4005. [func] The buffer used for returning text from rndc
commands is now dynamically resizable, allowing
arbitrarily large amounts of text to be sent back
to the client. (Prior to this change, it was
possible for the output of "rndc tsig-list" to be
truncated.) [RT #37731]
3999. [func] "mkeys" and "nzf" files are now named after
their corresponding views, unless the view name
contains characters that would be incompatible
with use in a filename (i.e., slash, backslash,
or capital letters). If a view name does contain
these characters, the files will still be named
using a cryptographic hash of the view name.
Regardless of this, if a file using the old name
format is found to exist, it will continue to be
used. [RT #37704]
startup-notify-rate instead of serial-query-rate.
[RT #24454]
3955. [bug] Notify messages due to changes are no longer queued
behind startup notify messages. [RT #24454]
3786. [func] Provide more detailed error codes when using
native PKCS#11. "pkcs11-tokens" now fails robustly
rather than asserting when run against an HSM with
an incomplete PCKS#11 API implementation. [RT #35479]
3760. [bug] Improve SIT with native PKCS#11 and on Windows.
[RT #35433]
3759. [port] Enable delve on Windows. [RT #35441]
3758. [port] Enable export library APIs on windows. [RT #35382]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
