Struct trust_dns_proto::rr::rdata::tlsa::TLSA

source ·

pub struct TLSA { /* private fields */ }

Expand description

RFC 6698, DNS-Based Authentication for TLS

2.1.  TLSA RDATA Wire Format

   The RDATA for a TLSA RR consists of a one-octet certificate usage
   field, a one-octet selector field, a one-octet matching type field,
   and the certificate association data field.

                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |  Cert. Usage  |   Selector    | Matching Type |               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               /
   /                                                               /
   /                 Certificate Association Data                  /
   /                                                               /
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Implementations§

source §

impl TLSA

source

pub fn new(
 cert_usage: CertUsage,
 selector: Selector,
 matching: Matching,
 cert_data: Vec<u8>
) -> Self

Constructs a new TLSA

RFC 6698, DNS-Based Authentication for TLS

2.  The TLSA Resource Record

   The TLSA DNS resource record (RR) is used to associate a TLS server
   certificate or public key with the domain name where the record is
   found, thus forming a "TLSA certificate association".  The semantics
   of how the TLSA RR is interpreted are given later in this document.

   The type value for the TLSA RR type is defined in Section 7.1.

   The TLSA RR is class independent.

   The TLSA RR has no special Time to Live (TTL) requirements.

source

pub fn cert_usage(&self) -> CertUsage

Specifies the provided association that will be used to match the certificate presented in the TLS handshake

source

pub fn selector(&self) -> Selector

Specifies which part of the TLS certificate presented by the server will be matched against the association data

source

pub fn matching(&self) -> Matching

Specifies how the certificate association is presented

source

pub fn cert_data(&self) -> &[u8] ⓘ

Binary data for validating the cert, see other members to understand format

Trait Implementations§

source §

impl Clone for TLSA

source §

fn clone(&self) -> TLSA

Returns a copy of the value. Read more

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

source §

impl Debug for TLSA

source §

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

source §

impl Display for TLSA

RFC 6698, DNS-Based Authentication for TLS

2.2.  TLSA RR Presentation Format

  The presentation format of the RDATA portion (as defined in
  [RFC1035]) is as follows:

  o  The certificate usage field MUST be represented as an 8-bit
     unsigned integer.

  o  The selector field MUST be represented as an 8-bit unsigned
     integer.

  o  The matching type field MUST be represented as an 8-bit unsigned
     integer.

  o  The certificate association data field MUST be represented as a
     string of hexadecimal characters.  Whitespace is allowed within
     the string of hexadecimal characters, as described in [RFC1035].

2.3.  TLSA RR Examples

   In the following examples, the domain name is formed using the rules
   in Section 3.

   An example of a hashed (SHA-256) association of a PKIX CA
   certificate:

   _443._tcp.www.example.com. IN TLSA (
      0 0 1 d2abde240d7cd3ee6b4b28c54df034b9
            7983a1d16e8a410e4561cb106618e971 )

   An example of a hashed (SHA-512) subject public key association of a
   PKIX end entity certificate:

   _443._tcp.www.example.com. IN TLSA (
      1 1 2 92003ba34942dc74152e2f2c408d29ec
            a5a520e7f2e06bb944f4dca346baf63c
            1b177615d466f6c4b71c216a50292bd5
            8c9ebdd2f74e38fe51ffd48c43326cbc )

   An example of a full certificate association of a PKIX end entity
   certificate:

   _443._tcp.www.example.com. IN TLSA (
      3 0 0 30820307308201efa003020102020... )

source §