From: Zbigniew Jędrzejewski-Szmek Date: Mon, 2 Feb 2015 04:50:50 +0000 (-0500) Subject: resolved: convert TLSA fields to string X-Git-Tag: v229~59^2~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cfb90da3dc579e2f9408bc0e04a71c82dd28ac71;p=thirdparty%2Fsystemd.git resolved: convert TLSA fields to string Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256 --- diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 56720646cae..46ab6944968 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -228,3 +228,33 @@ int dns_class_from_string(const char *s) { return _DNS_CLASS_INVALID; } + +const char* tlsa_cert_usage_to_string(uint8_t cert_usage) { + switch(cert_usage) { + case 0: return "CA constraint"; + case 1: return "Service certificate constraint"; + case 2: return "Trust anchor assertion"; + case 3: return "Domain-issued certificate"; + case 4 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} + +const char* tlsa_selector_to_string(uint8_t selector) { + switch(selector) { + case 0: return "Full Certificate"; + case 1: return "SubjectPublicKeyInfo"; + case 2 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} + +const char* tlsa_matching_type_to_string(uint8_t selector) { + switch(selector) { + case 0: return "No hash used"; + case 1: return "SHA-256"; + case 2: return "SHA-512"; + case 3 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h index 2eda670ed42..1d9a59dfc1f 100644 --- a/src/resolve/dns-type.h +++ b/src/resolve/dns-type.h @@ -144,3 +144,12 @@ int dns_type_from_string(const char *s); const char *dns_class_to_string(uint16_t type); int dns_class_from_string(const char *name); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.2 */ +const char *tlsa_cert_usage_to_string(uint8_t cert_usage); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.3 */ +const char *tlsa_selector_to_string(uint8_t selector); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */ +const char *tlsa_matching_type_to_string(uint8_t selector); diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 6f58d175c14..dd2ca2b06cb 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1087,8 +1087,14 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { } case DNS_TYPE_TLSA: { + const char *cert_usage, *selector, *matching_type; + char *ss; int n; + cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage); + selector = tlsa_selector_to_string(rr->tlsa.selector); + matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type); + r = asprintf(&s, "%s %u %u %u %n", k, rr->tlsa.cert_usage, @@ -1103,6 +1109,20 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { 8, columns()); if (r < 0) return NULL; + + r = asprintf(&ss, "%s\n" + "%*s-- Cert. usage: %s\n" + "%*s-- Selector: %s\n" + "%*s-- Matching type: %s", + s, + n - 6, "", cert_usage, + n - 6, "", selector, + n - 6, "", matching_type); + if (r < 0) + return NULL; + free(s); + s = ss; + break; }