		DNSSEC extension to libspf2-1.2.5: Developer Guide
		==================================================
			         (Version 0.1)

Introduction
------------

The DNSSEC extension to libspf2 provides DNSSEC validation to DNS
queries in libspf2.

This document describes the changes to libspf2-1.2.5 to provide the DNSSEC
validation.  It is intended as a guide to developers who want to use this
functionality offered by the libspf2-1.2.5_dnssec_patch.  This is still in
its early stages of design and development, and may undergo some changes
in the future.


Additions to libspf2
--------------------

The SPF_dns_lookup function can now return an additional error value:

    DNSSEC_FAILURE

The error code SPF_E_DNSSEC_FAILURE is added to the list of error
codes in the response struct, when a DNSSEC validation failure occurs
during SPF processing.

After SPF processing, the SPF_response object/variable is available
to the application.  The application can check the error codes within
this variable to see if any of them matches SPF_E_DNSSEC_FAILURE, and
determine if there was DNSSEC validation failure during SPF processing.

For example, it can do the following:

SPF_request_t *requestp;
SPF_response_t *responsep;

/* initialize and configure requestp ... */

/* SPF-checks */
SPF_request_query_mailfrom(requestp, &responsep);

/* Check for DNSSEC validation failure */
do {
   int i, num_errs;
   SPF_error_t *err;
   SPF_errcode_t errcode;
   char *errmsg;
   
   num_errs = SPF_response_warnings (responsep);

   for (i=0; i<num_errs; i++) {
       err = SPF_response_message (responsep, i);
       if (err) {
	  errcode = SPF_error_code (err);
	  if (errcode == SPF_E_DNSSEC_FAILURE) {
	     errmsg = (char *) SPF_error_message (err);
	     /* Take appropriate action */
	  }
       }
   }  
} while (0);

