Struct TLSA
pub struct TLSA { /* private fields */ }
Expand description
RFC 6698, DNS-Based Authentication for TLS
2.1. TLSA RDATA Wire Format
The RDATA for a TLSA RR consists of a one-octet certificate usage
field, a one-octet selector field, a one-octet matching type field,
and the certificate association data field.
1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Cert. Usage | Selector | Matching Type | /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ /
/ /
/ Certificate Association Data /
/ /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Implementations§
§impl TLSA
impl TLSA
pub fn new(
cert_usage: CertUsage,
selector: Selector,
matching: Matching,
cert_data: Vec<u8>,
) -> TLSA
pub fn new( cert_usage: CertUsage, selector: Selector, matching: Matching, cert_data: Vec<u8>, ) -> TLSA
Constructs a new TLSA
RFC 6698, DNS-Based Authentication for TLS
2. The TLSA Resource Record
The TLSA DNS resource record (RR) is used to associate a TLS server
certificate or public key with the domain name where the record is
found, thus forming a "TLSA certificate association". The semantics
of how the TLSA RR is interpreted are given later in this document.
The type value for the TLSA RR type is defined in Section 7.1.
The TLSA RR is class independent.
The TLSA RR has no special Time to Live (TTL) requirements.
pub fn cert_usage(&self) -> CertUsage
pub fn cert_usage(&self) -> CertUsage
Specifies the provided association that will be used to match the certificate presented in the TLS handshake
pub fn selector(&self) -> Selector
pub fn selector(&self) -> Selector
Specifies which part of the TLS certificate presented by the server will be matched against the association data
pub fn matching(&self) -> Matching
pub fn matching(&self) -> Matching
Specifies how the certificate association is presented
Trait Implementations§
§impl<'de> Deserialize<'de> for TLSA
impl<'de> Deserialize<'de> for TLSA
§fn deserialize<__D>(
__deserializer: __D,
) -> Result<TLSA, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(
__deserializer: __D,
) -> Result<TLSA, <__D as Deserializer<'de>>::Error>where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
§impl Display for TLSA
impl Display for TLSA
RFC 6698, DNS-Based Authentication for TLS
2.2. TLSA RR Presentation Format
The presentation format of the RDATA portion (as defined in
[RFC1035]) is as follows:
o The certificate usage field MUST be represented as an 8-bit
unsigned integer.
o The selector field MUST be represented as an 8-bit unsigned
integer.
o The matching type field MUST be represented as an 8-bit unsigned
integer.
o The certificate association data field MUST be represented as a
string of hexadecimal characters. Whitespace is allowed within
the string of hexadecimal characters, as described in [RFC1035].
2.3. TLSA RR Examples
In the following examples, the domain name is formed using the rules
in Section 3.
An example of a hashed (SHA-256) association of a PKIX CA
certificate:
_443._tcp.www.example.com. IN TLSA (
0 0 1 d2abde240d7cd3ee6b4b28c54df034b9
7983a1d16e8a410e4561cb106618e971 )
An example of a hashed (SHA-512) subject public key association of a
PKIX end entity certificate:
_443._tcp.www.example.com. IN TLSA (
1 1 2 92003ba34942dc74152e2f2c408d29ec
a5a520e7f2e06bb944f4dca346baf63c
1b177615d466f6c4b71c216a50292bd5
8c9ebdd2f74e38fe51ffd48c43326cbc )
An example of a full certificate association of a PKIX end entity
certificate:
_443._tcp.www.example.com. IN TLSA (
3 0 0 30820307308201efa003020102020... )
§impl RecordData for TLSA
impl RecordData for TLSA
§fn try_from_rdata(data: RData) -> Result<TLSA, RData>
fn try_from_rdata(data: RData) -> Result<TLSA, RData>
Attempts to convert to this RecordData from the RData type, if it is not the correct type the original is returned
§fn try_borrow(data: &RData) -> Option<&TLSA>
fn try_borrow(data: &RData) -> Option<&TLSA>
Attempts to borrow this RecordData from the RData type, if it is not the correct type the original is returned
§fn record_type(&self) -> RecordType
fn record_type(&self) -> RecordType
Get the associated RecordType for the RecordData
§fn into_rdata(self) -> RData
fn into_rdata(self) -> RData
Converts this RecordData into generic RecordData
§impl Serialize for TLSA
impl Serialize for TLSA
§fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
fn serialize<__S>(
&self,
__serializer: __S,
) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>where
__S: Serializer,
Serialize this value into the given Serde serializer. Read more
impl Eq for TLSA
impl StructuralPartialEq for TLSA
Auto Trait Implementations§
impl Freeze for TLSA
impl RefUnwindSafe for TLSA
impl Send for TLSA
impl Sync for TLSA
impl Unpin for TLSA
impl UnwindSafe for TLSA
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit
)§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
Compare self to
key
and return true
if they are equal.