dnskey_set_protocol(3)
• ldns_verify_rrsig_dsa(3)
• ldns_rdf_get_type(3)
• ldns_key_set_inception(3)
• ldns_rdf2buffer_str_nsec(3)
• ldns_buffer_remaining_at(3)
• ldns_update_set_upcount(3)
• ldns_verify_rrsig(3)
• ldns_axfr_abort(3)
• ldns_init_random(3)
• ldns_pkt_rr_list_by_type(3)
• ldns_tcp_send_query(3)
• ldns_pkt_edns(3)
• ldns_dname_interval(3)
• ldns_pkt_edns_version(3)
• ldns_rr_list_rr_count(3)
• ldns_dnssec_name_find_rrset(3)
• ldns_rr_set_rd_count(3)
• ldns_update_adcount(3)
• ldns_dnssec_derive_trust_tree_ds_rrset(3)
• ldns_rdf_set_size(3)
• ldns_key_new_frm_fp(3)
• ldns_pkt_set_ad(3)
• ldns_rr_list2buffer_str(3)
• ldns_dnssec_rrs(3)
• ldns_axfr_start(3)
• ldns_rr_class(3)
• ldns_pkt_ancount(3)
• ldns_rr_compare(3)
• ldns_dnssec_trust_tree_print(3)
• ldns_rdf2buffer_str_ipseckey(3)
• ldns_pkt_set_size(3)
• ldns_rdf2native_int8(3)
• ldns_zone_glue_rr_list(3)
• ldns_rdf2buffer_str(3)
• ldns_key_new_frm_algorithm(3)
• ldns_buffer_write_string_at(3)
• ldns_key_set_dsa_key(3)
• ldns_pkt_set_edns_z(3)
• ldns_key_keytag(3)
• ldns_algorithm(3)
• ldns_rr_rrsig_set_signame(3)
• ldns_pkt_edns_z(3)
• ldns_rr_new_frm_type(3)
• ldns_zone_sign(3)
• ldns_rdf2native_int32(3)
• ldns_key_list_key_count(3)
• ldns_rr_new_frm_str(3)
• ldns_buffer_new_frm_data(3)
• ldns_buffer2pkt_wire(3)
• ldns_pkt_arcount(3)
• ldns_pkt_qdcount(3)
• ldns_rr_list_sort(3)
• ldns_rdf2buffer_str_int16_data(3)
• ldns_key_list_new(3)
• ldns_pkt_set_id(3)
• ldns_tcp_read_wire(3)
• ldns_dnssec_rrs_free(3)
• ldns_key_free(3)
• ldns_buffer(3)
• ldns_get_rr_list_addr_by_name(3)
• ldns_buffer_write_u32(3)
• ldns_rdf_set_type(3)
• ldns_axfr_next(3)
• ldns_tcp_connect(3)
• ldns_calc_keytag_raw(3)
• ldns_buffer_set_capacity(3)
• ldns_verify_rrsig_keylist(3)
• ldns_buffer_clear(3)
• ldns_sign_public_rsasha1(3)
• ldns_key_set_pubkey_owner(3)
• ldns_wire2rr(3)
• ldns_key_list_pop_key(3)
• ldns_zone_rr_count(3)
• ldns_key_algo_supported(3)
• ldns_rr2buffer_wire(3)
• ldns_buffer_position(3)
• ldns_pkt_tsig(3)
• ldns_rdf2buffer_str_loc(3)
• ldns_zone_new_frm_fp(3)
• ldns_bskipcs(3)
• ldns_dname2canonical(3)
• ldns_rr_descriptor(3)
• ldns_pkt_nscount(3)
• ldns_rdf2buffer_str_type(3)
• ldns_rr_list_cat(3)
• ldns_dnssec_trust_tree_print_sm(3)
• ldns_key_algorithm(3)
• ldns_dnssec_name_set_name(3)
• ldns_buffer_read_u8_at(3)
• ldns_rr_dnskey_algorithm(3)
• ldns_rdf2buffer_str_a(3)
• ldns_buffer2str(3)
• ldns_rr_rrsig_labels(3)
• ldns_rr2buffer_str(3)
• ldns_rr_descriptor_field_type(3)
• ldns_pkt_set_edns_extended_rcode(3)
• ldns_pkt_edns_udp_size(3)
• ldns_dname_cat(3)
• ldns_rr_list_set_rr_count(3)
• ldns_rdf2buffer_str_unknown(3)
• ldns_native2rdf_int32(3)
• ldns_dnssec_name_print(3)
• ldns_dnssec_name_name(3)
• ldns_dnssec_zone_add_rr(3)
• ldns_dnssec_name_free(3)
• ldns_status(3)
• ldns_dnssec_data_chain_struct(3)
• ldns_dnssec_trust_tree_new(3)
• ldns_zone_print(3)
• ldns_pkt_ra(3)
• ldns_rr_type(3)
• ldns_rr_rrsig_set_expiration(3)
• ldns_pkt_set_opcode(3)
• ldns_buffer_write_u16(3)
• ldns_rdf_set_data(3)
• ldns_buffer_skip(3)
• ldns_key_new_frm_fp_l(3)
• ldns_zone_sort(3)
• ldns_rr_uncompressed_size(3)
• ldns_dnssec_data_chain_deep_free(3)
• ldns_dnssec_derive_trust_tree(3)
• ldns_dname_left_chop(3)
• ldns_buffer_capacity(3)
• ldns_buffer_reserve(3)
• ldns_b32_pton_calculate_size(3)
• ldns_rr_list_push_rr(3)
• ldns_key_hmac_key(3)
• ldns_rr_print(3)
• ldns_rr_list_free(3)
• ldns_rdf_data(3)
• ldns_dnssec_trust_tree_add_parent(3)
• ldns_zone_push_rr(3)
• ldns_dnssec_trust_tree_free(3)
• ldns_dnssec_trust_tree(3)
• ldns_sign_public_dsa(3)
• ldns_rr_compare_ds(3)
• ldns_dname_label(3)
• ldns_dane_select_certificate(3)
Documentations in package:
• libldns-dev

Manual

ldns

NAME
SYNOPSIS
DESCRIPTION
AUTHOR
REPORTING BUGS
COPYRIGHT
SEE ALSO
REMARKS

---

NAME

ldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate - TLSA RR creation functions

SYNOPSIS

#include <stdint.h>
#include <stdbool.h>

#include <ldns/ldns.h>

ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, ldns_tlsa_certificate_usage certificate_usage, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type, X509* cert);

ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, uint16_t port, ldns_dane_transport transport);

ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type);

ldns_status ldns_dane_select_certificate(X509** selected_cert, X509* cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store, ldns_tlsa_certificate_usage cert_usage, int index);

DESCRIPTION

ldns_dane_create_tlsa_rr () Creates a TLSA resource record from the certificate. No PKIX validation is performed! The given certificate is used as data regardless the value of certificate_usage.

tlsa : The created TLSA resource record.
certificate_usage : The value for the Certificate Usage field
selector : The value for the Selector field
matching_type : The value for the Matching Type field
cert : The certificate which data will be represented

Returns LDNS_STATUS_OK on success or an error code otherwise.

ldns_dane_create_tlsa_owner () Creates a dname consisting of the given name, prefixed by the service port and type of transport: _<- EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.

tlsa_owner : The created dname.
name : The dname that should be prefixed.
port : The service port number for which the name should be created.
transport : The transport for which the name should be created.
Returns LDNS_STATUS_OK on success or an error code otherwise.

ldns_dane_cert2rdf () Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data chosen by the selector and encoded using matching_type.

rdf : The created created rdf of type LDNS_RDF_TYPE_HEX.
cert : The certificate from which the data is selected
selector : The full certificate or the public key
matching_type : The full data or the SHA256 or SHA512 hash of the selected data
Returns LDNS_STATUS_OK on success or an error code otherwise.

ldns_dane_select_certificate () Selects the certificate from cert, extra_certs or the pkix_validation_store based on the value of cert_usage and index.

selected_cert : The selected cert.
cert : The certificate to validate (or not)
extra_certs : Intermediate certificates that might be necessary during validation. May be NULL, except when the certificate usage is "Trust Anchor Assertion" because the trust anchor has to be provided.(otherwise choose a "Domain issued certificate!"
pkix_validation_store : Used when the certificate usage is "CA constraint" or "Service Certificate Constraint" to validate the certificate and, in case of "CA constraint", select the CA. When pkix_validation_store is NULL, validation is explicitly turned off and the behaviour is then the same as for "Trust anchor assertion" and "Domain issued certificate" respectively.
cert_usage : Which certificate to use and how to validate.
index : Used to select the trust anchor when certificate usage is "Trust Anchor Assertion". 0 is the last certificate in the validation chain. 1 the one but last, etc. When index is -1, the last certificate is used that MUST be self-signed. This can help to make sure that the intended (self signed) trust anchor is actually present in extra_certs (which is a DANE requirement).

Returns LDNS_STATUS_OK on success or an error code otherwise.

AUTHOR

The ldns team at NLnet Labs.

REPORTING BUGS

Please report bugs to dns-team@nlnetlabs.nl or on GitHub at https://github.com/NLnetLabs/ldns/issues

COPYRIGHT

Copyright (c) 2004 - 2006 NLnet Labs.

Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

ldns_dane_verify , ldns_dane_verify_rr . And perldoc Net::DNS , RFC1034 , RFC1035 , RFC4033 , RFC4034 and RFC4035 .

REMARKS

This manpage was automatically generated from the ldns source code.

---