getdns/doc/getdns_validate_dnssec.3.in

.\" The "BSD-New" License
.\" 
.\" Copyright (c) 2013, NLnet Labs, Verisign, Inc.
.\" All rights reserved.
.\" 
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions are met:
.\" * Redistributions of source code must retain the above copyright
.\"   notice, this list of conditions and the following disclaimer.
.\" * Redistributions in binary form must reproduce the above copyright
.\"   notice, this list of conditions and the following disclaimer in the
.\"   documentation and/or other materials provided with the distribution.
.\" * Neither the names of the copyright holders nor the
.\"   names of its contributors may be used to endorse or promote products
.\"   derived from this software without specific prior written permission.
.\" 
.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
.\" DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" 

.TH getdns_validate_dnssec 3 "@date@" "getdns @version@" getdns
.SH NAME
.B getdns_validate_dnssec
-- DNSSEC validate a given getdns record

.SH LIBRARY
DNS Resolver library (libgetdns, -lgetdns)

.SH SYNOPSIS
#include <getdns.h>

getdns_return_t 
.br
.B getdns_validate_dnssec
(getdns_list *record_to_validate,
.br
.RS 3
getdns_list *bundle_of_support_records,
.br
getdns_list *trust_anchor_records)
.RE

.SH DESCRIPTION

.LP
If an application wants the API to perform DNSSEC validation without using the
extensions, it can use the getdns_validate_dnssec() helper function. The API
will use the resource records in bundle_of_support_records to construct the
validation chain and the DNSKEY or DS records in trust_anchor_records as trust
anchors. The default list of trust anchor records that is used by the library
to validate DNSSEC can be retrieved by using the getdns_root_trust_anchor
helper function.

.HP 3
.I record_to_validate
the resource record being validated

.HP 3
.I bundle_of_support_records
records used to construct the validation chain

.HP 3
.I trust_anchor_records
trust anchor records to use for the validation

.HP
.SH "RETURN VALUES"

.LP
.B GETDNS_DNSSEC_BOGUS
the DNSSEC signature is bogus
.LP
.B GETDNS_DNSSEC_INDETERMINATE
validation could not be completed
.LP
.B GETDNS_DNSSEC_INSECURE
one or more pieces of the validation chain are demonstrably incorrect
.LP
.B GETDNS_DNSSEC_SECURE
validation succeeded
.LP
.B GETDNS_RETURN_MEMORY_ERROR
an attempt to allocate memory failed

.SH EXAMPLES

TBD

.SH SEE ALSO
.BR getdns_root_trust_anchor (3)
.BR libgetdns (3)
added man pages for some helper functions 2014-04-24 09:13:19 -05:00			`.\" The "BSD-New" License`
			`.\"`
			`.\" Copyright (c) 2013, NLnet Labs, Verisign, Inc.`
			`.\" All rights reserved.`
			`.\"`
			`.\" Redistribution and use in source and binary forms, with or without`
			`.\" modification, are permitted provided that the following conditions are met:`
			`.\" * Redistributions of source code must retain the above copyright`
			`.\" notice, this list of conditions and the following disclaimer.`
			`.\" * Redistributions in binary form must reproduce the above copyright`
			`.\" notice, this list of conditions and the following disclaimer in the`
			`.\" documentation and/or other materials provided with the distribution.`
			`.\" * Neither the names of the copyright holders nor the`
			`.\" names of its contributors may be used to endorse or promote products`
			`.\" derived from this software without specific prior written permission.`
			`.\"`
			`.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND`
			`.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED`
			`.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE`
			`.\" DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY`
			`.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES`
			`.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND`
			`.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT`
			`.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS`
			`.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.`
			`.\"`

			`.TH getdns_validate_dnssec 3 "@date@" "getdns @version@" getdns`
			`.SH NAME`
			`.B getdns_validate_dnssec`
Fix and add check for manpage-has-bad-whatis-entry Also remove obsolete getdns_free_sync_request_memory function Also list all authors in libgetdns manpage 2014-11-10 08:50:45 -06:00			`-- DNSSEC validate a given getdns record`
added man pages for some helper functions 2014-04-24 09:13:19 -05:00
			`.SH LIBRARY`
			`DNS Resolver library (libgetdns, -lgetdns)`

			`.SH SYNOPSIS`
			`#include <getdns.h>`

			`getdns_return_t`
			`.br`
			`.B getdns_validate_dnssec`
			`(getdns_list *record_to_validate,`
			`.br`
			`.RS 3`
			`getdns_list *bundle_of_support_records,`
			`.br`
			`getdns_list *trust_anchor_records)`
			`.RE`

			`.SH DESCRIPTION`

			`.LP`
			`If an application wants the API to perform DNSSEC validation without using the`
			`extensions, it can use the getdns_validate_dnssec() helper function. The API`
			`will use the resource records in bundle_of_support_records to construct the`
			`validation chain and the DNSKEY or DS records in trust_anchor_records as trust`
			`anchors. The default list of trust anchor records that is used by the library`
			`to validate DNSSEC can be retrieved by using the getdns_root_trust_anchor`
			`helper function.`

			`.HP 3`
			`.I record_to_validate`
			`the resource record being validated`

			`.HP 3`
			`.I bundle_of_support_records`
			`records used to construct the validation chain`

			`.HP 3`
			`.I trust_anchor_records`
			`trust anchor records to use for the validation`

			`.HP`
			`.SH "RETURN VALUES"`

			`.LP`
			`.B GETDNS_DNSSEC_BOGUS`
			`the DNSSEC signature is bogus`
			`.LP`
			`.B GETDNS_DNSSEC_INDETERMINATE`
			`validation could not be completed`
			`.LP`
			`.B GETDNS_DNSSEC_INSECURE`
			`one or more pieces of the validation chain are demonstrably incorrect`
			`.LP`
			`.B GETDNS_DNSSEC_SECURE`
			`validation succeeded`
			`.LP`
			`.B GETDNS_RETURN_MEMORY_ERROR`
			`an attempt to allocate memory failed`

			`.SH EXAMPLES`

			`TBD`

			`.SH SEE ALSO`
			`.BR getdns_root_trust_anchor (3)`
			`.BR libgetdns (3)`