bc6f4c1c4c1b739fd06d2de05b77b9d08c4d8a5a |
|
02-Aug-2017 |
Tinderbox User <tbox@isc.org> |
update copyright notice / whitespace |
78608b0a454246d0e1e0169f1d671b8427e48199 |
|
31-Jul-2017 |
Francis Dupont <fdupont@isc.org> |
Added Ed25519 support (#44696) |
e51ba2650025460b26092fb2500e0b6dfbf6d548 |
|
07-Sep-2016 |
Mark Andrews <marka@isc.org> |
4461. [bug] win32: not all external data was properly marked
as external data for windows dll. [RT #43161]
(cherry picked from commit 8eceb0bffe4ab4ccf72f71bb69d2b8106743af5d) |
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5 |
|
19-Aug-2016 |
Mark Andrews <marka@isc.org> |
4450. [port] Provide more nuanced HSM support which better matches
the specific PKCS11 providers capabilities. [RT #42458]
(cherry picked from commit 8ee6f289d87851a5b898b24a64587f0e6bc225bc) |
0c27b3fe77ac1d5094ba3521e8142d9e7973133f |
|
27-Jun-2016 |
Mark Andrews <marka@isc.org> |
4401. [misc] Change LICENSE to MPL 2.0. |
acbb301e648b82fcc38b876a44403cf0fe539cc9 |
|
13-Mar-2014 |
Evan Hunt <each@isc.org> |
[master] better error output when initializing pkcs11
3786. [func] Provide more detailed error codes when using
native PKCS#11. "pkcs11-tokens" now fails robustly
rather than asserting when run against an HSM with
an incomplete PCKS#11 API implementation. [RT #35479] |
dbb012765c735ee0d82dedb116cdc7cf18957814 |
|
12-Feb-2014 |
Evan Hunt <each@isc.org> |
[master] merge libiscpk11 to libisc
3735. [cleanup] Merged the libiscpk11 library into libisc
to simplify dependencies. [RT #35205] |
e20788e1216ed720aefa84f3295f7899d9f28c22 |
|
16-Jan-2014 |
Mark Andrews <marka@isc.org> |
update copyrights |
ba751492fcc4f161a18b983d4f018a1a52938cb9 |
|
15-Jan-2014 |
Evan Hunt <each@isc.org> |
[master] native PKCS#11 support
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031] |
0c91911b4d1e872b87eaf6431ed47fe24d18dd43 |
|
04-Sep-2013 |
Mark Andrews <marka@isc.org> |
3642. [func] Allow externally generated DNSKEY to be imported
into the DNSKEY management framework. A new tool
dnssec-importkey is used to this. [RT #34698] |
377b774598f3973c2b231fb88d39acca1ff5ebc4 |
|
16-Aug-2013 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
7ace3277956c49f7554b7130ef761bde3b35db30 |
|
15-Aug-2013 |
Mark Andrews <marka@isc.org> |
3632. [bug] Signature from newly inactive keys were not being
removed. [RT #32178] |
0e37e9e3d7f6de7d93212bd4596d16ebc809492e |
|
24-Oct-2012 |
Evan Hunt <each@isc.org> |
[master] silence noisy OpenSSL logging
3402. [bug] Correct interface numbers for IPv4 and IPv6 interfaces. |
ec048f460063c8174ae4837ae9e2b18b945b4137 |
|
15-Jun-2012 |
Mark Andrews <marka@isc.org> |
make maxbits signed as BN_num_bits is signed |
7865ea9545f28f12f046b32d24c989e8441b9812 |
|
14-Jun-2012 |
Mark Andrews <marka@isc.org> |
3339. [func] Allow the maximum supported rsa exponent size to be specified: "max-rsa-exponent-size <value>;" [RT #29228] |
99d8f5a70440ee8b63ab1745d713b96dde890546 |
|
03-May-2012 |
Tinderbox User <tbox@isc.org> |
update copyright notice |
aaaf8d4f4873d21e55c3ffb4f656203d08339865 |
|
02-May-2012 |
Mark Andrews <marka@isc.org> |
3317. [func] Add ECDSA support (RFC 6605). [RT #21918] |
1946c596b47b0495ce745fe2fff7da799919b0d2 |
|
20-Oct-2011 |
Mark Andrews <marka@isc.org> |
3174. [bug] Always compute to revoked key tag from scratch.
[RT #24711] |
61bcc232038f0a2cb77ed6269675fdc288f5ec98 |
|
17-Mar-2011 |
Evan Hunt <each@isc.org> |
3076. [func] New '-L' option in dnssec-keygen, dnsset-settime, and
dnssec-keyfromlabel sets the default TTL of the
key. When possible, automatic signing will use that
TTL when the key is published. [RT #23304] |
135bcc2e42a94543f11af2a4196b13552ab46d89 |
|
12-Jan-2011 |
Automatic Updater <source@isc.org> |
update copyright notice |
433e06a25cdd92d665abda3e64c2c65f4a3f9b21 |
|
10-Jan-2011 |
Mark Andrews <marka@isc.org> |
3006. [func] Allow dynamically generated TSIG keys to be preserved
across restarts of named. Initially this is for
TSIG keys generated using GSSAPI. [RT #22639] |
37dee1ff94960a61243f611c0f87f8c316815c53 |
|
23-Dec-2010 |
Mark Andrews <marka@isc.org> |
2999. [func] Add GOST support (RFC 5933). [RT #20639] |
71bd858d8ed62672e7c23999dc7c02fd16a55089 |
|
18-Dec-2010 |
Evan Hunt <each@isc.org> |
2989. [func] Added support for writable DLZ zones. (Contributed
by Andrew Tridgell of the Samba project.) [RT #22629]
2988. [experimental] Added a "dlopen" DLZ driver, allowing the creation
of external DLZ drivers that can be loaded as
shared objects at runtime rather than linked with
named. Currently this is switched on via a
compile-time option, "configure --with-dlz-dlopen".
Note: the syntax for configuring DLZ zones
is likely to be refined in future releases.
(Contributed by Andrew Tridgell of the Samba
project.) [RT #22629]
2987. [func] Improve ease of configuring TKEY/GSS updates by
adding a "tkey-gssapi-keytab" option. If set,
updates will be allowed with any key matching
a principal in the specified keytab file.
"tkey-gssapi-credential" is no longer required
and is expected to be deprecated. (Contributed
by Andrew Tridgell of the Samba project.)
[RT #22629] |
fd6a9d688c5afb8bd70697208d16621cfcc6b718 |
|
09-Dec-2010 |
Automatic Updater <source@isc.org> |
update copyright notice |
9f9b7f0e8d455b1c88e51ddcefdbf19b472e1ef2 |
|
09-Dec-2010 |
Mark Andrews <marka@isc.org> |
2982. [bug] Reference count dst keys. dst_key_attach() can be used
increment the reference count.
Note: dns_tsigkey_createfromkey() callers should now
always call dst_key_free() rather than setting it
to NULL on success. [RT #22672] |
e09cdbac087b88524ac40e943d040e2a032c48f2 |
|
27-Oct-2009 |
Mark Andrews <marka@isc.org> |
2738. [func] Add RSASHA256 and RSASHA512 tests to the dnssec system
test. [RT #20453] |
775a8d86d93269a621a7ad15c49b31b533da0671 |
|
24-Oct-2009 |
Francis Dupont <fdupont@isc.org> |
keygen progress indication [RT #20284] |
cc6cddfd94e8f0c58c290317b0853dac30b1b895 |
|
22-Oct-2009 |
Evan Hunt <each@isc.org> |
2726. [func] Added support for SHA-2 DNSSEC algorithms,
RSASHA256 and RSASHA512. [RT #20023] |
315a1514a58dbb1ca563445313d67c1cf664d248 |
|
09-Oct-2009 |
Evan Hunt <each@isc.org> |
2709. [func] Added some data fields, currently unused, to the
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310] |
8b78c993cb475cc94e88560941b28c37684789d9 |
|
05-Oct-2009 |
Francis Dupont <fdupont@isc.org> |
explicit engine rt20230a |
6839f8b6dffbecfe06b846b2f8253ed3a2232c85 |
|
23-Sep-2009 |
Francis Dupont <fdupont@isc.org> |
cleanup USE_EVP_RSA (RT #20044) |
bbc204a23719180dce68142ea2440c484e3ccb75 |
|
03-Sep-2009 |
Mark Andrews <marka@isc.org> |
2669. [func] Update PKCS#11 support to support Keyper HSM.
Update PKCS#11 patch to be against openssl-0.9.8i. |
eab9975bcf5830a73f18ed8f320ae18ea32775ee |
|
02-Sep-2009 |
Evan Hunt <each@isc.org> |
2668. [func] Several improvements to dnssec-* tools, including:
- dnssec-keygen and dnssec-settime can now set key
metadata fields 0 (to unset a value, use "none")
- dnssec-revoke sets the revocation date in
addition to the revoke bit
- dnssec-settime can now print individual metadata
fields instead of always printing all of them,
and can print them in unix epoch time format for
use by scripts
[RT #19942] |
553ead32ff5b00284e574dcabc39115d4d74ec66 |
|
19-Jul-2009 |
Evan Hunt <each@isc.org> |
2636. [func] Simplify zone signing and key maintenance with the
dnssec-* tools. Major changes:
- all dnssec-* tools now take a -K option to
specify a directory in which key files will be
stored
- DNSSEC can now store metadata indicating when
they are scheduled to be published, acttivated,
revoked or removed; these values can be set by
dnssec-keygen or overwritten by the new
dnssec-settime command
- dnssec-signzone -S (for "smart") option reads key
metadata and uses it to determine automatically
which keys to publish to the zone, use for
signing, revoke, or remove from the zone
[RT #19816] |
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88 |
|
30-Jun-2009 |
Evan Hunt <each@isc.org> |
2619. [func] Add support for RFC 5011, automatic trust anchor
maintenance. The new "managed-keys" statement can
be used in place of "trusted-keys" for zones which
support this protocol. (Note: this syntax is
expected to change prior to 9.7.0 final.) [RT #19248] |
754cb8a2b33fa6cfaa15d6470f66e5fb0eab4764 |
|
12-Jun-2009 |
Automatic Updater <source@isc.org> |
update copyright notice |
351b62535d4c4f89883bfdba025999dd32490266 |
|
10-Jun-2009 |
Evan Hunt <each@isc.org> |
2609. [func] Simplify the configuration of dynamic zones:
- add ddns-confgen command to generate
configuration text for named.conf
- add zone option "ddns-autoconf yes;", which
causes named to generate a TSIG session key
and allow updates to the zone using that key
- add '-l' (localhost) option to nsupdate, which
causes nsupdate to connect to a locally-running
named process using the session key generated
by named
[RT #19284] |
e672951ed28b2e9cc7a19c3d7fa4a258382f981c |
|
02-Apr-2008 |
Automatic Updater <source@isc.org> |
update copyright notice |
2a31bd531072824ef252c18303859d6af7451b00 |
|
31-Mar-2008 |
Francis Dupont <fdupont@isc.org> |
add EVP and PKCS11 |
271c4c7ffafeb0bda21278af6cac4535c0193f18 |
|
28-Aug-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
70e5a7403f0e0a3bd292b8287c5fed5772c15270 |
|
20-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
ec5347e2c775f027573ce5648b910361aa926c01 |
|
19-Jun-2007 |
Automatic Updater <source@isc.org> |
update copyright notice |
289ae548d52bc8f982d9823af64cafda7bd92232 |
|
04-Dec-2006 |
Mark Andrews <marka@isc.org> |
2105. [func] GSS-TSIG support (RFC 3645). |
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06 |
|
28-Jan-2006 |
Mark Andrews <marka@isc.org> |
update copyright notice |
c6d4f781529d2f28693546b25b2967d44ec89e60 |
|
27-Jan-2006 |
Mark Andrews <marka@isc.org> |
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606] |
69fe9aaafdd6a141610e86a777d325db75422070 |
|
29-Apr-2005 |
Mark Andrews <marka@isc.org> |
update copyright notice |
ab023a65562e62b85a824509d829b6fad87e00b1 |
|
27-Apr-2005 |
Rob Austein <sra@isc.org> |
1851. [doc] Doxygen comment markup. [RT #11398] |
494576ce20cfd98d74955698cf8f7b37dce2f740 |
|
09-Dec-2004 |
Mark Andrews <marka@isc.org> |
1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
allow parallel make to succeed. |