common: Allow requesting a specific certtype with get_dns_cert()

* common/dns-cert.c (get_dns_cert): Add arg want_certtype. Change all callers. (CERTTYPE_): Move constants to ... * common/dns-cert.h: here as DNS_CERTTYPE_. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2015-02-25 12:03:21 +01:00 · 2015-02-25 12:03:21 +01:00 · af60152a46
commit af60152a46
parent 9913253610
4 changed files with 35 additions and 24 deletions
--- a/common/dns-cert.h
+++ b/common/dns-cert.h
@ -29,7 +29,24 @@
 #ifndef GNUPG_COMMON_DNS_CERT_H
 #define GNUPG_COMMON_DNS_CERT_H

-gpg_error_t get_dns_cert (const char *name, estream_t *r_key,
+
+#define DNS_CERTTYPE_ANY       0 /* Internal catch all type. */
+/* Certificate types according to RFC-4398:  */
+#define DNS_CERTTYPE_PKIX      1 /* X.509 as per PKIX. */
+#define DNS_CERTTYPE_SPKI      2 /* SPKI certificate.  */
+#define DNS_CERTTYPE_PGP       3 /* OpenPGP packet.  */
+#define DNS_CERTTYPE_IPKIX     4 /* The URL of an X.509 data object. */
+#define DNS_CERTTYPE_ISPKI     5 /* The URL of an SPKI certificate.  */
+#define DNS_CERTTYPE_IPGP      6 /* The fingerprint
+                                    and URL of an OpenPGP packet.  */
+#define DNS_CERTTYPE_ACPKIX    7 /* Attribute Certificate.  */
+#define DNS_CERTTYPE_IACPKIX   8 /* The URL of an Attribute Certificate.  */
+#define DNS_CERTTYPE_URI     253 /* URI private.  */
+#define DNS_CERTTYPE_OID     254 /* OID private.  */
+
+
+gpg_error_t get_dns_cert (const char *name, int want_certtype,
+                          estream_t *r_key,
                          unsigned char **r_fpr, size_t *r_fprlen,
                          char **r_url);