diff options
| author | Brian Wellington <bwelling@xbill.org> | 2020-07-01 13:06:14 -0700 |
|---|---|---|
| committer | Brian Wellington <bwelling@xbill.org> | 2020-07-01 13:06:14 -0700 |
| commit | 8d1360481095e29ce63c9777b37d9eb0c411f9b7 (patch) | |
| tree | c93777b337cc5d6ea09ad3810a4f50334dd0bfac /doc | |
| parent | 5765181c220b96b1543395faaf5e43eb778a45ff (diff) | |
| download | dnspython-8d1360481095e29ce63c9777b37d9eb0c411f9b7.tar.gz | |
Add dns.tsig.Key class.
This creates a new class to represent a TSIG key, containing name,
secret, and algorithm.
The keyring format is changed to be {name : key}, and the methods in
dns.tsigkeyring are updated to deal with old and new formats.
The Message class is updated to use dns.tsig.Key, although (to avoid
breaking existing code), it stores them in the keyring field.
Message.use_tsig() can accept either explicit keys, or keyrings; it will
extract and/or create a key.
dns.message.from_wire() can accept either a key or a keyring in the
keyring parameter. If passed a key, it will now raise if the TSIG
record in the message was signed with a different key. If passed a
keyring containing keys (as opposed to bare secrets), it will check that
the TSIG record's algorithm matches that of the key.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/message-class.rst | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/doc/message-class.rst b/doc/message-class.rst index b235d90..08d9958 100644 --- a/doc/message-class.rst +++ b/doc/message-class.rst @@ -47,9 +47,7 @@ DNS opcodes that do not have a more specific class. .. attribute:: keyring - The TSIG keyring to use. The default is `None`. A TSIG keyring - is a dictionary mapping from TSIG key name, a ``dns.name.Name``, to - a TSIG secret, a ``bytes``. + A ``dns.tsig.Key``, the TSIG key. The default is None. .. attribute:: keyname |