Commit Graph

1292 Commits

Author SHA1 Message Date
Willem Toorop 276e9fa5f3 Zero size only allowed for non repeating rdfs 2015-07-18 16:59:00 +02:00
Willem Toorop 4f0cf62d37 Set release date 2015-07-17 18:10:57 +02:00
Willem Toorop 433daf7f53 0.3.0 in configure 2015-07-17 18:10:02 +02:00
Willem Toorop 7c83d0f295 {API 0.604] July 2015 release 2015-07-17 18:07:36 +02:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments)
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop 17faffa664 Ignore 2 more autoconf generated files 2015-07-13 15:42:48 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions
About the library and the API
In both strings and in numbers
2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ...
Switch freely between stub and recursive resolving
2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ...
unsported DS digest types
2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor
has exit status 0 on success, 1 otherwise.
2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop bb20de43bd Update EDNS0 COOKIE option code 2015-07-09 14:30:11 +02:00
Willem Toorop c30f64497e Update ChangeLog 2015-07-09 14:27:22 +02:00
Willem Toorop 423fbdf546 Prepare for 0.3.0 release 2015-07-09 14:05:45 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list
And the getdns_context_set_idle_timeout() functions.
2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory
Not a dangerous one though, but still...
2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug!
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high
Fix from Wouter's review
2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup
hampster.com no longer suitable anymore.
2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter
Thanks!
2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons
+ a fix for opt_out bug
2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations
(no DNAME, no NS or, if NS then also SOA)
2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things:
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
2015-07-04 10:23:02 +02:00