Documentation ¶
Overview ¶
Package tlsa provides a set of higher level functions to assist with managing TLSA records.
Index ¶
- Variables
- func AddRR(pinNames []string, keys []dns.KEY, crtSigns []string)
- func CertificateSignatures(certFiles []string) ([]string, error)
- func DeleteRRs(pinNames []string, keys []dns.KEY)
- func GetCertificate(certificateFile string) (*x509.Certificate, error)
- func GetDomainNamesFromCertFile(certificateFile string) ([]string, error)
- func GetZone(name string, ns string) (string, error)
- func ReadTSIG(fileName string) ([]dns.KEY, error)
- func TsigAndSend(m *dns.Msg, keys []dns.KEY) error
Constants ¶
This section is empty.
Variables ¶
var MatchingType = uint(3)
MatchingType contains TLSA MatchingType parameter, to be set. This value is of type uint
var NameServer = "127.0.0.1:53"
NameServer is the Global Name Server to use for sending the updates.
var Selector = uint(2)
Selector contains the TLSA Selector parameter, to be set. This value is of type uint
var TSIGFUDGE = uint16(300)
TSIGFUDGE contains the fudge interval for TSIG signatures
var UDPBUFSIZE = uint16(4096)
UDPBUFSIZE contains the UDP packet size advertised with EDNS(0). Defaults to 4096.
var Usage = uint(1)
Usage contains the TLSA Usage parameter, to be set. This value is of type uint
Functions ¶
func AddRR ¶
AddRR composes a DNS Dynamic Updte to add one or more TLSA RR. The process is meant to be additive, so that multiple records can be appended. The update request is sent via the TsigAndSend() helper.
func CertificateSignatures ¶
CertificateSignatures precalculates the certificate signatures from the pinned certificates to use. These are suitable for setting up TLSA records without reading certs multiple times, as would be required by the underlying functions in the dns library.
func DeleteRRs ¶
DeleteRRs composes a DNS Dynamic Update to delete all TLSA RRs. This can be used to wipe clean the namespace. Uses the TsigAndSend() helper to cause the update to be sent to the global Name Server for processing.
func GetCertificate ¶
func GetCertificate(certificateFile string) (*x509.Certificate, error)
GetCertificate reads a PEM encoded certificate file or public key.
When fed a PEM encoded certificate, the x509.Certificate object is returned. If fed a public key in PEM format, a pseudo x509.Certificate is returned, with only the public key field populated. This is enough to calculate the TLSA signature.
Suitable errors are returned when conditions aren't favorable.
func GetDomainNamesFromCertFile ¶
GetDomainNamesFromCertFile returns the list of domain names in the CN or alternative sections of this certificate
func GetZone ¶
GetZone finds the apex where the updated name is located at. A SOA DNS query is sent to the global Name Server -- expected to be the (possibly hidden) master server managing this zone's data.
Types ¶
This section is empty.