diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2015-02-01 23:50:50 -0500 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2016-01-28 18:35:02 -0500 |
commit | cfb90da3dc579e2f9408bc0e04a71c82dd28ac71 (patch) | |
tree | cdb83ce286a081f33767788ca4d8dd3d4200c9e3 /src | |
parent | d93a16b81f8baa0e6a16310b210f225129347322 (diff) |
resolved: convert TLSA fields to string
Example output:
_443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A=
-- Cert. usage: CA constraint
-- Selector: Full Certificate
-- Matching type: SHA-256
Diffstat (limited to 'src')
-rw-r--r-- | src/resolve/dns-type.c | 30 | ||||
-rw-r--r-- | src/resolve/dns-type.h | 9 | ||||
-rw-r--r-- | src/resolve/resolved-dns-rr.c | 20 |
3 files changed, 59 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 56720646ca..46ab694496 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -228,3 +228,33 @@ int dns_class_from_string(const char *s) { return _DNS_CLASS_INVALID; } + +const char* tlsa_cert_usage_to_string(uint8_t cert_usage) { + switch(cert_usage) { + case 0: return "CA constraint"; + case 1: return "Service certificate constraint"; + case 2: return "Trust anchor assertion"; + case 3: return "Domain-issued certificate"; + case 4 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} + +const char* tlsa_selector_to_string(uint8_t selector) { + switch(selector) { + case 0: return "Full Certificate"; + case 1: return "SubjectPublicKeyInfo"; + case 2 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} + +const char* tlsa_matching_type_to_string(uint8_t selector) { + switch(selector) { + case 0: return "No hash used"; + case 1: return "SHA-256"; + case 2: return "SHA-512"; + case 3 ... 254: return "Unassigned"; + case 255: return "Private use"; + } +} diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h index 2eda670ed4..1d9a59dfc1 100644 --- a/src/resolve/dns-type.h +++ b/src/resolve/dns-type.h @@ -144,3 +144,12 @@ int dns_type_from_string(const char *s); const char *dns_class_to_string(uint16_t type); int dns_class_from_string(const char *name); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.2 */ +const char *tlsa_cert_usage_to_string(uint8_t cert_usage); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.3 */ +const char *tlsa_selector_to_string(uint8_t selector); + +/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */ +const char *tlsa_matching_type_to_string(uint8_t selector); diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 6f58d175c1..dd2ca2b06c 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1087,8 +1087,14 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { } case DNS_TYPE_TLSA: { + const char *cert_usage, *selector, *matching_type; + char *ss; int n; + cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage); + selector = tlsa_selector_to_string(rr->tlsa.selector); + matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type); + r = asprintf(&s, "%s %u %u %u %n", k, rr->tlsa.cert_usage, @@ -1103,6 +1109,20 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { 8, columns()); if (r < 0) return NULL; + + r = asprintf(&ss, "%s\n" + "%*s-- Cert. usage: %s\n" + "%*s-- Selector: %s\n" + "%*s-- Matching type: %s", + s, + n - 6, "", cert_usage, + n - 6, "", selector, + n - 6, "", matching_type); + if (r < 0) + return NULL; + free(s); + s = ss; + break; } |