00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00023 #ifndef LDNS_DANE_H
00024 #define LDNS_DANE_H
00025
00026 #include <ldns/common.h>
00027 #include <ldns/rdata.h>
00028 #include <ldns/rr.h>
00029 #if LDNS_BUILD_CONFIG_HAVE_SSL
00030 #include <openssl/ssl.h>
00031 #include <openssl/err.h>
00032 #endif
00033
00034 #ifdef __cplusplus
00035 extern "C" {
00036 #endif
00037
00041 enum ldns_enum_tlsa_certificate_usage
00042 {
00044 LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
00046 LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
00048 LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
00050 LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
00051 };
00052 typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
00053
00057 enum ldns_enum_tlsa_selector
00058 {
00063 LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
00064
00069 LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
00070 };
00071 typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
00072
00076 enum ldns_enum_tlsa_matching_type
00077 {
00079 LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
00081 LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
00083 LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
00084 };
00085 typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
00086
00090 enum ldns_enum_dane_transport
00091 {
00093 LDNS_DANE_TRANSPORT_TCP = 0,
00095 LDNS_DANE_TRANSPORT_UDP = 1,
00097 LDNS_DANE_TRANSPORT_SCTP = 2
00098 };
00099 typedef enum ldns_enum_dane_transport ldns_dane_transport;
00100
00101
00112 ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
00113 const ldns_rdf* name, uint16_t port,
00114 ldns_dane_transport transport);
00115
00116
00117 #if LDNS_BUILD_CONFIG_HAVE_SSL
00118
00129 ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
00130 ldns_tlsa_selector selector,
00131 ldns_tlsa_matching_type matching_type);
00132
00133
00162 ldns_status ldns_dane_select_certificate(X509** selected_cert,
00163 X509* cert, STACK_OF(X509)* extra_certs,
00164 X509_STORE* pkix_validation_store,
00165 ldns_tlsa_certificate_usage cert_usage, int index);
00166
00180 ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
00181 ldns_tlsa_certificate_usage certificate_usage,
00182 ldns_tlsa_selector selector,
00183 ldns_tlsa_matching_type matching_type,
00184 X509* cert);
00185
00209 ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
00210 X509* cert, STACK_OF(X509)* extra_certs,
00211 X509_STORE* pkix_validation_store);
00212
00234 ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
00235 X509* cert, STACK_OF(X509)* extra_certs,
00236 X509_STORE* pkix_validation_store);
00237 #endif
00238
00239 #ifdef __cplusplus
00240 }
00241 #endif
00242
00243 #endif
00244