upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
8126 commits 23 branches 209 tags 123 MiB
Commit graph

608 commits

Author SHA1 Message Date
Wouter Wijngaards
718e98b1cd - Fix that NSEC3 negative cache is used when there is no salt. 
git-svn-id: file:///svn/unbound/trunk@3639 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-24 15:02:35 +00:00
Wouter Wijngaards
e9f954b828 - load gost algorithm if digest is seen before key algorithm. 
git-svn-id: file:///svn/unbound/trunk@3630 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:17:03 +00:00
Wouter Wijngaards
134924c4da Remove lint warning. 
git-svn-id: file:///svn/unbound/trunk@3629 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 12:16:27 +00:00
Wouter Wijngaards
2c94a5b312 - Print understandable debug log when unusable DS record is seen. 
git-svn-id: file:///svn/unbound/trunk@3627 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-19 10:48:23 +00:00
Wouter Wijngaards
785697de82 - insecure-lan-zones: yesno config option, patch from Dag-Erling 
Smørgrav.


git-svn-id: file:///svn/unbound/trunk@3619 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-02-09 13:25:59 +00:00
Wouter Wijngaards
152458c40b - spelling fixes from Igor Sobrado Delgado. 
git-svn-id: file:///svn/unbound/trunk@3544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-18 14:11:46 +00:00
Wouter Wijngaards
ffb5a2d9eb Document ASN contents. 
git-svn-id: file:///svn/unbound/trunk@3542 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:36:10 +00:00
Wouter Wijngaards
4e3ae5505e cast to please lint. 
git-svn-id: file:///svn/unbound/trunk@3541 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 14:27:49 +00:00
Wouter Wijngaards
39dc5be222 - Fixup DER encoded DSA signatures for libnettle. 
git-svn-id: file:///svn/unbound/trunk@3540 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 13:31:22 +00:00
Wouter Wijngaards
2756b0f873 Repair // style comments for portability. 
git-svn-id: file:///svn/unbound/trunk@3539 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 12:46:47 +00:00
Wouter Wijngaards
fa57a6c6e8 use digest_nettle function for nsec3_hash calls. 
git-svn-id: file:///svn/unbound/trunk@3537 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:39:58 +00:00
Wouter Wijngaards
3433a30878 please lint. 
git-svn-id: file:///svn/unbound/trunk@3536 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:32:04 +00:00
Wouter Wijngaards
2a73ccd5b4 - refactor nsec3 hash implementation to be more library-portable. 
git-svn-id: file:///svn/unbound/trunk@3535 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 11:30:04 +00:00
Wouter Wijngaards
2bdea62a9e - Fix #594. libunbound: optionally use libnettle for crypto. 
Contributed by Luca Bruno.  Added --with-nettle for use with
  --with-libunbound-only.


git-svn-id: file:///svn/unbound/trunk@3533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-11-17 09:43:07 +00:00
Wouter Wijngaards
bdb24c91b2 - Fix #716: nodata proof with empty non-terminals and wildcards. 
git-svn-id: file:///svn/unbound/trunk@3526 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-29 13:08:15 +00:00
Wouter Wijngaards
dd174820dc windows portability. 
git-svn-id: file:///svn/unbound/trunk@3521 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-27 15:35:08 +00:00
Wouter Wijngaards
40c139cd8f - Fix #712: unbound-anchor appears to not fsync root.key. 
git-svn-id: file:///svn/unbound/trunk@3512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-10-22 07:06:31 +00:00
Wouter Wijngaards
e3351c3606 - Remove confusion comment from canonical_compare() function. 
git-svn-id: file:///svn/unbound/trunk@3488 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-09-22 08:43:56 +00:00
Wouter Wijngaards
934954375e configuration option affects autotrust. 
git-svn-id: file:///svn/unbound/trunk@3472 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:52:51 +00:00
Wouter Wijngaards
08e6883578 - 5011 implementation does not insist on all algorithms, when 
harden-algo-downgrade is turned off.


git-svn-id: file:///svn/unbound/trunk@3471 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-13 12:03:53 +00:00
Wouter Wijngaards
771e7295ac - Fix 5011 anchor update timer after reload. 
git-svn-id: file:///svn/unbound/trunk@3466 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-08-03 11:56:37 +00:00
Wouter Wijngaards
7166c1ad36 no zero waiting times. 
git-svn-id: file:///svn/unbound/trunk@3464 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 14:01:04 +00:00
Wouter Wijngaards
814ddc5d48 fixup. 
git-svn-id: file:///svn/unbound/trunk@3463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 12:02:18 +00:00
Wouter Wijngaards
ee263cf6c5 - Added permit-small-holddown config to debug fast 5011 rollover. 
git-svn-id: file:///svn/unbound/trunk@3462 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-07-30 11:52:12 +00:00
Wouter Wijngaards
b5f391d845 - DLV is going to be decommissioned. Advice to stop using it, and 
put text in the example configuration and man page to that effect.


git-svn-id: file:///svn/unbound/trunk@3424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-20 06:24:06 +00:00
Wouter Wijngaards
bfd78a8c23 - Change syntax of particular validator error to be easier for 
machine parse, swap rrset and ip adres info so it looks like:
  validation failure <www.example.nl. TXT IN>: signature crypto
  failed from 2001:DB8:7:bba4::53 for <*.example.nl. NSEC IN>


git-svn-id: file:///svn/unbound/trunk@3422 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-05-10 12:04:22 +00:00
Wouter Wijngaards
32f808fcfa - Unbound exits with a fatal error when the auto-trust-anchor-file 
fails to be writable.  This is seconds after startup.  You can
  load a readonly auto-trust-anchor-file with trust-anchor-file.
  The file has to be writable to notice the trust anchor change,
  without it, a trust anchor change will be unnoticed and the system
  will then become unoperable.


git-svn-id: file:///svn/unbound/trunk@3387 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-04-07 12:03:05 +00:00
Wouter Wijngaards
b2bdce46be - rename ldns subdirectory to sldns to avoid name collision. 
git-svn-id: file:///svn/unbound/trunk@3380 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-26 10:21:38 +00:00
Wouter Wijngaards
7a9ccf858c - If unknown trust anchor algorithm, and libressl is used, error 
message encourages upgrade of the libressl package.


git-svn-id: file:///svn/unbound/trunk@3378 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-25 16:04:05 +00:00
Wouter Wijngaards
6feb8fb6a5 - Fixes to add integer overflow checks on allocation (defense in depth). 
git-svn-id: file:///svn/unbound/trunk@3372 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-20 15:36:25 +00:00
Wouter Wijngaards
63b5d109f8 - Use reallocarray for integer overflow protection, patch submitted 
by Loganaden Velvindron.


git-svn-id: file:///svn/unbound/trunk@3365 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-17 08:24:24 +00:00
Wouter Wijngaards
49250ef291 - Fix #644: harden-algo-downgrade option, if turned off, fixes the 
reported excessive validation failure when multiple algorithms
  are present.  It allows the weakest algorithm to validate the zone.


git-svn-id: file:///svn/unbound/trunk@3354 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-03-09 13:30:37 +00:00
Wouter Wijngaards
e08aa7c5e1 - Fix validation failure in case upstream forwarder (ISC BIND) does 
not have the same trust anchors and decides to insert unsigned NS
  record in authority section.


git-svn-id: file:///svn/unbound/trunk@3329 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-02-09 11:44:46 +00:00
Wouter Wijngaards
15d16580a8 - Fix unintended use of gcc extension for incomplete enum types, 
compile with pedantic c99 compliance (from Daniel Dickman).


git-svn-id: file:///svn/unbound/trunk@3321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2015-01-26 08:46:40 +00:00
Wouter Wijngaards
67a3c4933c - Fix cdflag dns64 processing. 
git-svn-id: file:///svn/unbound/trunk@3275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-19 08:43:08 +00:00
Wouter Wijngaards
b781f2d48d - Fix that CD flag disables DNS64 processing, returning the DNSSEC 
signed AAAA denial.


git-svn-id: file:///svn/unbound/trunk@3273 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-11-18 15:15:57 +00:00
Wouter Wijngaards
f1bcc1032f More casts. 
git-svn-id: file:///svn/unbound/trunk@3244 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 09:23:12 +00:00
Wouter Wijngaards
339a6be27d More unsigned chasts for toupper/tolower/ctype 
git-svn-id: file:///svn/unbound/trunk@3242 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-10-13 08:35:00 +00:00
Matthijs Mekking
dab0af8d87 Be lenient when a NSEC NameError response with RCODE=NXDOMAIN is received. 
This is okay according 4035, but not after revising existence in 4592. 
NSEC empty non-terminals exist and thus the RCODE should have been NOERROR.

If this occurs, and the RRsets are secure, we set the RCODE to NOERROR and
the security status of the reponse is also considered secure.



git-svn-id: file:///svn/unbound/trunk@3089 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-20 09:46:50 +00:00
Matthijs Mekking
492a5ca681 only whitespace changes 
git-svn-id: file:///svn/unbound/trunk@3088 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-18 13:54:19 +00:00
Wouter Wijngaards
2b90f38a70 And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. 
git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-02-07 13:28:39 +00:00
Wouter Wijngaards
2bb8f893cc - Fix #547: no trustanchor written if filesystem full, fclose checked. 
git-svn-id: file:///svn/unbound/trunk@3044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-21 10:14:55 +00:00
Wouter Wijngaards
3ce7b4a6fa - Windows port, adjust %lld to %I64d, and warning in win_event.c. 
git-svn-id: file:///svn/unbound/trunk@3040 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 16:01:37 +00:00
Wouter Wijngaards
67f5157e45 - fix #544: Fixed +i causes segfault when running with module conf "iterator". 
git-svn-id: file:///svn/unbound/trunk@3038 be551aaa-1e26-0410-a405-d3ace91eadb9
 2014-01-16 13:04:34 +00:00
Wouter Wijngaards
d3cbd76546 - Fix sldns to use sldns_ prefix for all ldns_ variables. 
git-svn-id: file:///svn/unbound/trunk@3022 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-12-03 09:11:16 +00:00
Wouter Wijngaards
3de090dadb Fix linking of sldns and ldns, unique identifiers for global variables. 
git-svn-id: file:///svn/unbound/trunk@3021 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-11-30 11:03:55 +00:00
Wouter Wijngaards
29e96e86c9 - separate ldns into core ldns inside ldns/ subdirectory. No more 
--with-ldns is needed and unbound does not rely on libldns.


git-svn-id: file:///svn/unbound/trunk@2998 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-10-31 15:09:26 +00:00
Wouter Wijngaards
c9438d938e fix lint, more time_t 
git-svn-id: file:///svn/unbound/trunk@2950 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 14:45:33 +00:00
Wouter Wijngaards
3e41dedfc5 remove bool. 
git-svn-id: file:///svn/unbound/trunk@2949 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:47:23 +00:00
Wouter Wijngaards
bf67dc2a0d remove bool. 
git-svn-id: file:///svn/unbound/trunk@2948 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 13:46:41 +00:00
Wouter Wijngaards
50e68cbcda more time_t 
git-svn-id: file:///svn/unbound/trunk@2947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-27 11:44:33 +00:00
Wouter Wijngaards
5db366f99f - review fixes from Willem. 
git-svn-id: file:///svn/unbound/trunk@2945 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 14:10:29 +00:00
Wouter Wijngaards
c845aceee4 - more fixes that I overlooked. 
git-svn-id: file:///svn/unbound/trunk@2944 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-22 07:33:51 +00:00
Wouter Wijngaards
8ba21bd7e7 - Fix#520: Errors found by static analysis from Tomas Hozza(redhat). 
git-svn-id: file:///svn/unbound/trunk@2942 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-21 13:31:09 +00:00
Wouter Wijngaards
f1fd2b53eb - Fix for 2038, with time_t instead of uint32_t. 
git-svn-id: file:///svn/unbound/trunk@2939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-08-20 12:23:42 +00:00
Wouter Wijngaards
021f32ebf9 - Fix memleak in testcode for testbound (if it fails). 
- Fix NSS returned arrays out of setup function to be statics.


git-svn-id: file:///svn/unbound/trunk@2930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-07-29 07:32:35 +00:00
Wouter Wijngaards
416df19f6d - Fix use-after-free in out-of-memory handling code (thanks Jake 
Montgomery).


git-svn-id: file:///svn/unbound/trunk@2900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-05-16 07:36:37 +00:00
Wouter Wijngaards
fbedfb7429 - Robust checks on dname validity from rdata for dname compare. 
git-svn-id: file:///svn/unbound/trunk@2892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-04-25 10:28:25 +00:00
Wouter Wijngaards
ffab065d1e - includes and have_ssl fixes for nss. 
git-svn-id: file:///svn/unbound/trunk@2830 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-30 13:15:03 +00:00
Wouter Wijngaards
ed6b39c095 fixup for doxygen 1.8.3 
git-svn-id: file:///svn/unbound/trunk@2827 be551aaa-1e26-0410-a405-d3ace91eadb9
 2013-01-28 13:44:38 +00:00
Matthijs Mekking
79ffc1ab81 Fix validation for responses with CNAME and wildcard expanded CNAME in 
ANSWER section.



git-svn-id: file:///svn/unbound/trunk@2777 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-29 14:06:00 +00:00
Wouter Wijngaards
a8e468fc67 - ignore trusted-keys globs that have no files (from Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-10-01 07:18:49 +00:00
Wouter Wijngaards
5e5e89b9f5 - RFC6725 deprecates RSAMD5: this DNSKEY algorithm is disabled. 
git-svn-id: file:///svn/unbound/trunk@2753 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-08-30 12:02:53 +00:00
Wouter Wijngaards
07470115e5 - fix bogus nodata cname chain not reported as bogus by validator, 
(Thanks Peter van Dijk).


git-svn-id: file:///svn/unbound/trunk@2727 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-27 13:38:00 +00:00
Wouter Wijngaards
f82edc1b64 - review fix for libnss, check hash prefix allocation size. 
git-svn-id: file:///svn/unbound/trunk@2723 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-25 14:32:37 +00:00
Wouter Wijngaards
85c915f116 - fix missing break for GOST DS hash function. 
- make depend


git-svn-id: file:///svn/unbound/trunk@2721 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-23 12:27:04 +00:00
Wouter Wijngaards
d4f49a7a40 - Fix validation of qtype DS queries that result in no data for 
non-optout NSEC3 zones.


git-svn-id: file:///svn/unbound/trunk@2712 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-07-06 13:56:44 +00:00
Wouter Wijngaards
097c70be91 - detect if openssl has FIPS_mode. 
git-svn-id: file:///svn/unbound/trunk@2703 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-28 06:54:16 +00:00
Wouter Wijngaards
87ded67cb6 - disable RSAMD5 if in FIPS mode (for openssl and for libnss). 
git-svn-id: file:///svn/unbound/trunk@2702 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:13:44 +00:00
Wouter Wijngaards
98b6f90637 - disable RSAMD5 if in FIPS mode (when compiled with openssl). 
git-svn-id: file:///svn/unbound/trunk@2701 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-25 15:02:52 +00:00
Wouter Wijngaards
b9ed797a22 Test for ECC support for libNSS. 
git-svn-id: file:///svn/unbound/trunk@2700 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 15:20:56 +00:00
Wouter Wijngaards
25096aa3ab implement DNSSEC with libNSS: NSEC3, RSA, DSA, ECDSA, and DS hashes. 
make test succeeds.


git-svn-id: file:///svn/unbound/trunk@2699 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-22 14:31:29 +00:00
Wouter Wijngaards
cd8e4a0bc5 RSA with nss. 
git-svn-id: file:///svn/unbound/trunk@2697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 15:19:16 +00:00
Wouter Wijngaards
d051dfaf19 remove double free. 
git-svn-id: file:///svn/unbound/trunk@2696 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:01:34 +00:00
Wouter Wijngaards
f2da5c6867 - nss check for verification failure. 
git-svn-id: file:///svn/unbound/trunk@2695 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 12:00:48 +00:00
Wouter Wijngaards
6ba973a8bd - fix error handling of alloc failure during rrsig verification. 
git-svn-id: file:///svn/unbound/trunk@2693 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-21 07:22:01 +00:00
Wouter Wijngaards
ccf4099366 - work on --with-nss build option (for now, --with-libunbound-only). 
git-svn-id: file:///svn/unbound/trunk@2690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-20 15:11:53 +00:00
Wouter Wijngaards
15aacbe89b code review. 
git-svn-id: file:///svn/unbound/trunk@2688 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-18 14:22:29 +00:00
Wouter Wijngaards
06a3f735d7 - The key-cache bad key ttl is now 60 seconds. 
git-svn-id: file:///svn/unbound/trunk@2685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-06-15 12:25:29 +00:00
Wouter Wijngaards
0a1195f690 - Protect if statements in val_anchor for compilate without locks. 
git-svn-id: file:///svn/unbound/trunk@2670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-16 10:54:52 +00:00
Wouter Wijngaards
2bf79c2e65 - Fix validation of nodata for DS query in NSEC zones, reported by 
Ondrej Mikle.


git-svn-id: file:///svn/unbound/trunk@2662 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-05-02 11:58:27 +00:00
Wouter Wijngaards
773d8e3b84 Fix prefetch and stickyness. 
git-svn-id: file:///svn/unbound/trunk@2632 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 11:04:53 +00:00
Wouter Wijngaards
682ff957ed lint and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@2631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-16 10:08:07 +00:00
Wouter Wijngaards
718dcce317 fix race condition. 
git-svn-id: file:///svn/unbound/trunk@2625 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 15:03:36 +00:00
Wouter Wijngaards
08835e01ee free unsupported trust anchors. 
git-svn-id: file:///svn/unbound/trunk@2624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:53:45 +00:00
Wouter Wijngaards
d64b14cff9 - unbound-control forward_add, forward_remove, stub_add, stub_remove 
can modify stubs and forwards for running unbound (on mobile computer)
  they can also add and remove domain-insecure for the zone.


git-svn-id: file:///svn/unbound/trunk@2623 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-15 14:35:28 +00:00
Wouter Wijngaards
c352ee2e85 - workaround for openssl 0.9.8 ecdsa sha2 and evp problem. 
git-svn-id: file:///svn/unbound/trunk@2608 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 16:40:46 +00:00
Wouter Wijngaards
924789d877 - implement draft-ietf-dnsext-ecdsa-04; which is in IETF LC; This 
implementation is experimental at this time and not recommended
  for use on the public internet (the protocol numbers have not
  been assigned).  Needs recent ldns with --enable-ecdsa.
- fix memory leak in errorcase for DSA signatures.


git-svn-id: file:///svn/unbound/trunk@2606 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-08 13:22:44 +00:00
Wouter Wijngaards
8c2f658cd1 - fix for windows, rename() is not posix compliant on windows. 
git-svn-id: file:///svn/unbound/trunk@2605 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-02-03 14:56:09 +00:00
Wouter Wijngaards
9c8ac75026 - Fix to write key files completely to a temporary file, and if that 
succeeds, replace the real key file.  So failures leave a useful file.


git-svn-id: file:///svn/unbound/trunk@2590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-19 14:17:22 +00:00
Wouter Wijngaards
2e26ec2d01 - Fix bug where canonical_compare of RRSIG did not downcase the 
signer-name.  This is mostly harmless because RRSIGs do not have
  to be sorted in canonical order, usually.


git-svn-id: file:///svn/unbound/trunk@2586 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-17 09:06:18 +00:00
Wouter Wijngaards
6dd2c0467e - Fix bug #425: unbound reports wrong TTL in reply, it reports a TTL 
that would be permissible by the RFCs but it is not the TTL in the
  cache.


git-svn-id: file:///svn/unbound/trunk@2581 be551aaa-1e26-0410-a405-d3ace91eadb9
 2012-01-10 09:42:32 +00:00
Wouter Wijngaards
0916e1d0ea - Fix for VU#209659 CVE-2011-4528: Unbound denial of service 
vulnerabilities from nonstandard redirection and denial of existence
http://www.unbound.net/downloads/CVE-2011-4528.txt
- robust checks for next-closer NSEC3s.
- tag 1.4.14 created.


git-svn-id: file:///svn/unbound/trunk@2574 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-19 10:55:32 +00:00
Wouter Wijngaards
e0fd0ef80c - Fix to constrain signer_name to be a parent of the lookupname. 
git-svn-id: file:///svn/unbound/trunk@2571 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-12-13 12:37:47 +00:00
Wouter Wijngaards
a1c76554a2 - Makefile changed for BSD make compatibility. 
git-svn-id: file:///svn/unbound/trunk@2544 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-11-10 18:44:06 +00:00
Wouter Wijngaards
b72d40f3dd - fix various compiler warnings (reported by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@2497 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-09-16 11:35:01 +00:00
Wouter Wijngaards
22290ac234 - Fix validation of . DS query. 
git-svn-id: file:///svn/unbound/trunk@2474 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-08-17 14:28:32 +00:00
Wouter Wijngaards
7359d84e2f - Fix wildcard expansion no-data reply under an optout NSEC3 zone is 
validated as insecure, reported by Jia Li (lijia@cnnic.cn).


git-svn-id: file:///svn/unbound/trunk@2461 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-07-11 09:03:18 +00:00
Wouter Wijngaards
784d659e91 - Fix TTL of SOA so negative TTL is separately cached from normal TTL. 
git-svn-id: file:///svn/unbound/trunk@2416 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-05-10 12:34:47 +00:00
Wouter Wijngaards
3922eed584 val-override-date: -1 ignores dates entirely, for NTP usage. 
git-svn-id: file:///svn/unbound/trunk@2410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-04-08 14:06:46 +00:00
Wouter Wijngaards
b4a089ff0d - Fix no ADflag for NXDOMAIN in NSEC3 optout. And wildcard in optout. 
git-svn-id: file:///svn/unbound/trunk@2397 be551aaa-1e26-0410-a405-d3ace91eadb9
 2011-03-01 12:48:45 +00:00
Wouter Wijngaards
003658eea0 test and cleanup. 
git-svn-id: file:///svn/unbound/trunk@2360 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-22 09:41:38 +00:00
Wouter Wijngaards
daab92e954 - algorithm compromise protection using the algorithms signalled in 
the DS record.  Also, trust anchors, DLV, and RFC5011 receive this,
         and thus, if you have multiple algorithms in your trust-anchor-file
         then it will now behave different than before.  Also, 5011 rollover
         for algorithms needs to be double-signature until the old algorithm
         is revoked.


git-svn-id: file:///svn/unbound/trunk@2358 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-21 14:19:55 +00:00
Wouter Wijngaards
e9582487d9 Work on validation of multiple algorithms. 
git-svn-id: file:///svn/unbound/trunk@2356 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-20 15:58:12 +00:00
Wouter Wijngaards
c4c8a65ff2 - fix validation in this case: CNAME to nodata for co-hosted opt-in 
NSEC3 insecure delegation, was bogus, fixed to be insecure.


git-svn-id: file:///svn/unbound/trunk@2355 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-12-17 10:05:56 +00:00
Wouter Wijngaards
488aee467a - Fix validation failure for parent and child on same server with an 
insecure childzone and a CNAME from parent to child.


git-svn-id: file:///svn/unbound/trunk@2321 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-29 13:10:26 +00:00
Wouter Wijngaards
46345c0809 - Fix bug when DLV below a trust-anchor that uses NSEC3 optout where 
the zone has a secure delegation hosted on the same server did not
         verify as secure (it was insecure by mistake).


git-svn-id: file:///svn/unbound/trunk@2275 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-10-11 12:21:19 +00:00
Wouter Wijngaards
e399b79baa - DLV has downgrade protection again, because the RFC says so. 
git-svn-id: file:///svn/unbound/trunk@2238 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-17 08:54:16 +00:00
Wouter Wijngaards
aac3c03f72 - Fix reported validation error in out of memory condition. 
git-svn-id: file:///svn/unbound/trunk@2237 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:57:22 +00:00
Wouter Wijngaards
8b274b92aa - Algorithm rollover operational reality intrudes, for trust-anchor, 
5011-store, and DLV-anchor if one key matches it's good enough.


git-svn-id: file:///svn/unbound/trunk@2235 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-16 13:40:26 +00:00
Wouter Wijngaards
c3f180eebb - Abide RFC5155 section 9.2: no AD flag for replies with NSEC3 optout. 
git-svn-id: file:///svn/unbound/trunk@2233 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-09-15 07:08:09 +00:00
Wouter Wijngaards
40f8fe2815 add and fix doxygen comments for doxygen-1.7.1. (which reports lots of 
spurious items as well, by the way).


git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-13 08:41:49 +00:00
Wouter Wijngaards
b701d70147 - Return NXDOMAIN after chain of CNAMEs ends at name-not-found. 
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-05 14:31:52 +00:00
Wouter Wijngaards
ca36fd0110 please lint. 
git-svn-id: file:///svn/unbound/trunk@2206 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:43:38 +00:00
Wouter Wijngaards
4c4671a63f - Fix validation in case a trust anchor enters into a zone with 
unsupported algorithms.


git-svn-id: file:///svn/unbound/trunk@2205 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-08-04 08:36:27 +00:00
Wouter Wijngaards
6df29c32e4 - iana portlist updated. 
- Fix validation of qtype DNSKEY when a key-cache entry exists but
  no rr-cache entry is used (it expired or prefetch), it then goes
  back up to the DS or trust-anchor to validate the DNSKEY.


git-svn-id: file:///svn/unbound/trunk@2189 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-09 15:00:35 +00:00
Wouter Wijngaards
f042f0dd5d - Neat function prototypes, unshadowed local declarations. 
git-svn-id: file:///svn/unbound/trunk@2188 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-07 13:13:36 +00:00
Wouter Wijngaards
518504ff5c Fix 4035 compliance for algorithms from the DS rrset that MUST sign the DNSKEY. 
git-svn-id: file:///svn/unbound/trunk@2172 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-07-01 12:08:48 +00:00
Wouter Wijngaards
b4b641807b Fix various compiler warnings from the clang llvm compiler. 
git-svn-id: file:///svn/unbound/trunk@2111 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-05-18 12:37:04 +00:00
Wouter Wijngaards
12e20eb5f4 - autotrust anchor file can be initialized with a ZSK key as well. 
git-svn-id: file:///svn/unbound/trunk@2100 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-27 13:00:48 +00:00
Wouter Wijngaards
0720e1a9a1 - Fix chain of trust with CNAME at an intermediate step, for the DS 
processing proof.



git-svn-id: file:///svn/unbound/trunk@2075 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-09 14:28:32 +00:00
Wouter Wijngaards
bec7e7a552 Fix validation of queries with wildcard names (*.example). 
git-svn-id: file:///svn/unbound/trunk@2070 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-08 13:22:29 +00:00
Wouter Wijngaards
77f49a5510 GOST support. 
git-svn-id: file:///svn/unbound/trunk@2065 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-04-06 12:15:19 +00:00
Wouter Wijngaards
11ecb5183b review of NSEC and NSEC3 zones results 
git-svn-id: file:///svn/unbound/trunk@2058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-22 14:40:45 +00:00
Wouter Wijngaards
75565262f7 Fixed random numbers for port, interface and server selection. 
Removed very small bias.
Also some lint fixes.



git-svn-id: file:///svn/unbound/trunk@2049 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-18 14:42:22 +00:00
Wouter Wijngaards
cd57530efd includes 
git-svn-id: file:///svn/unbound/trunk@2048 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:50:12 +00:00
Wouter Wijngaards
091050add6 cache verify work for nsec and nsec3. 
git-svn-id: file:///svn/unbound/trunk@2047 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:49:18 +00:00
Wouter Wijngaards
42599b7044 and store sec status 
git-svn-id: file:///svn/unbound/trunk@2046 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-17 09:27:53 +00:00
Wouter Wijngaards
367c2abbf3 Faster nsec3. 
git-svn-id: file:///svn/unbound/trunk@2044 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-16 16:52:56 +00:00
Wouter Wijngaards
147d47eee7 Move includes to code files. 
git-svn-id: file:///svn/unbound/trunk@2035 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-12 15:17:48 +00:00
Wouter Wijngaards
8c7781fb24 spelling fix 
git-svn-id: file:///svn/unbound/trunk@2029 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-11 16:17:45 +00:00
Matthijs Mekking
4f325d281b typo svn:NO TEST 
git-svn-id: file:///svn/unbound/trunk@2010 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-04 15:24:51 +00:00
Wouter Wijngaards
67624a8ee0 Skip RRSIGs on 5011 init. Make install makes all. 
git-svn-id: file:///svn/unbound/trunk@1997 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-03-01 10:26:42 +00:00
Wouter Wijngaards
8adc2929e8 printout errors if trust anchor write fails. 
git-svn-id: file:///svn/unbound/trunk@1984 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-16 08:52:44 +00:00
Wouter Wijngaards
6888c78e1e Fix for Roy. 
git-svn-id: file:///svn/unbound/trunk@1982 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-15 10:49:03 +00:00
Wouter Wijngaards
67a4310b36 Retry in case of validation failure less, cached per-zone not per-query. 
git-svn-id: file:///svn/unbound/trunk@1981 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-02-12 15:24:42 +00:00
Wouter Wijngaards
e7da8f089e remove warning on format string. 
git-svn-id: file:///svn/unbound/trunk@1964 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-27 20:29:07 +00:00
Wouter Wijngaards
5b0fd59e76 work on prefetch: store the updated results in the cache. 
git-svn-id: file:///svn/unbound/trunk@1954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-08 15:59:36 +00:00
Wouter Wijngaards
43d228c5bc Doc fix and work on prefetch feature. 
git-svn-id: file:///svn/unbound/trunk@1951 be551aaa-1e26-0410-a405-d3ace91eadb9
 2010-01-07 14:38:18 +00:00
Wouter Wijngaards
7094eab574 fixes and new ldns tarball. 
git-svn-id: file:///svn/unbound/trunk@1939 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:31:39 +00:00
Wouter Wijngaards
ab9bd76768 Answer qclass=ANY. 
git-svn-id: file:///svn/unbound/trunk@1938 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-15 09:10:04 +00:00
Wouter Wijngaards
47e7b5fb51 Check rrsig expiration last in verify_rrsig 
git-svn-id: file:///svn/unbound/trunk@1936 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-10 16:03:31 +00:00
Wouter Wijngaards
1d2c4f70fa fix crash for hauke 
git-svn-id: file:///svn/unbound/trunk@1933 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 16:27:13 +00:00
Wouter Wijngaards
c68aebb3d7 - Fix SOA excluded from negative DS responses. Reported by Hauke 
Lampe.  The negative cache did not include proper SOA records for
	  negative qtype DS responses which makes BIND barf on it, such
	  responses are now only used internally.
	- Fix negative cache lookup of closestencloser check of DS type bit.



git-svn-id: file:///svn/unbound/trunk@1932 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-09 14:55:19 +00:00
Wouter Wijngaards
4d1c4c8002 Fix crash reported on unbound-users with module-config "iterator" 
git-svn-id: file:///svn/unbound/trunk@1924 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-12-01 08:12:00 +00:00
Wouter Wijngaards
caeebbf4fa review comments 
git-svn-id: file:///svn/unbound/trunk@1915 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-20 12:06:00 +00:00
Wouter Wijngaards
c56fdce932 Fixup unsigned CNAME to signed CNAME detection of signatures. 
git-svn-id: file:///svn/unbound/trunk@1905 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-16 13:34:03 +00:00
Wouter Wijngaards
a4a7894f79 Fix validation failure cnamenodata proof failed for hud.gov. 
git-svn-id: file:///svn/unbound/trunk@1902 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-13 10:10:05 +00:00
Wouter Wijngaards
5423af1836 review fixes. 
git-svn-id: file:///svn/unbound/trunk@1901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-12 16:27:11 +00:00
Wouter Wijngaards
e19f71ffa0 Fixup to clean errinf on restart so no extremely long printouts. 
git-svn-id: file:///svn/unbound/trunk@1900 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-12 15:07:38 +00:00
Wouter Wijngaards
ff33e077de Fix crash bug with DLV and dnssec-retry for the domain registered in it. 
git-svn-id: file:///svn/unbound/trunk@1895 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 10:42:50 +00:00
Wouter Wijngaards
9890caff91 and error 
git-svn-id: file:///svn/unbound/trunk@1894 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-10 08:15:08 +00:00
Wouter Wijngaards
45c07da4a0 debug code 
git-svn-id: file:///svn/unbound/trunk@1893 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-09 16:26:24 +00:00
Wouter Wijngaards
7617c18be1 more error text 
git-svn-id: file:///svn/unbound/trunk@1892 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-05 19:32:02 +00:00
Wouter Wijngaards
463d7e09c5 better error text. 
git-svn-id: file:///svn/unbound/trunk@1891 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-05 19:22:50 +00:00
Wouter Wijngaards
07f5b21b7b parameter documented 
git-svn-id: file:///svn/unbound/trunk@1887 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 15:23:41 +00:00
Wouter Wijngaards
bf8bc06860 Fix autotrust initialised with DS. 
git-svn-id: file:///svn/unbound/trunk@1884 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-11-02 13:56:14 +00:00
Wouter Wijngaards
f42d27e1a2 - Made new validator error string available from libunbound for 
applications.  It is in result->why_bogus, a zero-terminated string.
	  unbound-host prints it by default if a result is bogus.
	  Also the errinf is public in module_qstate (for other modules).
	Binary API different. bumped library ABI version.


git-svn-id: file:///svn/unbound/trunk@1874 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 17:05:53 +00:00
Wouter Wijngaards
d7868e4077 Fix double time subtraction in negative cache. 
git-svn-id: file:///svn/unbound/trunk@1873 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 09:18:40 +00:00
Wouter Wijngaards
2c33330994 neater errors for algo and key failure. 
git-svn-id: file:///svn/unbound/trunk@1872 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 08:02:00 +00:00
Wouter Wijngaards
7782cf2b97 More detailed errors. 
git-svn-id: file:///svn/unbound/trunk@1871 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 07:23:49 +00:00
Wouter Wijngaards
a909fa9a3a neater explanation for unsigned or signatureless negative DS replies. 
git-svn-id: file:///svn/unbound/trunk@1870 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:57:23 +00:00
Wouter Wijngaards
e0b639accd More vallog reason. Doxygen. 
git-svn-id: file:///svn/unbound/trunk@1869 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-08 06:35:14 +00:00
Wouter Wijngaards
ce45cbda6d - moved version number to 1.4.0 because of 1.3.4 release with only 
the NSEC3 patch.
	- val-log-level: 2 shows extended error information for validation
	  failures, but still one (longish) line per failure.  For example:
	  validation failure <example.com. DNSKEY IN>: signature expired from
	  192.0.2.4 for trust anchor example.com. while building chain of trust
	  validation failure <www.example.com. A IN>: no signatures from
	  192.0.2.6 for key example.com. while building chain of trust



git-svn-id: file:///svn/unbound/trunk@1868 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 16:45:47 +00:00
Wouter Wijngaards
6f37df3b92 Fix trunk. 
git-svn-id: file:///svn/unbound/trunk@1866 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 14:00:56 +00:00
Wouter Wijngaards
1a02ab895b Fix check for signatures. 
git-svn-id: file:///svn/unbound/trunk@1864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 12:56:57 +00:00
Wouter Wijngaards
5ff6b1c5fb retry mode: empty non terminal. 
git-svn-id: file:///svn/unbound/trunk@1862 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:53:09 +00:00
Wouter Wijngaards
4d49d792c3 retry mode: DNSKEY. 
git-svn-id: file:///svn/unbound/trunk@1861 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 08:22:27 +00:00
Wouter Wijngaards
5d2e8e8e97 Retry mode, DS and prime. 
git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-07 07:52:02 +00:00
Wouter Wijngaards
455c3d130d Data retry on validation failure. 
git-svn-id: file:///svn/unbound/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-06 08:31:47 +00:00
Wouter Wijngaards
0679bf6502 Fix autotrust-5011 file used from libunbound (no probing by itself because 
it may not have the processor whenever it likes).


git-svn-id: file:///svn/unbound/trunk@1857 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-10-02 08:08:44 +00:00
Wouter Wijngaards
71959c05df review fixes. 
git-svn-id: file:///svn/unbound/trunk@1855 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-28 14:52:53 +00:00
Wouter Wijngaards
1c75281303 Read iana root multiline and prevent integer underflow. 
git-svn-id: file:///svn/unbound/trunk@1854 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-28 13:14:01 +00:00
Wouter Wijngaards
5007a44e52 review fixes 
git-svn-id: file:///svn/unbound/trunk@1853 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 15:20:29 +00:00
Wouter Wijngaards
2043463b6a review nits 
git-svn-id: file:///svn/unbound/trunk@1852 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-25 11:16:43 +00:00
Wouter Wijngaards
c467aabbf1 review comments 
git-svn-id: file:///svn/unbound/trunk@1850 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-23 15:15:41 +00:00
Wouter Wijngaards
ee1c4c1cce Failure handling for 5011. 
git-svn-id: file:///svn/unbound/trunk@1848 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-23 09:05:44 +00:00
Wouter Wijngaards
1f7304d146 revocation of trust anchors works. 
git-svn-id: file:///svn/unbound/trunk@1846 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-22 14:04:43 +00:00
Wouter Wijngaards
9dc9f0a8e8 rfc5011 and algorithm rollover 
git-svn-id: file:///svn/unbound/trunk@1845 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-22 12:20:21 +00:00
Wouter Wijngaards
d0cef76cff Pick up revocations even if not normally validly signed. 
git-svn-id: file:///svn/unbound/trunk@1842 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-18 10:13:06 +00:00
Wouter Wijngaards
82b8ddc9bb autotrust tests and fixes. 
git-svn-id: file:///svn/unbound/trunk@1841 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-18 07:49:29 +00:00
Wouter Wijngaards
b322353d8b remove printf format warning 
git-svn-id: file:///svn/unbound/trunk@1825 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-10 13:41:01 +00:00
Wouter Wijngaards
dcb11b2ee4 Fixup TTL too large bug for bogus responses. 
git-svn-id: file:///svn/unbound/trunk@1822 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-10 10:01:36 +00:00
Wouter Wijngaards
3f68f01313 - autotrust testbound scenarios. 
- autotrust fix that failure count is written to file.
        - autotrust fix that keys may become valid after add holddown time
          alone, before the probe returns.


git-svn-id: file:///svn/unbound/trunk@1819 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-07 14:34:29 +00:00
Wouter Wijngaards
e46441787c source IP from python and doxygen fixes. 
git-svn-id: file:///svn/unbound/trunk@1813 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-03 14:51:38 +00:00
Wouter Wijngaards
e5cab7b264 document last change 
git-svn-id: file:///svn/unbound/trunk@1805 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-03 09:29:54 +00:00
Wouter Wijngaards
8e2ef1caeb - TRAFFIC keyword for testbound. Simplifies test generation. 
${range lower val upper} to check probe timeout values.
- test with 5011-prepublish rollover and revocation.
- fix revocation of RR for autotrust, stray exclamation mark.


git-svn-id: file:///svn/unbound/trunk@1804 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-02 13:11:52 +00:00
Wouter Wijngaards
415236c002 active probe 
git-svn-id: file:///svn/unbound/trunk@1802 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 14:47:57 +00:00
Wouter Wijngaards
0a35d358ee More lint. 
git-svn-id: file:///svn/unbound/trunk@1801 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 13:15:51 +00:00
Wouter Wijngaards
544b3f8428 lint and doc 
git-svn-id: file:///svn/unbound/trunk@1800 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 13:09:55 +00:00
Wouter Wijngaards
9f9edf9ce6 docs 
git-svn-id: file:///svn/unbound/trunk@1799 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 13:07:38 +00:00
Wouter Wijngaards
eb3eb4f250 randomise probe time. 
git-svn-id: file:///svn/unbound/trunk@1798 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-09-01 12:45:10 +00:00
Wouter Wijngaards
bad061a35a Empty callback. 
git-svn-id: file:///svn/unbound/trunk@1791 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-27 15:22:48 +00:00
Wouter Wijngaards
902323da2f autotrust probing and testbound with fake timer support. 
git-svn-id: file:///svn/unbound/trunk@1787 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-26 13:23:49 +00:00
Wouter Wijngaards
568253e4ff Fixup DS query handling. 
git-svn-id: file:///svn/unbound/trunk@1785 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 15:15:10 +00:00
Wouter Wijngaards
6b959f8043 remove debug print 
git-svn-id: file:///svn/unbound/trunk@1784 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 14:59:48 +00:00
Wouter Wijngaards
b8a2dfb2c9 revoke point handling 
git-svn-id: file:///svn/unbound/trunk@1777 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 10:02:17 +00:00
Wouter Wijngaards
d8e6209a2e Fixup memleak in unsupported algorithm checks at startup. 
git-svn-id: file:///svn/unbound/trunk@1774 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-25 06:51:00 +00:00
Wouter Wijngaards
6f1f6dafb5 autotrust test routines. 
git-svn-id: file:///svn/unbound/trunk@1771 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-24 14:40:25 +00:00
Wouter Wijngaards
28be658942 debug routines and first brazilian prime has been done. 
git-svn-id: file:///svn/unbound/trunk@1770 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-21 15:27:23 +00:00
Wouter Wijngaards
ca94ca57b4 autotrust work 
git-svn-id: file:///svn/unbound/trunk@1769 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-20 11:49:33 +00:00
Wouter Wijngaards
0deef63323 autotrust state table updates. 
git-svn-id: file:///svn/unbound/trunk@1767 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-19 15:30:20 +00:00
Wouter Wijngaards
701b4ccdd6 autotrust event_update routine. 
git-svn-id: file:///svn/unbound/trunk@1766 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-18 15:36:46 +00:00
Wouter Wijngaards
a8dccbdd40 autotrust 
git-svn-id: file:///svn/unbound/trunk@1765 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-17 15:58:27 +00:00
Wouter Wijngaards
1cd84ce84e make better use of the cache. 
git-svn-id: file:///svn/unbound/trunk@1763 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-14 14:15:08 +00:00
Wouter Wijngaards
948567bea8 Fix bug in DLV. Iana portlist. 
git-svn-id: file:///svn/unbound/trunk@1762 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-14 13:58:54 +00:00
Wouter Wijngaards
ed67590f74 report RTT 
git-svn-id: file:///svn/unbound/trunk@1761 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-14 08:35:46 +00:00
Wouter Wijngaards
21e791248f autotrust work 
git-svn-id: file:///svn/unbound/trunk@1760 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-13 15:32:04 +00:00
Wouter Wijngaards
3251765048 autotrust work 
git-svn-id: file:///svn/unbound/trunk@1758 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-12 15:26:47 +00:00
Wouter Wijngaards
5ecf670277 lint 
git-svn-id: file:///svn/unbound/trunk@1757 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-11 14:25:34 +00:00
Wouter Wijngaards
538ca28828 OpenSSL config() and small memory leak. No more ENGINE_load_gost(). 
git-svn-id: file:///svn/unbound/trunk@1750 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-07 15:23:35 +00:00
Wouter Wijngaards
1f4222aa94 GOST support with --enable-gost. 
git-svn-id: file:///svn/unbound/trunk@1747 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-06 13:38:55 +00:00
Wouter Wijngaards
b97dbd3c8f Fix for Roland, tell why the error happens. 
git-svn-id: file:///svn/unbound/trunk@1740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-08-03 08:46:26 +00:00
Wouter Wijngaards
72aa0bad92 Log option for bogus only. 
git-svn-id: file:///svn/unbound/trunk@1734 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 14:22:29 +00:00
Wouter Wijngaards
f73ce55c6e nicer error message 
git-svn-id: file:///svn/unbound/trunk@1733 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-07-20 13:31:45 +00:00
Wouter Wijngaards
edae0ad954 More lenient. 
git-svn-id: file:///svn/unbound/trunk@1692 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 13:20:02 +00:00
Wouter Wijngaards
d453b4a43b More lenient checks. 
git-svn-id: file:///svn/unbound/trunk@1691 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 12:50:57 +00:00
Wouter Wijngaards
7bd415ffdd Removed debug prints. 
git-svn-id: file:///svn/unbound/trunk@1690 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-30 08:24:19 +00:00
Wouter Wijngaards
b6406cae1e Better wrongly truncated check. And debug statements. 
git-svn-id: file:///svn/unbound/trunk@1687 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-29 10:15:27 +00:00
Wouter Wijngaards
efee0803d0 debugprint for wrongly_truncated 
git-svn-id: file:///svn/unbound/trunk@1685 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-29 08:52:58 +00:00
Wouter Wijngaards
4d97a3a400 documentation 
git-svn-id: file:///svn/unbound/trunk@1679 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-19 11:40:44 +00:00
Wouter Wijngaards
e0bc4f2c97 extremely lenient for truncated positive replies 
git-svn-id: file:///svn/unbound/trunk@1670 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-18 10:59:59 +00:00
Wouter Wijngaards
3898abde02 Fixup DLV lookups and pickup responses from cache. 
git-svn-id: file:///svn/unbound/trunk@1657 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-15 13:27:53 +00:00
Wouter Wijngaards
6451748967 Remove REVOKE flag support. 
git-svn-id: file:///svn/unbound/trunk@1639 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-08 08:29:17 +00:00
Wouter Wijngaards
38ec4f4777 Fixup bad free. 
git-svn-id: file:///svn/unbound/trunk@1635 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-03 07:57:19 +00:00
Wouter Wijngaards
4b449309e5 rsasha256 and rsasha512 not enabled by default. 
git-svn-id: file:///svn/unbound/trunk@1631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-06-02 09:04:16 +00:00
Wouter Wijngaards
3b386055c7 RSASHA256 implicitly means NSEC3 support. 
git-svn-id: file:///svn/unbound/trunk@1593 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-09 14:51:17 +00:00
Wouter Wijngaards
5a9dcd323d remove empty line 
git-svn-id: file:///svn/unbound/trunk@1592 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-07 15:02:57 +00:00
Wouter Wijngaards
1e1ac9900a signature clock skew code. 
git-svn-id: file:///svn/unbound/trunk@1590 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-04-06 14:09:33 +00:00
Wouter Wijngaards
d369a1ac48 RRSIG validation fixed after Stephane Bortzmeyer reported. 
git-svn-id: file:///svn/unbound/trunk@1565 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-30 09:35:48 +00:00
Wouter Wijngaards
97a73402fc inverse trust anchor. 
git-svn-id: file:///svn/unbound/trunk@1533 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 14:02:46 +00:00
Wouter Wijngaards
41e589b08b Fixup trust anchor algorithm check. 
git-svn-id: file:///svn/unbound/trunk@1532 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-03-18 13:07:48 +00:00
Wouter Wijngaards
ce71720093 warn for bad trust anchors. 
git-svn-id: file:///svn/unbound/trunk@1487 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-19 09:01:39 +00:00
Wouter Wijngaards
b182b66e0e Do not validate with revoked keys. 
git-svn-id: file:///svn/unbound/trunk@1471 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-02-10 13:01:38 +00:00
Wouter Wijngaards
0b04be414e sun cc warnings 
git-svn-id: file:///svn/unbound/trunk@1439 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-15 10:34:18 +00:00
Wouter Wijngaards
c90fd40a5e fixes for suncc warnings 
git-svn-id: file:///svn/unbound/trunk@1438 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-15 10:29:17 +00:00
Wouter Wijngaards
8b860e8f12 removed debug print. 
git-svn-id: file:///svn/unbound/trunk@1424 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-09 15:17:39 +00:00
Wouter Wijngaards
e6c5255466 Wildcard support (from patch by Paul Wouters). 
git-svn-id: file:///svn/unbound/trunk@1413 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-07 12:24:34 +00:00
Wouter Wijngaards
c1ae463da5 chrooted include file fix 
git-svn-id: file:///svn/unbound/trunk@1411 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-06 15:47:15 +00:00
Wouter Wijngaards
865852d3f7 HINFO not downcased any more 
git-svn-id: file:///svn/unbound/trunk@1410 be551aaa-1e26-0410-a405-d3ace91eadb9
 2009-01-06 14:49:26 +00:00
Wouter Wijngaards
666b066bf6 fixup for DLV lookup higher NSEC examination bug. 
git-svn-id: file:///svn/unbound/trunk@1398 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-12-18 10:14:30 +00:00
Wouter Wijngaards
c653b8424b Fixup for problems with do-ip6: no and only ipv6 addresses. 
git-svn-id: file:///svn/unbound/trunk@1353 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-17 12:47:34 +00:00
Wouter Wijngaards
5cfd778608 - unit test for negative cache, stress tests the refcounting. 
- fix for refcounting error that could cause fptr_wlist fatal exit
	  in the negative cache rbtree (upcoming 1.1 feature). (Thanks to 
	  Attila Nagy for testing).
	- nicer comments in cachedump about failed RR to string conversion.


git-svn-id: file:///svn/unbound/trunk@1342 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-11 11:54:06 +00:00
Wouter Wijngaards
6c7416128c fixup memleaks. 
git-svn-id: file:///svn/unbound/trunk@1331 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-05 10:38:22 +00:00
Wouter Wijngaards
0d01be50bc detection of sha256 and sha512 by testing if functionality was compiled 
into openssl.


git-svn-id: file:///svn/unbound/trunk@1328 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-03 16:06:12 +00:00
Wouter Wijngaards
8a32f9003b - RSASHA256_NSEC3 and RSASHA512_NSEC3 algos are supported. 
- updated ldns tarball (with those algos).



git-svn-id: file:///svn/unbound/trunk@1327 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-03 15:42:07 +00:00
Wouter Wijngaards
7176710b7f Fixup b32 compat for Mac OSX linker. 
git-svn-id: file:///svn/unbound/trunk@1323 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-11-03 14:38:03 +00:00
Wouter Wijngaards
1b1694a959 More verbose on signer name error. 
git-svn-id: file:///svn/unbound/trunk@1322 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-23 10:54:03 +00:00
Wouter Wijngaards
e5c52a7032 less log 
git-svn-id: file:///svn/unbound/trunk@1310 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-20 09:11:17 +00:00
Wouter Wijngaards
265c199445 Fixup negative TTLs Attila Nagy has reported. 
git-svn-id: file:///svn/unbound/trunk@1306 be551aaa-1e26-0410-a405-d3ace91eadb9
 2008-10-16 13:12:32 +00:00