mirror of
https://github.com/NLnetLabs/unbound.git
synced 2026-02-14 00:03:58 -05:00
- Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
tracked trust anchor to libunbound. git-svn-id: file:///svn/unbound/trunk@3251 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
96db52fd8e
commit
973f7a2225
7 changed files with 59 additions and 6 deletions
6
configure
vendored
6
configure
vendored
|
|
@ -2691,9 +2691,9 @@ UNBOUND_VERSION_MINOR=4
|
|||
UNBOUND_VERSION_MICRO=23
|
||||
|
||||
|
||||
LIBUNBOUND_CURRENT=4
|
||||
LIBUNBOUND_CURRENT=5
|
||||
LIBUNBOUND_REVISION=3
|
||||
LIBUNBOUND_AGE=2
|
||||
LIBUNBOUND_AGE=3
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
# 1.0.2 had 0:14:0
|
||||
|
|
@ -2731,7 +2731,7 @@ LIBUNBOUND_AGE=2
|
|||
# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
|
||||
# 1.4.21 had 4:1:2
|
||||
# 1.4.22 had 4:1:2
|
||||
# 1.4.23 had 4:3:2
|
||||
# 1.4.23 had 5:3:3 # adds ub_ctx_add_ta_autr
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@ AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
|
|||
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
|
||||
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
|
||||
|
||||
LIBUNBOUND_CURRENT=4
|
||||
LIBUNBOUND_CURRENT=5
|
||||
LIBUNBOUND_REVISION=3
|
||||
LIBUNBOUND_AGE=2
|
||||
LIBUNBOUND_AGE=3
|
||||
# 1.0.0 had 0:12:0
|
||||
# 1.0.1 had 0:13:0
|
||||
# 1.0.2 had 0:14:0
|
||||
|
|
@ -56,7 +56,7 @@ LIBUNBOUND_AGE=2
|
|||
# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
|
||||
# 1.4.21 had 4:1:2
|
||||
# 1.4.22 had 4:1:2
|
||||
# 1.4.23 had 4:3:2
|
||||
# 1.4.23 had 5:3:3 # adds ub_ctx_add_ta_autr
|
||||
|
||||
# Current -- the number of the binary API that we're implementing
|
||||
# Revision -- which iteration of the implementation of the binary
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
4 November 2014: Wouter
|
||||
- Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
|
||||
tracked trust anchor to libunbound.
|
||||
|
||||
27 October 2014: Wouter
|
||||
- Disabled use of SSLv3 in remote-control and ssl-upstream.
|
||||
- iana portlist update.
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
.B ub_ctx_resolvconf,
|
||||
.B ub_ctx_hosts,
|
||||
.B ub_ctx_add_ta,
|
||||
.B ub_ctx_add_ta_autr,
|
||||
.B ub_ctx_add_ta_file,
|
||||
.B ub_ctx_trustedkeys,
|
||||
.B ub_ctx_debugout,
|
||||
|
|
@ -73,6 +74,9 @@
|
|||
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
|
||||
.LP
|
||||
\fIint\fR
|
||||
|
|
@ -231,6 +235,15 @@ first resolve is done.
|
|||
The format is a string, similar to the zone\-file format,
|
||||
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_autr
|
||||
Add filename with automatically tracked trust anchor to the given context.
|
||||
Pass name of a file with the managed trust anchor. You can create this
|
||||
file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
|
||||
create it with an initial file with one line with a DNSKEY or DS record.
|
||||
If the file is writable, it is updated when the trust anchor changes.
|
||||
At this time it is only possible to add trusted keys before the
|
||||
first resolve is done.
|
||||
.TP
|
||||
.B ub_ctx_add_ta_file
|
||||
Add trust anchors to the given context.
|
||||
Pass name of a file with DS and DNSKEY records in zone file format.
|
||||
|
|
|
|||
|
|
@ -363,6 +363,26 @@ ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname)
|
|||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname)
|
||||
{
|
||||
char* dup = strdup(fname);
|
||||
if(!dup) return UB_NOMEM;
|
||||
lock_basic_lock(&ctx->cfglock);
|
||||
if(ctx->finalized) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
free(dup);
|
||||
return UB_AFTERFINAL;
|
||||
}
|
||||
if(!cfg_strlist_insert(&ctx->env->cfg->auto_trust_anchor_file_list,
|
||||
dup)) {
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
free(dup);
|
||||
return UB_NOMEM;
|
||||
}
|
||||
lock_basic_unlock(&ctx->cfglock);
|
||||
return UB_NOERROR;
|
||||
}
|
||||
|
||||
int
|
||||
ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ ub_ctx_set_fwd
|
|||
ub_ctx_resolvconf
|
||||
ub_ctx_hosts
|
||||
ub_ctx_add_ta
|
||||
ub_ctx_add_ta_autr
|
||||
ub_ctx_add_ta_file
|
||||
ub_ctx_trustedkeys
|
||||
ub_ctx_debugout
|
||||
|
|
|
|||
|
|
@ -356,6 +356,21 @@ int ub_ctx_add_ta(struct ub_ctx* ctx, const char* ta);
|
|||
*/
|
||||
int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname);
|
||||
|
||||
/**
|
||||
* Add trust anchor to the give context that is tracked with RFC5011
|
||||
* automated trust anchor maintenance. The file is written to when the
|
||||
* trust anchor is changed.
|
||||
* Pass the name of a file that was output from eg. unbound-anchor,
|
||||
* or you can start it by providing a trusted DNSKEY or DS record on one
|
||||
* line in the file.
|
||||
* @param ctx: context.
|
||||
* At this time it is only possible to add trusted keys before the
|
||||
* first resolve is done.
|
||||
* @param fname: filename of file with trust anchor.
|
||||
* @return 0 if OK, else error.
|
||||
*/
|
||||
int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname);
|
||||
|
||||
/**
|
||||
* Add trust anchors to the given context.
|
||||
* Pass the name of a bind-style config file with trusted-keys{}.
|
||||
|
|
|
|||
Loading…
Reference in a new issue