Query: ldns_dane_verify_rr
OS: centos
Section: 3
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
ldns(3) Library Functions Manual ldns(3)NAMEldns_dane_verify, ldns_dane_verify_rrSYNOPSIS#include <stdint.h> #include <stdbool.h> #include <ldns/ldns.h> ldns_status ldns_dane_verify(ldns_rr_list* tlsas, X509* cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store); ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr, X509* cert, STACK_OF(X509)* extra_certs, X509_STORE* pkix_validation_store);DESCRIPTIONldns_dane_verify() Verify if any of the given TLSA resource records matches the given certificate. tlsas: The resource records that specify what and how to match the certificate. One must match for this function to succeed. With tlsas == NULL or the number of TLSA records in tlsas == 0, regular PKIX validation is performed. cert: The certificate to match (and validate) extra_certs: Intermediate certificates that might be necessary creating the validation chain. pkix_validation_store: Used when the certificate usage is "CA constraint" or "Service Certificate Constraint" to validate the cer- tificate. Returns LDNS_STATUS_OK on success, LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's matched but the PKIX validation failed, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched, or other ldns_status errors. ldns_dane_verify_rr() Verify if the given TLSA resource record matches the given certificate. Reporting on a TLSA rr mismatch (- LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE). So when PKIX valida- tion is required by the TLSA Certificate usage, but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH is returned whether the PKIX validated or not. tlsa_rr: The resource record that specifies what and how to match the certificate. With tlsa_rr == NULL, regular PKIX validation is performed. cert: The certificate to match (and validate) extra_certs: Intermediate certificates that might be necessary creating the validation chain. pkix_validation_store: Used when the certificate usage is "CA constraint" or "Service Certificate Constraint" to validate the cer- tificate. Returns LDNS_STATUS_OK on success, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch, LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched, but the PKIX validation failed, or other ldns_status errors.AUTHORThe ldns team at NLnet Labs. Which consists out of Jelte Jansen and Miek Gieben.REPORTING BUGSPlease report bugs to ldns-team@nlnetlabs.nl or in our bugzilla at http://www.nlnetlabs.nl/bugs/index.htmlCOPYRIGHTCopyright (c) 2004 - 2006 NLnet Labs. Licensed under the BSD License. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.SEE ALSOldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate, ldns_dane_create_tlsa_rr. And perldoc Net::DNS, RFC1034, RFC1035, RFC4033, RFC4034 and RFC4035.REMARKSThis manpage was automaticly generated from the ldns source code by use of Doxygen and some perl. 30 May 2006 ldns(3)
Related Man Pages |
---|
ldns_verify_rrsig(3) - debian |
ldns_verify(3) - debian |
ldns_verify_notime(3) - debian |
ldns-dane(1) - centos |
ldns_dane_create_tlsa_owner(3) - centos |
Similar Topics in the Unix Linux Community |
---|
Ubuntu: Bind vulnerability |
Need Help _ Unix Script |
what is the better way to validate records in a file. |
Wanted best way to validate delimited file records |
File validation |