Skip to content

Commit cfb90da

Browse files
keszybzkeszybz
committed
resolved: convert TLSA fields to string
Example output: _443._tcp.fedoraproject.org IN TLSA 0 0 1 GUAL5bejH7czkXcAeJ0vCiRxwMnVBsDlBMBsFtfLF8A= -- Cert. usage: CA constraint -- Selector: Full Certificate -- Matching type: SHA-256
1 parent d93a16b commit cfb90da

File tree

3 files changed

+59
-0
lines changed

3 files changed

+59
-0
lines changed

src/resolve/dns-type.c

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,3 +228,33 @@ int dns_class_from_string(const char *s) {
228228

229229
return _DNS_CLASS_INVALID;
230230
}
231+
232+
const char* tlsa_cert_usage_to_string(uint8_t cert_usage) {
233+
switch(cert_usage) {
234+
case 0: return "CA constraint";
235+
case 1: return "Service certificate constraint";
236+
case 2: return "Trust anchor assertion";
237+
case 3: return "Domain-issued certificate";
238+
case 4 ... 254: return "Unassigned";
239+
case 255: return "Private use";
240+
}
241+
}
242+
243+
const char* tlsa_selector_to_string(uint8_t selector) {
244+
switch(selector) {
245+
case 0: return "Full Certificate";
246+
case 1: return "SubjectPublicKeyInfo";
247+
case 2 ... 254: return "Unassigned";
248+
case 255: return "Private use";
249+
}
250+
}
251+
252+
const char* tlsa_matching_type_to_string(uint8_t selector) {
253+
switch(selector) {
254+
case 0: return "No hash used";
255+
case 1: return "SHA-256";
256+
case 2: return "SHA-512";
257+
case 3 ... 254: return "Unassigned";
258+
case 255: return "Private use";
259+
}
260+
}

src/resolve/dns-type.h

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,3 +144,12 @@ int dns_type_from_string(const char *s);
144144

145145
const char *dns_class_to_string(uint16_t type);
146146
int dns_class_from_string(const char *name);
147+
148+
/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.2 */
149+
const char *tlsa_cert_usage_to_string(uint8_t cert_usage);
150+
151+
/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.3 */
152+
const char *tlsa_selector_to_string(uint8_t selector);
153+
154+
/* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */
155+
const char *tlsa_matching_type_to_string(uint8_t selector);

src/resolve/resolved-dns-rr.c

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1087,8 +1087,14 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
10871087
}
10881088

10891089
case DNS_TYPE_TLSA: {
1090+
const char *cert_usage, *selector, *matching_type;
1091+
char *ss;
10901092
int n;
10911093

1094+
cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
1095+
selector = tlsa_selector_to_string(rr->tlsa.selector);
1096+
matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);
1097+
10921098
r = asprintf(&s, "%s %u %u %u %n",
10931099
k,
10941100
rr->tlsa.cert_usage,
@@ -1103,6 +1109,20 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
11031109
8, columns());
11041110
if (r < 0)
11051111
return NULL;
1112+
1113+
r = asprintf(&ss, "%s\n"
1114+
"%*s-- Cert. usage: %s\n"
1115+
"%*s-- Selector: %s\n"
1116+
"%*s-- Matching type: %s",
1117+
s,
1118+
n - 6, "", cert_usage,
1119+
n - 6, "", selector,
1120+
n - 6, "", matching_type);
1121+
if (r < 0)
1122+
return NULL;
1123+
free(s);
1124+
s = ss;
1125+
11061126
break;
11071127
}
11081128

0 commit comments

Comments
 (0)