ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Deprecate AES algorithm for DNS cookies

Browse Source 
The AES algorithm for DNS cookies was being kept for legacy reasons,
and it can be safely removed in the next major release.  Mark is as
deprecated, so the `named-checkconf` prints a warning when in use.
This commit is contained in:
Ondřej Surý
2023-11-07 15:17:10 +01:00
parent fd4ad5f0ba
commit 67d14b0ee5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/isccfg/check.c
View File

@@ -1561,6 +1561,10 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
(void)cfg_map_get(options, "cookie-algorithm", &obj);
if (obj != NULL) {
ccalg = cfg_obj_asstring(obj);
if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"cookie-algorithm 'aes' is deprecated");
}
}
obj = NULL;