* Do not initialize quic_table unless it is enabled
Fedora in FIPS mode might fail to initialize ngtcp2 library, because
some ciphers desired are not available.
Make it possible to skip initialization by setting explicitly quic_port
to 0. Unless we have some listeners for port 853 configured, skip its
initialization as well.
Related: https://pagure.io/freeipa/issue/9877
* Fix typo in logged function name
other streams on the http2 session are not affected by a drop,
and can clean up properly if also dropped. Fix http2 send reply
so that when there is a send failure is does not recurse into
the mesh functions and also does not drop the connection due to
the condition of one stream.
same time, the client info is copied for attach_sub and add_sub
calls. That makes respip work on dns64 synthesized answers, and
also makes RPZ work with DNS64. The order for the modules is
module-config: "respip dns64 validator iterator".
* 'tls-use-system-policy-versions' is introduced to allow Unbound to use
any system available TLS version when serving TLS.
* Apply suggestions from code review
---------
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
- Cached messages that reach 0 TTL are considered expired. This prevents
Unbound itself from issuing replies with TTL 0 and possibly causing a
thundering herd at the last second. Upstream replies of TTL 0 still
get the usual pass-through but they are not considered for caching
from Unbound or any of its caching modules.
- 'serve-expired-reply-ttl' is changed and is now capped by the original
TTL value of the record to try and make some sense when replying
with expired records.
- TTL decoding was updated to adhere to RFC8767 section 4 where a set
high-order bit means the value is positive instead of 0.
- Fix NSEC3 code to not break on broken auth zones that include unsigned
out of zone (above apex) data. Could lead to hang while trying to
prove a wildcard answer.
Reported by Dmitrii Kuvaiskii from Amazon Web Services.
- Tests for NSEC3 auth zones with out of zone data.
- Auto-configure '-slabs' values to a power of 2 value close to num-threads
by default for multi-threaded environments.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
