|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_cert_type_name
|
|
Packit Service |
4684c1 |
@anchor{dane_cert_type_name}
|
|
Packit Service |
4684c1 |
@deftypefun {const char *} {dane_cert_type_name} (dane_cert_type_t @var{type})
|
|
Packit Service |
4684c1 |
@var{type}: is a DANE match type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Convert a @code{dane_cert_type_t} value to a string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a string that contains the name of the specified
|
|
Packit Service |
4684c1 |
type, or @code{NULL} .
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_cert_usage_name
|
|
Packit Service |
4684c1 |
@anchor{dane_cert_usage_name}
|
|
Packit Service |
4684c1 |
@deftypefun {const char *} {dane_cert_usage_name} (dane_cert_usage_t @var{usage})
|
|
Packit Service |
4684c1 |
@var{usage}: is a DANE certificate usage
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Convert a @code{dane_cert_usage_t} value to a string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a string that contains the name of the specified
|
|
Packit Service |
4684c1 |
type, or @code{NULL} .
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_match_type_name
|
|
Packit Service |
4684c1 |
@anchor{dane_match_type_name}
|
|
Packit Service |
4684c1 |
@deftypefun {const char *} {dane_match_type_name} (dane_match_type_t @var{type})
|
|
Packit Service |
4684c1 |
@var{type}: is a DANE match type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Convert a @code{dane_match_type_t} value to a string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a string that contains the name of the specified
|
|
Packit Service |
4684c1 |
type, or @code{NULL} .
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_data
|
|
Packit Service |
4684c1 |
@anchor{dane_query_data}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data})
|
|
Packit Service |
4684c1 |
@var{q}: The query result structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{idx}: The index of the query response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{usage}: The certificate usage (see @code{dane_cert_usage_t} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{type}: The certificate type (see @code{dane_cert_type_t} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{match}: The DANE matching type (see @code{dane_match_type_t} )
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data}: The DANE data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will provide the DANE data from the query
|
|
Packit Service |
4684c1 |
response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_deinit
|
|
Packit Service |
4684c1 |
@anchor{dane_query_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {dane_query_deinit} (dane_query_t @var{q})
|
|
Packit Service |
4684c1 |
@var{q}: The structure to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a DANE query result structure.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_entries
|
|
Packit Service |
4684c1 |
@anchor{dane_query_entries}
|
|
Packit Service |
4684c1 |
@deftypefun {unsigned int} {dane_query_entries} (dane_query_t @var{q})
|
|
Packit Service |
4684c1 |
@var{q}: The query result structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the number of entries in a query.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} The number of entries.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_status
|
|
Packit Service |
4684c1 |
@anchor{dane_query_status}
|
|
Packit Service |
4684c1 |
@deftypefun {dane_query_status_t} {dane_query_status} (dane_query_t @var{q})
|
|
Packit Service |
4684c1 |
@var{q}: The query result structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will return the status of the query response.
|
|
Packit Service |
4684c1 |
See @code{dane_query_status_t} for the possible types.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} The status type.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_tlsa
|
|
Packit Service |
4684c1 |
@anchor{dane_query_tlsa}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port})
|
|
Packit Service |
4684c1 |
@var{s}: The DANE state structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{r}: A structure to place the result
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{host}: The host name to resolve.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{proto}: The protocol type (tcp, udp, etc.)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{port}: The service port number (eg. 443).
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will query the DNS server for the TLSA (DANE)
|
|
Packit Service |
4684c1 |
data for the given host.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_query_to_raw_tlsa
|
|
Packit Service |
4684c1 |
@anchor{dane_query_to_raw_tlsa}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus})
|
|
Packit Service |
4684c1 |
@var{q}: The query result structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{data_entries}: Pointer set to the number of entries in the query
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer;
|
|
Packit Service |
4684c1 |
caller must guarantee that the referenced data remains
|
|
Packit Service |
4684c1 |
valid until @code{dane_query_deinit()} is called.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{secure}: Pointer set true if the result is validated securely, false if
|
|
Packit Service |
4684c1 |
validation failed or the domain queried has no security info
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bogus}: Pointer set true if the result was not secure due to a security failure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will provide the DANE data from the query
|
|
Packit Service |
4684c1 |
response.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()}
|
|
Packit Service |
4684c1 |
to contain the data from the query result structure (individual
|
|
Packit Service |
4684c1 |
@code{dane_data} items simply point to the original data and are not allocated separately).
|
|
Packit Service |
4684c1 |
The returned @code{dane_data} are only valid during the lifetime of @code{q} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_raw_tlsa
|
|
Packit Service |
4684c1 |
@anchor{dane_raw_tlsa}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus})
|
|
Packit Service |
4684c1 |
@var{s}: The DANE state structure
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{r}: A structure to place the result
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dane_data}: array of DNS rdata items, terminated with a NULL pointer;
|
|
Packit Service |
4684c1 |
caller must guarantee that the referenced data remains
|
|
Packit Service |
4684c1 |
valid until @code{dane_query_deinit()} is called.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{dane_data_len}: the length n bytes of the dane_data items
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{secure}: true if the result is validated securely, false if
|
|
Packit Service |
4684c1 |
validation failed or the domain queried has no security info
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{bogus}: if the result was not secure (secure = 0) due to a security failure,
|
|
Packit Service |
4684c1 |
and the result is due to a security failure, bogus is true.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will fill in the TLSA (DANE) structure from
|
|
Packit Service |
4684c1 |
the given raw DNS record data. The @code{dane_data} must be valid
|
|
Packit Service |
4684c1 |
during the lifetime of the query.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_state_deinit
|
|
Packit Service |
4684c1 |
@anchor{dane_state_deinit}
|
|
Packit Service |
4684c1 |
@deftypefun {void} {dane_state_deinit} (dane_state_t @var{s})
|
|
Packit Service |
4684c1 |
@var{s}: The structure to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will deinitialize a DANE query structure.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_state_init
|
|
Packit Service |
4684c1 |
@anchor{dane_state_init}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{s}: The structure to be initialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: flags from the @code{dane_state_flags} enumeration
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will initialize the backend resolver. It is
|
|
Packit Service |
4684c1 |
intended to be used in scenarios where multiple resolvings
|
|
Packit Service |
4684c1 |
occur, to optimize against multiple re-initializations.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_state_set_dlv_file
|
|
Packit Service |
4684c1 |
@anchor{dane_state_set_dlv_file}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file})
|
|
Packit Service |
4684c1 |
@var{s}: The structure to be deinitialized
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{file}: The file holding the DLV keys.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will set a file with trusted keys
|
|
Packit Service |
4684c1 |
for DLV (DNSSEC Lookaside Validation).
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_strerror
|
|
Packit Service |
4684c1 |
@anchor{dane_strerror}
|
|
Packit Service |
4684c1 |
@deftypefun {const char *} {dane_strerror} (int @var{error})
|
|
Packit Service |
4684c1 |
@var{error}: is a DANE error code, a negative error code
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function is similar to strerror. The difference is that it
|
|
Packit Service |
4684c1 |
accepts an error number returned by a gnutls function; In case of
|
|
Packit Service |
4684c1 |
an unknown error a descriptive string is sent instead of @code{NULL} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Error codes are always a negative error code.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} A string explaining the DANE error message.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_verification_status_print
|
|
Packit Service |
4684c1 |
@anchor{dane_verification_status_print}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{status}: The status flags to be printed
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{out}: Newly allocated datum with (0) terminated string.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: should be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will pretty print the status of a verification
|
|
Packit Service |
4684c1 |
process -- eg. the one obtained by @code{dane_verify_crt()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{out} needs to be deallocated using @code{gnutls_free()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_verify_crt
|
|
Packit Service |
4684c1 |
@anchor{dane_verify_crt}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify})
|
|
Packit Service |
4684c1 |
@var{s}: A DANE state structure (may be NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain}: A certificate chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain_size}: The size of the chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain_type}: The type of the certificate chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{hostname}: The hostname associated with the chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{proto}: The protocol of the service connecting (e.g. tcp)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{port}: The port of the service connecting (e.g. 443)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{sflags}: Flags for the initialization of @code{s} (if NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: An OR'ed list of @code{dane_verify_status_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will verify the given certificate chain against the
|
|
Packit Service |
4684c1 |
CA constrains and/or the certificate available via DANE.
|
|
Packit Service |
4684c1 |
If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_INFO}
|
|
Packit Service |
4684c1 |
is set. If a DNSSEC signature is not available for the DANE
|
|
Packit Service |
4684c1 |
record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Due to the many possible options of DANE, there is no single threat
|
|
Packit Service |
4684c1 |
model countered. When notifying the user about DANE verification results
|
|
Packit Service |
4684c1 |
it may be better to mention: DANE verification did not reject the certificate,
|
|
Packit Service |
4684c1 |
rather than mentioning a successful DANE verication.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that this function is designed to be run in addition to
|
|
Packit Service |
4684c1 |
PKIX - certificate chain - verification. To be run independently
|
|
Packit Service |
4684c1 |
the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified;
|
|
Packit Service |
4684c1 |
then the function will check whether the key of the peer matches the
|
|
Packit Service |
4684c1 |
key advertized in the DANE entry.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0)
|
|
Packit Service |
4684c1 |
when the DANE entries were successfully parsed, irrespective of
|
|
Packit Service |
4684c1 |
whether they were verified (see @code{verify} for that information). If
|
|
Packit Service |
4684c1 |
no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_verify_crt_raw
|
|
Packit Service |
4684c1 |
@anchor{dane_verify_crt_raw}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify})
|
|
Packit Service |
4684c1 |
@var{s}: A DANE state structure (may be NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain}: A certificate chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain_size}: The size of the chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{chain_type}: The type of the certificate chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{r}: DANE data to check against
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{sflags}: Flags for the initialization of @code{s} (if NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: An OR'ed list of @code{dane_verify_status_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This is the low-level function of @code{dane_verify_crt()} . See the
|
|
Packit Service |
4684c1 |
high level function for documentation.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function does not perform any resolving, it utilizes
|
|
Packit Service |
4684c1 |
cached entries from @code{r} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0)
|
|
Packit Service |
4684c1 |
when the DANE entries were successfully parsed, irrespective of
|
|
Packit Service |
4684c1 |
whether they were verified (see @code{verify} for that information). If
|
|
Packit Service |
4684c1 |
no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@subheading dane_verify_session_crt
|
|
Packit Service |
4684c1 |
@anchor{dane_verify_session_crt}
|
|
Packit Service |
4684c1 |
@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify})
|
|
Packit Service |
4684c1 |
@var{s}: A DANE state structure (may be NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{session}: A gnutls session
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{hostname}: The hostname associated with the chain
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{proto}: The protocol of the service connecting (e.g. tcp)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{port}: The port of the service connecting (e.g. 443)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{sflags}: Flags for the initialization of @code{s} (if NULL)
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: An OR'ed list of @code{dane_verify_status_t} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function will verify session's certificate chain against the
|
|
Packit Service |
4684c1 |
CA constrains and/or the certificate available via DANE.
|
|
Packit Service |
4684c1 |
See @code{dane_verify_crt()} for more information.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This will not verify the chain for validity; unless the DANE
|
|
Packit Service |
4684c1 |
verification is restricted to end certificates, this must be
|
|
Packit Service |
4684c1 |
be performed separately using @code{gnutls_certificate_verify_peers3()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0)
|
|
Packit Service |
4684c1 |
when the DANE entries were successfully parsed, irrespective of
|
|
Packit Service |
4684c1 |
whether they were verified (see @code{verify} for that information). If
|
|
Packit Service |
4684c1 |
no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE}
|
|
Packit Service |
4684c1 |
will be returned.
|
|
Packit Service |
4684c1 |
@end deftypefun
|
|
Packit Service |
4684c1 |
|