summaryrefslogtreecommitdiff
path: root/src/resolve
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2015-02-01 23:50:50 -0500
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-01-28 18:35:02 -0500
commitcfb90da3dc579e2f9408bc0e04a71c82dd28ac71 (patch)
treecdb83ce286a081f33767788ca4d8dd3d4200c9e3 /src/resolve
parentd93a16b81f8baa0e6a16310b210f225129347322 (diff)
resolved: convert TLSA fields to string
Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256
Diffstat (limited to 'src/resolve')
-rw-r--r--src/resolve/dns-type.c30
-rw-r--r--src/resolve/dns-type.h9
-rw-r--r--src/resolve/resolved-dns-rr.c20
3 files changed, 59 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
index 56720646ca..46ab694496 100644
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@@ -228,3 +228,33 @@ int dns_class_from_string(const char *s) {
return _DNS_CLASS_INVALID;
}
+
+const char* tlsa_cert_usage_to_string(uint8_t cert_usage) {
+ switch(cert_usage) {
+ case 0: return "CA constraint";
+ case 1: return "Service certificate constraint";
+ case 2: return "Trust anchor assertion";
+ case 3: return "Domain-issued certificate";
+ case 4 ... 254: return "Unassigned";
+ case 255: return "Private use";
+ }
+}
+
+const char* tlsa_selector_to_string(uint8_t selector) {
+ switch(selector) {
+ case 0: return "Full Certificate";
+ case 1: return "SubjectPublicKeyInfo";
+ case 2 ... 254: return "Unassigned";
+ case 255: return "Private use";
+ }
+}
+
+const char* tlsa_matching_type_to_string(uint8_t selector) {
+ switch(selector) {
+ case 0: return "No hash used";
+ case 1: return "SHA-256";
+ case 2: return "SHA-512";
+ case 3 ... 254: return "Unassigned";
+ case 255: return "Private use";
+ }
+}
diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h
index 2eda670ed4..1d9a59dfc1 100644
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -144,3 +144,12 @@ int dns_type_from_string(const char *s);
const char *dns_class_to_string(uint16_t type);
int dns_class_from_string(const char *name);
+
+/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.2 */
+const char *tlsa_cert_usage_to_string(uint8_t cert_usage);
+
+/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.3 */
+const char *tlsa_selector_to_string(uint8_t selector);
+
+/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */
+const char *tlsa_matching_type_to_string(uint8_t selector);
diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c
index 6f58d175c1..dd2ca2b06c 100644
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@@ -1087,8 +1087,14 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
}
case DNS_TYPE_TLSA: {
+ const char *cert_usage, *selector, *matching_type;
+ char *ss;
int n;
+ cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
+ selector = tlsa_selector_to_string(rr->tlsa.selector);
+ matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);
+
r = asprintf(&s, "%s %u %u %u %n",
k,
rr->tlsa.cert_usage,
@@ -1103,6 +1109,20 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
8, columns());
if (r < 0)
return NULL;
+
+ r = asprintf(&ss, "%s\n"
+ "%*s-- Cert. usage: %s\n"
+ "%*s-- Selector: %s\n"
+ "%*s-- Matching type: %s",
+ s,
+ n - 6, "", cert_usage,
+ n - 6, "", selector,
+ n - 6, "", matching_type);
+ if (r < 0)
+ return NULL;
+ free(s);
+ s = ss;
+
break;
}