summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.h
diff options
context:
space:
mode:
authorTom Gundersen <teg@jklm.no>2015-12-04 14:22:29 +0100
committerTom Gundersen <teg@jklm.no>2015-12-04 14:22:29 +0100
commit8eb3655cdb1910537615bb69c5ecf90dcc9d81c3 (patch)
treeaafbaca07fc1125352ecaf0f0e4c6473f455ff80 /src/resolve/resolved-dns-dnssec.h
parent517d12cc0c94e09f8b4783e84ee0d2d5df3e9b5a (diff)
parentbb1fa24261fd60ec1df6c6c42940c5f764d9246d (diff)
Merge pull request #2092 from poettering/dnssec2
Second DNSSEC patch set
Diffstat (limited to 'src/resolve/resolved-dns-dnssec.h')
-rw-r--r--src/resolve/resolved-dns-dnssec.h20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/resolve/resolved-dns-dnssec.h b/src/resolve/resolved-dns-dnssec.h
index 8f812bc1fb..f4cb58988a 100644
--- a/src/resolve/resolved-dns-dnssec.h
+++ b/src/resolve/resolved-dns-dnssec.h
@@ -21,10 +21,26 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+typedef enum DnssecMode DnssecMode;
+
#include "dns-domain.h"
#include "resolved-dns-answer.h"
#include "resolved-dns-rr.h"
+enum DnssecMode {
+ /* No DNSSEC validation is done */
+ DNSSEC_NO,
+
+ /* Trust the AD bit sent by the server. UNSAFE! */
+ DNSSEC_TRUST,
+
+ /* Validate locally, if the server knows DO, but if not, don't. Don't trust the AD bit */
+ DNSSEC_YES,
+
+ _DNSSEC_MODE_MAX,
+ _DNSSEC_MODE_INVALID = -1
+};
+
enum {
DNSSEC_VERIFIED,
DNSSEC_INVALID,
@@ -33,7 +49,6 @@ enum {
DNSSEC_SIGNATURE_EXPIRED,
};
-
#define DNSSEC_CANONICAL_HOSTNAME_MAX (DNS_HOSTNAME_MAX + 2)
int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnskey);
@@ -47,3 +62,6 @@ int dnssec_verify_dnskey(DnsResourceRecord *dnskey, DnsResourceRecord *ds);
uint16_t dnssec_keytag(DnsResourceRecord *dnskey);
int dnssec_canonicalize(const char *n, char *buffer, size_t buffer_max);
+
+const char* dnssec_mode_to_string(DnssecMode m) _const_;
+DnssecMode dnssec_mode_from_string(const char *s) _pure_;