| /src/external/mpl/bind/dist/lib/dns/rdata/generic/ |
| tlsa_52.c | 195 dns_rdata_tlsa_t *tlsa = source; local
197 REQUIRE(tlsa != NULL);
198 REQUIRE(tlsa->common.rdtype == type);
199 REQUIRE(tlsa->common.rdclass == rdclass);
204 RETERR(uint8_tobuffer(tlsa->usage, target));
205 RETERR(uint8_tobuffer(tlsa->selector, target));
206 RETERR(uint8_tobuffer(tlsa->match, target));
208 return mem_tobuffer(target, tlsa->data, tlsa->length);
213 dns_rdata_tlsa_t *tlsa = target local
241 dns_rdata_tlsa_t *tlsa = source; local
264 dns_rdata_tlsa_t *tlsa = target; local
276 dns_rdata_tlsa_t *tlsa = source; local
[all...] |
| /src/external/mpl/dhcp/bind/dist/lib/dns/rdata/generic/ |
| tlsa_52.c | 196 dns_rdata_tlsa_t *tlsa = source; local
198 REQUIRE(tlsa != NULL);
199 REQUIRE(tlsa->common.rdtype == type);
200 REQUIRE(tlsa->common.rdclass == rdclass);
205 RETERR(uint8_tobuffer(tlsa->usage, target));
206 RETERR(uint8_tobuffer(tlsa->selector, target));
207 RETERR(uint8_tobuffer(tlsa->match, target));
209 return (mem_tobuffer(target, tlsa->data, tlsa->length));
214 dns_rdata_tlsa_t *tlsa = target local
246 dns_rdata_tlsa_t *tlsa = source; local
269 dns_rdata_tlsa_t *tlsa = target; local
283 dns_rdata_tlsa_t *tlsa = source; local
[all...] |
| /src/external/ibm-public/postfix/dist/src/smtp/ |
| smtp_tlsrpt.c | 30 /* remote TLSRPT policy information, b) remote TLSA or STS policy
285 TLS_TLSA *tlsa; local
287 for (tlsa = dane->tlsa; tlsa != 0; tlsa = tlsa->next) {
288 vstring_sprintf(buf, "%d %d %d ", tlsa->usage,
289 tlsa->selector, tlsa->mtype)
[all...] |
| smtp_tls_policy.c | 697 * "dane-only" changes to "dane" once we obtain the requisite TLSA
732 * Even when soliciting raw public keys, synthesize TLSA RRs that also match
767 if (tls->dane->tlsa == 0) {
785 if (tls->dane->tlsa == 0
1010 /* When TLSA lookups fail, we defer the message */
1014 dsb_simple(tls->why, "4.7.5", "TLSA lookup error for %s:%u",
1019 dane_incompat(tls, iter, NONDANE_DEST, "no TLSA records found");
1025 * Some TLSA records found, but none usable, per
1038 dane_incompat(tls, iter, DANE_CANTAUTH, "TLSA records unusable");
1064 if (dane->tlsa != 0)
[all...] |
| /src/external/ibm-public/postfix/dist/src/tls/ |
| tls_dane.c | 21 /* void tls_tlsa_free(tlsa)
22 /* TLS_TLSA *tlsa;
34 /* TLS_TLSA *tlsa_prepend(tlsa, usage, selector, mtype, data, len)
35 /* TLS_TLSA *tlsa;
81 /* tls_tlsa_free() frees a TLSA record linked list.
86 /* DANE TLSA digests and private-use fingerprint digest.
88 /* tlsa_prepend() prepends a TLSA record to the head of a linked list
93 /* "delim" as delimiters and generates corresponding synthetic DANE TLSA
100 /* public keys from a file (rather than DNS TLSA records).
105 /* the DNS query for the TLSA record tempfailed. In all other cases th
[all...] |
| tls_fprint.c | 153 /* tlsa_cmp - compare TLSA RRs for sorting to canonical order */
172 /* tls_digest_tlsa - fold in digest of TLSA records */
174 static int tls_digest_tlsa(EVP_MD_CTX *mdctx, TLS_TLSA *tlsa)
182 for (n = 0, p = tlsa; p != 0; p = p->next)
185 for (i = 0, p = tlsa; p; p = p->next)
257 * DANE TLSA digests. Failing that, we compute serverid digests with the
293 && props->dane && props->dane->tlsa) {
294 CHECK_OK_AND(tls_digest_tlsa(mdctx, props->dane->tlsa));
296 int none = 0; /* Record a TLSA RR count of zero */
|
| tls_dane.sh | 119 local tlsa=$1; shift
131 printf "%d %d %d %-24s %s: " "$usage" "$selector" "$mtype" "$tlsa" "$desc"
134 "$TEST" "$usage" "$selector" "$digest" "$tlsa.pem" "$ca" "$chain.pem" \
|
| tls_client.c | 582 * associated TLSA RRs.
597 /* Per RFC7672 the SNI name is the TLSA base domain */
616 if (TLScontext->dane != 0 && TLScontext->dane->tlsa != 0) {
1111 * Try to convey the configured TLSA records for this connection to the
1116 if (TLScontext->dane && TLScontext->dane->tlsa) {
1128 "all-TLSA-records-unusable");
1131 msg_warn("%s: all TLSA records unusable, fallback to "
1152 "all-TLSA-records-unusable");
1155 msg_warn("%s: all TLSA records unusable", TLScontext->namaddr);
|
| tls_proxy_client_print.c | 242 (const void *) dane->tlsa),
|
| tls.h | 49 #define TLS_LEV_HALF_DANE 4 /* DANE TLSA MX host, insecure MX RR */
50 #define TLS_LEV_DANE 5 /* Opportunistic TLSA policy */
51 #define TLS_LEV_DANE_ONLY 6 /* Required TLSA policy */
180 #define TLS_DANE_FLAG_ERROR (1<<2) /* TLSA record lookup error */
189 * Certificate and public key digests (typically from TLSA RRs), grouped by
202 TLS_TLSA *tlsa; /* TLSA records */ member in struct:TLS_DANE
203 char *base_domain; /* Base domain of TLSA RRset */
269 /* DANE TLSA trust input and verification state */
270 const TLS_DANE *dane; /* DANE TLSA digests *
[all...] |
| tls_proxy_client_scan.c | 413 /* We only need the base domain and TLSA RRs */
417 &dane->tlsa),
|
| /src/external/apache2/mDNSResponder/dist/ServiceRegistration/ |
| srp-log.c | 106 CASE_TO_STR(tlsa);
|
| /src/external/ibm-public/postfix/dist/conf/ |
| postfix-tls-script | 46 # display commands to output a corresponding CSR or TLSA
84 # update the DNS with new DANE TLSA records, then wait for
98 # publishing DANE TLSA "3 1 1" or "3 1 2" records, there is
136 # .IP "\fBoutput-server-tlsa\fR [\fB-h \fIhostname\fR] [\fIkeyfile\fB...\fR]"
137 # Write to stdout a DANE TLSA RRset suitable for a port 25
148 # value is empty or equal to \fBnone\fR, then no TLSA record
584 If you publish DANE TLSA records, see:
588 https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022
629 # Otherwise, just the new keys, so that TLSA records can be updated
633 To generate TLSA records run
[all...] |
| /src/external/ibm-public/postfix/dist/src/posttls-finger/ |
| posttls-finger.c | 104 /* fingerprints (with DANE TLSA records the algorithm is specified
108 /* Look up the associated DANE TLSA RRset even when a hostname is not an
142 /* TLSA records are found, or all the records found are unusable, the
197 /* matching of TLSA record trust-anchor and end-entity certificates.
220 /* The TLS policy for MX hosts with "secure" TLSA records when the
246 /* extension. When the server has DANE TLSA records, this parameter
247 /* is ignored and the TLSA base domain is used instead. Otherwise, SNI is
508 TLS_DANE *dane; /* DANE TLSA validation structure */
509 TLS_DANE *ddane; /* DANE TLSA from DNS */
1519 * When TLSA lookups fail, next host. If unusable or not found
[all...] |
