upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-16 17:48:53 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Deprecate AES algorithm for DNS cookies

Browse source 
The AES algorithm for DNS cookies was being kept for legacy reasons,
and it can be safely removed in the next major release.  Mark is as
deprecated, so the `named-checkconf` prints a warning when in use.

(cherry picked from commit 67d14b0ee5)
This commit is contained in:
Ondřej Surý 2023-11-07 15:17:10 +01:00 committed by Tom Krizek
parent 6111f27669
commit 62cf6b2e7f
No known key found for this signature in database
GPG key ID: 01623B9B652A20A7
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/bind9/check.c
View file

@ -1457,6 +1457,10 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
(void)cfg_map_get(options, "cookie-algorithm", &obj);
if (obj != NULL) {
ccalg = cfg_obj_asstring(obj);
if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"cookie-algorithm 'aes' is deprecated");
}
}
obj = NULL;