[getdns-users] Example using the "dnssec_return_validation_chain" extension
Linus Nordberg
linus at nordberg.se
Fri Apr 1 14:53:14 UTC 2016
Willem Toorop <willem at nlnetlabs.nl> wrote
Fri, 26 Feb 2016 12:16:38 +0100:
[...]
| you really want, but it doesn't seem too much of an effort to convert
| from wire format to a getdns_list. I.e. for example with the well
| documented wire2rr_dict_scan ;) :
[...]
| We could expose this as
|
| getdns_return_t
| getdns_wire_rrs2list(uint8_t *wire, size_t wire_len, getdns_list **list);
|
| But I also like to keep the API as small as possible and don't want to
| expose a lot of helper functions that you could have easily recreated
| with the existing functions as well.
Makes sense. I ended up doing something very similar to what you outline
above. Works just fine. Thanks!
Next question is if I can somehow access the canonicalised data that the
validation is based on? From skimming the code, it seems to me that
canonicalisation is performed but I haven't figured out if it's safe to
assume that I could simply use the data in getdns_list's that I passed
to getdns_validate_dnssec2() once it returns.
By the way, I've been using commit 4e0073ae for my testing. This seems
to be close enough to 1.0.0b1 for me to give a thumbs up for at least
the DNSSEC validation parts of that (pre-)release. Great work!
More information about the Users
mailing list