summaryrefslogtreecommitdiff
path: root/src/dnssec.c
Commit message (Expand)AuthorAgeFilesLines
* Compiler warning.Simon Kelley2014-03-031-2/+2
* Mass edit of INSECURE->BOGUS returns for server failure/bad input.v2.69test10Simon Kelley2014-03-011-84/+73
* Tweak tuning params.Simon Kelley2014-03-011-2/+2
* Handle replies with no answers and no NS in validate_reply.Simon Kelley2014-03-011-0/+4
* Don't free blockdata for negative DS cache entries.Simon Kelley2014-03-011-1/+1
* Fix off-by-one overwrite.Simon Kelley2014-03-011-1/+2
* Tidy.Simon Kelley2014-03-011-4/+3
* Check that unsigned replies come from unsigned zones if --dnssec-check-unsign...Simon Kelley2014-02-281-85/+191
* Negative caching for DS records.Simon Kelley2014-02-271-17/+65
* Return INSECURE when validation fails with proved non-existent DS.Simon Kelley2014-02-251-5/+9
* Strip DNSSEC RRs when query doesn't have DO bit set.Simon Kelley2014-02-251-75/+277
* Speeling.Simon Kelley2014-02-241-7/+7
* Code cleanup.v2.69test9Simon Kelley2014-02-241-47/+34
* An NSEC record cannot attest to its own non-existance!Simon Kelley2014-02-241-4/+8
* Check signer name in RRSIGs.Simon Kelley2014-02-231-6/+32
* Bugfix for last commit.Simon Kelley2014-02-231-4/+4
* NSEC3 validation. First pass.Simon Kelley2014-02-231-111/+496
* Add --servers-file option.Simon Kelley2014-02-201-0/+2
* Omit ECC from DNSSEC if nettle library is old.Simon Kelley2014-02-191-6/+13
* Log BOGUS validation result when upstream sends SERVFAIL.Simon Kelley2014-02-131-0/+3
* Add RFC-6605 ECDSA DNSSEC verification.Simon Kelley2014-02-131-6/+80
* Fix Byte-order botch: broke DNSSEC on big-endian platforms.Simon Kelley2014-02-101-2/+2
* Fix DNSSEC caching problems: incomplete RRSIG RRsets.Simon Kelley2014-02-101-0/+1
* Fix stack-smashing crash in DNSSEC. Thanks to Henk Jan Agteresch.Simon Kelley2014-02-061-3/+1
* Protect against malicious DNS replies with very large RRsets.Simon Kelley2014-02-061-0/+5
* Linking stuff. Latest Debian/Ubuntu don't automatically link gmp.Simon Kelley2014-02-041-2/+2
* Nasty cache failure and memory leak with DNSSEC.Simon Kelley2014-02-031-116/+167
* Validate Ooops.Simon Kelley2014-02-011-1/+1
* Code tidy.Simon Kelley2014-01-261-9/+7
* Remove --dnssec-permissive, pointless if we don't set CD upstream.Simon Kelley2014-01-261-2/+2
* Fix to last commit.Simon Kelley2014-01-251-1/+2
* Replace CRC32 with SHA1 for spoof detection in DNSSEC builds.Simon Kelley2014-01-251-0/+30
* RRSIG answer logging.Simon Kelley2014-01-251-1/+1
* --dnssec-debugSimon Kelley2014-01-251-1/+3
* More DNSSEC caching logic, and avoid repeated validation of DS/DNSKEYSimon Kelley2014-01-251-1/+1
* RRSIGS for PTR records from cache.Simon Kelley2014-01-241-1/+1
* More DNSSEC cache readout.Simon Kelley2014-01-231-12/+12
* Cache RRSIGS.Simon Kelley2014-01-221-46/+116
* Caching of DNSSEC records.Simon Kelley2014-01-221-77/+93
* Fix loop in RR sort.Simon Kelley2014-01-211-1/+3
* Fix to hostname_cmp, and update to canonicalisation table. RFC 4034 LIES.Simon Kelley2014-01-211-3/+1
* Rationalise hostname_cmp()Simon Kelley2014-01-211-62/+48
* NSEC proof-of-non-existence.Simon Kelley2014-01-201-4/+232
* Don't validate error returns.Simon Kelley2014-01-191-0/+3
* UDP retries for DNSSECSimon Kelley2014-01-161-2/+2
* Fix SEGV and failure to validate on x86_64.Simon Kelley2014-01-161-2/+2
* Swap crypto library from openSSL to nettle.Simon Kelley2014-01-131-46/+257
* Furthet tweak to RRset sort.Simon Kelley2014-01-101-12/+10
* RFC 4035 5.3.2 wildcard label rules.Simon Kelley2014-01-091-56/+82
* DNSSEC consolidation.Simon Kelley2014-01-091-608/+447
View Lorry Controller Status