9 // Sign creates a TLSA record from an SSL certificate.
10 func (r *TLSA) Sign(usage, selector, matchingType int, cert *x509.Certificate) (err error) {
11 r.Hdr.Rrtype = TypeTLSA
12 r.Usage = uint8(usage)
13 r.Selector = uint8(selector)
14 r.MatchingType = uint8(matchingType)
16 r.Certificate, err = CertificateToDANE(r.Selector, r.MatchingType, cert)
20 // Verify verifies a TLSA record against an SSL certificate. If it is OK
21 // a nil error is returned.
22 func (r *TLSA) Verify(cert *x509.Certificate) error {
23 c, err := CertificateToDANE(r.Selector, r.MatchingType, cert)
25 return err // Not also ErrSig?
27 if r.Certificate == c {
30 return ErrSig // ErrSig, really?
33 // TLSAName returns the ownername of a TLSA resource record as per the
34 // rules specified in RFC 6698, Section 3.
35 func TLSAName(name, service, network string) (string, error) {
39 p, err := net.LookupPort(network, service)
43 return "_" + strconv.Itoa(p) + "._" + network + "." + name, nil