Commit Graph
73 Commits
Author SHA1 Message Date
Tinderbox User f96e57a2c4 update copyright notice / whitespace 2017-07-31 23:49:05 +00:00
Francis Dupont dea37aee81 Added Ed25519 support (#44696) 2017-07-31 17:02:24 +02:00
Tinderbox User ff69a0423e update copyright notice / whitespace 2016-11-08 23:57:34 +00:00
Mark Andrews 964e19cea8 4497. [port] Add support for OpenSSL 1.1.0. [RT #41284] 2016-11-09 09:59:32 +11:00
Tinderbox User a06917d08f update copyright notice / whitespace 2016-11-02 23:51:39 +00:00
Evan Hunt 60814deed8 [v9_9] make uninstall
4503.	[cleanup]	"make uninstall" now removes file installed by
			BIND. (This currently excludes Python files
			due to lack of support in setup.py.) [RT #42912]

(cherry picked from commit 6087f87afb)
(cherry picked from commit 398f8c32f3)
2016-11-01 20:22:35 -07:00
Tinderbox User e52e476295 update copyright notice / whitespace 2016-07-14 23:54:00 +00:00
Mark Andrews 456d497196 4413. [bug] GSSAPI negotiation could fail if GSS_S_CONTINUE_NEEDED
was returned. [RT #42733]

(cherry picked from commit 63e58ad048)
2016-07-14 15:08:36 +10:00
Tinderbox User 4acf5216d7 update copyright notice / whitespace 2015-11-09 23:46:11 +00:00
Evan Hunt 7d984067ee [v9_9] fix python script versions
4257.	[cleanup]	Python scripts reported incorrect version. [RT #41080]
2015-11-08 21:41:04 -08:00
Tinderbox User cd80053809 update copyright notice / whitespace 2015-08-07 23:46:19 +00:00
Evan Hunt 0d83784a75 [v9_9] address buffer accounting error
4168.	[security]	A buffer accounting error could trigger an
			assertion failure when parsing certain malformed
			DNSSEC keys. (CVE-2015-5722) [RT #40212]

(cherry picked from commit ce9f893e21)
2015-08-07 13:22:40 -07:00
Mark Andrews a0095a7c1a update copyrights 2013-12-05 15:13:01 +11:00
Mark Andrews 3b38a23089 3681. [port] Update the Windows build system to support feature
selection and WIN64 builds.  This is a work in
                        progress. [RT #34160]

(cherry picked from commit c3c8823fed)

Conflicts:
	CHANGES
	bin/check/win32/checktool.dsp.in
	bin/dnssec/win32/dnssectool.dsp.in
	bin/dnssec/win32/importkey.dsp.in
	bin/dnssec/win32/importkey.mak.in
	bin/named/geoip.c
	bin/named/include/named/geoip.h
	bin/tools/win32/rrchecker.dsp.in
	bin/tools/win32/rrchecker.mak.in
	config.h.win32
	lib/dns/geoip.c
	lib/dns/master.c
	lib/dns/win32/libdns.dsp.in
	lib/dns/win32/libdns.mak.in
	lib/isc/mem.c
	lib/isc/stats.c
	lib/isc/win32/file.c
	lib/isc/win32/libisc.def.in
	lib/isc/win32/libisc.mak.in
	lib/isc/win32/stdio.c
	lib/isccc/cc.c
	win32utils/BuildAll.bat
	win32utils/BuildSetup.bat
	win32utils/legacy/BINDBuild.dsw.in
	win32utils/makeversion.pl
	win32utils/setpk11provider.pl
	win32utils/updatelibxml2.pl
	win32utils/win32-build.txt
2013-12-04 13:48:45 +11:00
Mark Andrews 2e4548087a 3642. [func] Allow externally generated DNSKEY to be imported
into the DNSKEY management framework.  A new tool
                        dnssec-importkey is used to this. [RT #34698]
2013-11-13 12:54:37 +11:00
Tinderbox User d1fb83012b update copyright notice 2013-08-15 23:45:44 +00:00
Mark Andrews cbc2132d2a 3632. [bug] Signature from newly inactive keys were not being
removed.  [RT #32178]

(cherry picked from commit 7ace327795)
2013-08-15 11:20:18 +10:00
Evan Hunt 152c393671 [v9_9] silence noisy OpenSSL logging
3402.	[bug]		Correct interface numbers for IPv4 and IPv6 interfaces.
(cherry picked from commit 0e37e9e3d7)
2012-10-24 13:00:06 -07:00
Tinderbox User 1439e7b8ff update copyright notice 2012-07-23 23:45:53 +00:00
Mark Andrews 62eeb6c836 3354. [func] Improve OpenSSL error logging. [RT #29932] 2012-07-23 15:09:42 +10:00
Tinderbox User 03565e899d update copyright notice 2012-06-29 23:45:45 +00:00
Mark Andrews cb421b69c3 reverse bad copyright update 2012-06-29 11:41:43 +10:00
Tinderbox User cd24b114bf update copyright notice 2012-06-29 01:22:07 +00:00
Mark Andrews acebc2457c 3339. [func] Allow the maximum supported rsa exponent size to be
specified: "max-rsa-exponent-size <value>;" [RT #29228]
2012-06-20 21:34:24 +10:00
Tinderbox User a2093c07a5 update copyright notice 2012-05-17 23:45:48 +00:00
Evan Hunt 8b1b819ae4 add ECDSA support
3317.	[protocol]	Add ECDSA support (RFC 6605). [RT #21918]
2012-05-17 15:52:07 -07:00
Evan Hunt 8047e7c06f re-remove cvsignore files 2012-03-05 08:29:31 -08:00
Evan Hunt f94af76649 Revert "added gitignore, removed cvsignore"
This reverts commit e8ae173655.
2012-03-05 08:24:17 -08:00
Evan Hunt e8ae173655 added gitignore, removed cvsignore 2012-03-03 23:24:11 -08:00
Mark Andrews 1946c596b4 3174. [bug] Always compute to revoked key tag from scratch.
[RT #24711]
2011-10-20 21:20:02 +00:00
Evan Hunt 0994d3a21b 3087. [bug] DDNS updates using SIG(0) with update-policy match
type "external" could cause a crash. [RT #23735]
2011-03-21 19:54:03 +00:00
Evan Hunt 61bcc23203 3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
dnssec-keyfromlabel sets the default TTL of the
			key.  When possible, automatic signing will use that
			TTL when the key is published.  [RT #23304]
2011-03-17 01:40:40 +00:00
Automatic Updater 135bcc2e42 update copyright notice 2011-01-11 23:47:14 +00:00
Mark Andrews 433e06a25c 3006. [func] Allow dynamically generated TSIG keys to be preserved
across restarts of named.  Initially this is for
                        TSIG keys generated using GSSAPI. [RT #22639]
2011-01-10 05:32:04 +00:00
Automatic Updater 0e0be796a7 update copyright notice 2011-01-08 23:47:01 +00:00
Evan Hunt 8a743600dd 3005. [port] Solaris: Work around the lack of
gsskrb5_register_acceptor_identity() by setting
			the KRB5_KTNAME environment variable to the
			contents of tkey-gssapi-keytab.  Also fixed
			test errors on MacOSX.  [RT #22853]
2011-01-08 00:33:12 +00:00
Mark Andrews 37dee1ff94 2999. [func] Add GOST support (RFC 5933). [RT #20639] 2010-12-23 04:08:00 +00:00
Automatic Updater ca103999e6 update copyright notice 2010-12-20 23:47:21 +00:00
Mark Andrews c880d51849 gsskrb5_register_acceptor_identity is not available on all platforms 2010-12-18 14:46:21 +00:00
Evan Hunt 71bd858d8e 2989. [func] Added support for writable DLZ zones. (Contributed
by Andrew Tridgell of the Samba project.) [RT #22629]

2988.	[experimental]	Added a "dlopen" DLZ driver, allowing the creation
			of external DLZ drivers that can be loaded as
			shared objects at runtime rather than linked with
			named.  Currently this is switched on via a
			compile-time option, "configure --with-dlz-dlopen".
			Note: the syntax for configuring DLZ zones
			is likely to be refined in future releases.
			(Contributed by Andrew Tridgell of the Samba
			project.) [RT #22629]

2987.	[func]		Improve ease of configuring TKEY/GSS updates by
			adding a "tkey-gssapi-keytab" option.  If set,
			updates will be allowed with any key matching
			a principal in the specified keytab file.
			"tkey-gssapi-credential" is no longer required
			and is expected to be deprecated.  (Contributed
			by Andrew Tridgell of the Samba project.)
			[RT #22629]
2010-12-18 01:56:23 +00:00
Automatic Updater fd6a9d688c update copyright notice 2010-12-09 04:31:57 +00:00
Mark Andrews 9f9b7f0e8d 2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.

                        Note: dns_tsigkey_createfromkey() callers should now
                        always call dst_key_free() rather than setting it
                        to NULL on success. [RT #22672]
2010-12-09 00:54:34 +00:00
Evan Hunt c021499604 2731. [func] Additional work on change 2709. The key parser
will now ignore unrecognized fields when the
			minor version number of the private key format
			has been increased.  It will reject any key with
			the major version number increased. [RT #20310]
2009-10-26 21:18:24 +00:00
Francis Dupont 775a8d86d9 keygen progress indication [RT #20284] 2009-10-24 09:46:19 +00:00
Evan Hunt cc6cddfd94 2726. [func] Added support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512. [RT #20023]
2009-10-22 02:21:31 +00:00
Evan Hunt 77b8f88f14 2712. [func] New 'auto-dnssec' zone option allows zone signing
to be fully automated in zones configured for
			dynamic DNS.  'auto-dnssec allow;' permits a zone
			to be signed by creating keys for it in the
			key-directory and using 'rndc sign <zone>'.
			'auto-dnssec maintain;' allows that too, plus it
			also keeps the zone's DNSSEC keys up to date
			according to their timing metadata. [RT #19943]
2009-10-12 20:48:12 +00:00
Evan Hunt 315a1514a5 2709. [func] Added some data fields, currently unused, to the
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
2009-10-09 06:09:21 +00:00
Francis Dupont 8b78c993cb explicit engine rt20230a 2009-10-05 17:30:49 +00:00
Evan Hunt 53c22b8e0d 2685. [bug] Fixed dnssec-signzone -S handling of revoked keys.
Also, added warnings when revoking a ZSK, as this is
			not defined by protocol (but is legal).  [RT #19943]
2009-09-23 16:01:57 +00:00
Evan Hunt b843f577bb 2677. [func] Changes to key metadata behavior:
- Keys without "publish" or "active" dates set will
			  no longer be used for smart signing.  However,
			  those dates will be set to "now" by default when
			  a key is created; to generate a key but not use
			  it yet, use dnssec-keygen -G.
			- New "inactive" date (dnssec-keygen/settime -I)
			  sets the time when a key is no longer used for
			  signing but is still published.
			- The "unpublished" date (-U) is deprecated in
			  favor of "deleted" (-D).
			[rt20247]
2009-09-14 18:45:45 +00:00