pub struct TLSA { /* private fields */ }
Expand description
RFC 6698, DNS-Based Authentication for TLS
2.1. TLSA RDATA Wire Format
The RDATA for a TLSA RR consists of a one-octet certificate usage
field, a one-octet selector field, a one-octet matching type field,
and the certificate association data field.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cert. Usage | Selector | Matching Type | /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
/ /
/ Certificate Association Data /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Implementations§
Source§impl TLSA
impl TLSA
Sourcepub fn new(
cert_usage: CertUsage,
selector: Selector,
matching: Matching,
cert_data: Vec<u8>,
) -> Self
pub fn new( cert_usage: CertUsage, selector: Selector, matching: Matching, cert_data: Vec<u8>, ) -> Self
Constructs a new TLSA
RFC 6698, DNS-Based Authentication for TLS
2. The TLSA Resource Record
The TLSA DNS resource record (RR) is used to associate a TLS server
certificate or public key with the domain name where the record is
found, thus forming a "TLSA certificate association". The semantics
of how the TLSA RR is interpreted are given later in this document.
The type value for the TLSA RR type is defined in Section 7.1.
The TLSA RR is class independent.
The TLSA RR has no special Time to Live (TTL) requirements.
Sourcepub fn cert_usage(&self) -> CertUsage
pub fn cert_usage(&self) -> CertUsage
Specifies the provided association that will be used to match the certificate presented in the TLS handshake
Trait Implementations§
Source§impl Display for TLSA
impl Display for TLSA
RFC 6698, DNS-Based Authentication for TLS
2.2. TLSA RR Presentation Format
The presentation format of the RDATA portion (as defined in
[RFC1035]) is as follows:
o The certificate usage field MUST be represented as an 8-bit
unsigned integer.
o The selector field MUST be represented as an 8-bit unsigned
integer.
o The matching type field MUST be represented as an 8-bit unsigned
integer.
o The certificate association data field MUST be represented as a
string of hexadecimal characters. Whitespace is allowed within
the string of hexadecimal characters, as described in [RFC1035].
2.3. TLSA RR Examples
In the following examples, the domain name is formed using the rules
in Section 3.
An example of a hashed (SHA-256) association of a PKIX CA
certificate:
_443._tcp.www.example.com. IN TLSA (
0 0 1 d2abde240d7cd3ee6b4b28c54df034b9
7983a1d16e8a410e4561cb106618e971 )
An example of a hashed (SHA-512) subject public key association of a
PKIX end entity certificate:
_443._tcp.www.example.com. IN TLSA (
1 1 2 92003ba34942dc74152e2f2c408d29ec
a5a520e7f2e06bb944f4dca346baf63c
1b177615d466f6c4b71c216a50292bd5
8c9ebdd2f74e38fe51ffd48c43326cbc )
An example of a full certificate association of a PKIX end entity
certificate:
_443._tcp.www.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
impl Eq for TLSA
impl StructuralPartialEq for TLSA
Auto Trait Implementations§
impl Freeze for TLSA
impl RefUnwindSafe for TLSA
impl Send for TLSA
impl Sync for TLSA
impl Unpin for TLSA
impl UnwindSafe for TLSA
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit
)