To:
Ernesto Eulogio Blázquez <ernesto@dif.um.es>
Cc:
dnssec@cafax.se
From:
Olivier Courtay <olivier.courtay@irisa.fr>
Date:
Tue, 23 Mar 2004 11:33:36 +0100
In-Reply-To:
<4060097D.3090008@aries.dif.um.es>
Sender:
owner-dnssec@cafax.se
User-Agent:
Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.5) Gecko/20031007
Subject:
Re: DNSsecToolKit structure of certificate
Ernesto Eulogio Blázquez a écrit :
> Hello,
Hello,
>
> I'm using the tool DNSsecToolKit and I want to get a certificate from a
> dnssec server, but I don't know what structure has the returned
> certificate.
> The CERT RR cotains the certificate in base 64 format but the function
> cache_get_section returns a dns_rdata2 structure which contains a field
> named rdata. This field contains the certificate but I ignore its format
> of this data (the certificate).
Thanks for using my library (a new version will be soon available).
DNSsecToolKit is able to get DNS RR and to make the DNSSEC validation of
this RR.
The RR provides to the client application is not decoded.
(In the code you have example of how to decode some RR into structures
like SIG or KEY...)
The application MUST decode the RR (provided in a struct dns_rdata2).
It's equivalent to the getrrsetbyname function.
For information the structure is :
typedef struct dns_rdata2 {
dns_name2 * name;
unsigned char * data;
unsigned int length;
dns_rdataclass rdclass;
dns_rdatatype type;
unsigned int count;
struct dns_rdata2 * rdata_link;
} dns_rdata2 ;
And a CERT RR has this structure :
typedef struct dns_rdata_cert {
u_int16_t type;
u_int16_t key_tag;
u_int8_t algorithm;
u_int16_t length;
unsigned char *certificate;
} dns_rdata_cert_t;
See the RFC 2538
You should convert data of dns_rdata2 in dns_rdata_cert .
>
> Can you help me? can you tell me the format of the returned certificate?
> or can you tell me who i can ask for it?
In the Author part of the README, it's writing how to contact the author
(me)
Regards,
Olivier Courtay
IRISA (www.irisa.fr)
IDsA project (idsa.irisa.fr)