typedef struct dane_param_choice_struct dane_param_choice;
dane_param_choice dane_certificate_usage_table[] = {
- { "CA constraint" , 0 },
- { "CA-constraint" , 0 },
- { "Service certificate constraint" , 1 },
- { "Service-certificate-constraint" , 1 },
- { "Trust anchor assertion" , 2 },
- { "Trust-anchor-assertion" , 2 },
- { "anchor" , 2 },
- { "Domain-issued certificate" , 3 },
- { "Domain-issued-certificate" , 3 },
+ { "PKIX-TA" , 0 },
+ { "CA constraint" , 0 },
+ { "CA-constraint" , 0 },
+ { "PKIX-EE" , 1 },
+ { "Service certificate constraint" , 1 },
+ { "Service-certificate-constraint" , 1 },
+ { "DANE-TA" , 2 },
+ { "Trust anchor assertion" , 2 },
+ { "Trust-anchor-assertion" , 2 },
+ { "anchor" , 2 },
+ { "DANE-EE" , 3 },
+ { "Domain-issued certificate" , 3 },
+ { "Domain-issued-certificate" , 3 },
+ { "PrivCert" , 255 },
{ NULL, -1 }
};
dane_param_choice dane_selector_table[] = {
- { "Full certificate" , 0 },
- { "Full-certificate" , 0 },
- { "certificate" , 0 },
- { "SubjectPublicKeyInfo", 1 },
- { "PublicKey" , 1 },
- { "pubkey" , 1 },
- { "key" , 1 },
+ { "Cert" , 0 },
+ { "Full certificate" , 0 },
+ { "Full-certificate" , 0 },
+ { "certificate" , 0 },
+ { "SPKI" , 1 },
+ { "SubjectPublicKeyInfo", 1 },
+ { "PublicKey" , 1 },
+ { "pubkey" , 1 },
+ { "key" , 1 },
+ { "PrivSel" , 255 },
+ { NULL, -1 }
+};
+
+dane_param_choice dane_matching_type_table[] = {
+ { "Full" , 0 },
+ { "no-hash-used" , 0 },
+ { "no hash used" , 0 },
+ { "SHA2-256" , 1 },
+ { "sha256" , 1 },
+ { "sha-256" , 1 },
+ { "SHA2-512" , 2 },
+ { "sha512" , 2 },
+ { "sha-512" , 2 },
+ { "PrivMatch" , 255 },
{ NULL, -1 }
};
dane_certificate_usage_table);
argc--;
} else {
- certificate_usage =
- LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
+ certificate_usage = LDNS_TLSA_USAGE_DANE_EE;
}
if (argc > 0) {
selector = dane_int_within_range_table(
dane_selector_table);
argc--;
} else {
- selector = LDNS_TLSA_SELECTOR_FULL_CERTIFICATE;
+ selector = LDNS_TLSA_SELECTOR_SPKI;
}
if (argc > 0) {
- if (*argv && /* strlen(argv) > 0 */
- (strncasecmp(*argv, "no-hash-used",
- strlen(*argv)) == 0 ||
- strncasecmp(*argv, "no hash used",
- strlen(*argv)) == 0 )) {
- matching_type =
- LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED;
-
- } else if (strcasecmp(*argv, "sha256") == 0 ||
- strcasecmp(*argv, "sha-256") == 0) {
-
- matching_type = LDNS_TLSA_MATCHING_TYPE_SHA256;
+ matching_type = dane_int_within_range_table(
+ *argv++, 2, "matching type",
+ dane_matching_type_table);
- } else if (strcasecmp(*argv, "sha512") == 0 ||
- strcasecmp(*argv, "sha-512") == 0) {
-
- matching_type = LDNS_TLSA_MATCHING_TYPE_SHA512;
-
- } else {
- matching_type = dane_int_within_range(
- *argv, 2, "matching type");
- }
- argv++;
argc--;
} else {
- matching_type = LDNS_TLSA_MATCHING_TYPE_SHA256;
+ matching_type = LDNS_TLSA_MATCHING_TYPE_SHA2_256;
}
if (argc > 0) {
enum ldns_enum_tlsa_certificate_usage
{
/** CA constraint */
- LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
+ LDNS_TLSA_USAGE_PKIX_TA = 0,
+ LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
/** Sevice certificate constraint */
- LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
+ LDNS_TLSA_USAGE_PKIX_EE = 1,
+ LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
/** Trust anchor assertion */
- LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
+ LDNS_TLSA_USAGE_DANE_TA = 2,
+ LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
/** Domain issued certificate */
- LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
+ LDNS_TLSA_USAGE_DANE_EE = 3,
+ LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3,
+ /** Reserved for Private Use */
+ LDNS_TLSA_USAGE_PRIVCERT = 255
};
typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
* Full certificate: the Certificate binary structure
* as defined in [RFC5280]
*/
- LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
+ LDNS_TLSA_SELECTOR_CERT = 0,
+ LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
/**
* SubjectPublicKeyInfo: DER-encoded binary structure
* as defined in [RFC5280]
*/
- LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
+ LDNS_TLSA_SELECTOR_SPKI = 1,
+ LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1,
+
+ /** Reserved for Private Use */
+ LDNS_TLSA_SELECTOR_PRIVSEL = 255
};
typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
enum ldns_enum_tlsa_matching_type
{
/** Exact match on selected content */
- LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
+ LDNS_TLSA_MATCHING_FULL = 0,
+ LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
/** SHA-256 hash of selected content [RFC6234] */
- LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
+ LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1,
+ LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
/** SHA-512 hash of selected content [RFC6234] */
- LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
+ LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2,
+ LDNS_TLSA_MATCHING_TYPE_SHA512 = 2,
+ /** Reserved for Private Use */
+ LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255
};
typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
projects / thirdparty / ldns.git / commitdiff
