We might have some leftover data in bio buffer that we received
before pausing, we need to do tls_do_bio to make sure we call
the recv() callback on it.
- add isc_nm_tlsdnsconnect() function
- add "+[no]tls" option to dig to enable TLS mode
- override the default port number in dig from 53 to 853 when using TLS
Add an optional SSL_CTX argument to isc_nm_listentcpdns - if not NULL,
use isc_nm_listentls instead of isc_nm_listentcp to listen on a TLS
socket for DoT.
Add server-side TLS support to netmgr - that includes moving some of the isc_nm_
functions from tcp.c to a wrapper in netmgr.c calling a proper tcp or tls
function, and a new isc_nm_listentls function.
if more than 10 seconds pass while we wait for netmgr
events to finish running on shutdown, something is almost
certainly wrong and we should assert and crash.
this function sets up a UDP socket, connected to a specified peer
address, then immediately calls a callback with a handle so that
the caller can begin sending.
Resolve "[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c"
See merge request isc-projects/bind9!4037
It was discovered, that some systems might set EPROTO instead of EACCESS
on recvmsg() call causing spurious syslog messages from the socket
code. This commit returns soft handling of EPROTO errno code to the
socket code. [GL #1928]
When calculating the new hashtable bitsize, there was an off-by-one
error that would allow the new bitsize to be larger than maximum allowed
causing assertion failure in the rehash() function.
Printing test-suite.log on system test failure does not work for system
test run from tarball because the "after_script" step does not honour
directory change from the "before_script" step and fails with:
Running after script...
$ cat bin/tests/system/test-suite.log
cat: bin/tests/system/test-suite.log: No such file or directory
