uint8_t mtype, uint8_t ord);
int SSL_dane_enable(SSL *s, const char *basedomain);
int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
- uint8_t mtype, unsigned char *data, size_t dlen);
+ uint8_t mtype, unsigned const char *data, size_t dlen);
int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
uint8_t *mtype, unsigned const char **data,
The arguments specify the fields of the TLSA record.
The B<data> field is provided in binary (wire RDATA) form, not the hexadecimal
ASCII presentation form, with an explicit length passed via B<dlen>.
+The library takes a copy of the B<data> buffer contents and the caller may
+free the original B<data> buffer when convenient.
A return value of 0 indicates that "unusable" TLSA records (with invalid or
unsupported parameters) were provided.
A negative return value indicates an internal error in processing the record.
SSL_dane_set_flags() and SSL_dane_clear_flags() return the B<flags> in effect
before they were called.
-=head1 EXAMPLE
+=head1 EXAMPLES
Suppose "smtp.example.com" is the MX host of the domain "example.com", and has
DNSSEC-validated TLSA records.
=head1 HISTORY
-These functions were first added to OpenSSL 1.1.0.
+These functions were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.