|
|
|
@1953
|
[1953]
|
2 years |
ahu |
add support for Crypto++ ECDSA, refine & rename CryptoKeyEngine? interface, …
|
|
|
|
@1952
|
[1952]
|
2 years |
ahu |
big rename of DNSPrivateKey which wasn't, and is now called …
|
|
|
|
@1951
|
[1951]
|
2 years |
ahu |
- scary commit -
add a generic botan1.8/botan1.9 signer/verifier for RSA …
|
|
|
|
@1939
|
[1939]
|
2 years |
ahu |
if I understand things correctly, powerdns does 'opt-out' NSEC3, but we …
|
|
|
|
@1935
|
[1935]
|
2 years |
ahu |
make sure we don't try to print digest type 3 if we don't have GOST on …
|
|
|
|
@1927
|
[1927]
|
2 years |
ahu |
update pdnssec error message & documentation based on feedback by Leen …
|
|
|
|
@1920
|
[1920]
|
2 years |
ahu |
with this patch, PowerDNS works around a bug in the Botan GOST code. Post …
|
|
|
|
@1919
|
[1919]
|
2 years |
ahu |
further spiff up verify-crypto, now correctly processes samples from …
|
|
|
|
@1915
|
[1915]
|
2 years |
ahu |
add signature verification infrastructure for RSA & GOST, test with …
|
|
|
|
@1913
|
[1913]
|
2 years |
ahu |
finish up support for GOST, including DS with digest type=3, plus abstract …
|
|
|
|
@1912
|
[1912]
|
2 years |
ahu |
First part of the GOST support: R 34.10-2001, GOST R 34.11-94 will follow. …
|
|
|
|
@1909
|
[1909]
|
2 years |
ahu |
this huge commit adds support for RSASHA512 & draft-ietf-dnsext-ecdsa …
|
|
|
|
@1908
|
[1908]
|
2 years |
ahu |
massively speed up nsec/nsec3 rectification by wrapping the update …
|
|
|
|
@1905
|
[1905]
|
2 years |
ahu |
'multi-algorithm support' - for now we still only do RSA, but the whole …
|
|
|
|
@1894
|
[1894]
|
2 years |
ahu |
document (un)set-presigned
|
|
|
|
@1893
|
[1893]
|
2 years |
ahu |
implement 'pdnssec set-presigned', allowing PowerDNSSEC to serve …
|
|
|
|
@1884
|
[1884]
|
2 years |
ahu |
implement 'pdnssec import-zone-key-pem' which is compatible with the …
|
|
|
|
@1879
|
[1879]
|
2 years |
ahu |
refuse to make keys of unknown algorithm instead of just complaining
allow …
|
|
|
|
@1873
|
[1873]
|
2 years |
ahu |
improve syntax checking for pdnssec
|
|
|
|
@1865
|
[1865]
|
2 years |
ahu |
fix typo in bindbackend, add pdnssec hash-zone-record convenience function …
|
|
|
|
@1852
|
[1852]
|
2 years |
ahu |
add support for unsalted nsec3 hashes ('1 0 1 -')
|
|
|
|
@1851
|
[1851]
|
2 years |
ahu |
show-zone output partially went to stderr
we can now roundtrip a zone via …
|
|
|
|
@1843
|
[1843]
|
2 years |
ahu |
* Make everything aware of multiple simultaneous signing keys
* …
|
|
|
|
@1835
|
[1835]
|
2 years |
ahu |
make dnsseckeeper & dnssecinfra code, plus pdnssec, aware of non-RSASHA1 …
|
|
|
|
@1834
|
[1834]
|
2 years |
ahu |
also emit DS for digest type 2 (SHA256) in pdnssec output
|
|
|
|
@1825
|
[1825]
|
2 years |
ahu |
more documentation, plus add importing as zsk, ksk, plus adding a zsk or …
|
|
|
|
@1824
|
[1824]
|
2 years |
ahu |
make importing keys a bit more resilient against whitespace, plus fix up …
|
|
|
|
@1823
|
[1823]
|
2 years |
ahu |
oops, the --config-name fix broke setups w/o a config-name
plus add …
|
|
|
|
@1822
|
[1822]
|
2 years |
ahu |
report (fatal) errors better
|
|
|
|
@1820
|
[1820]
|
2 years |
ahu |
suggested by Maik Zumstrull, pdnssec needs --config-name to access virtual …
|
|
|
|
@1816
|
[1816]
|
2 years |
ahu |
make pdnssec output useful help
rename order-zone to rectify-zone and make …
|
|
|
|
@1810
|
[1810]
|
2 years |
ahu |
implement 'narrow' NSEC3 generation w/o consulting the database ordering, …
|
|
|
|
@1803
|
[1803]
|
2 years |
ahu |
actually set the module-dir before we need it instead of after - spotted …
|
|
|
|
@1802
|
[1802]
|
2 years |
ahu |
teach pdnssec about config-dir
|
|
|
|
@1801
|
[1801]
|
2 years |
ahu |
make pdnssec (hopefully) support dynamically loaded modules too
|
|
|
|
@1793
|
[1793]
|
2 years |
ahu |
make pdnssec read the right configuration file, plus make add-zone-key add …
|
|
|
|
@1791
|
[1791]
|
2 years |
ahu |
hook up activate-domain-key, deactivate-domain-key, remove-domain-key
|
|
|
|
@1788
|
[1788]
|
2 years |
ahu |
add import-zone-key for interop, remove key-repository setting from …
|
|
|
|
@1783
|
[1783]
|
2 years |
ahu |
don't crash if the dnsseckeeper returns unexpected results
|
|
|
|
@1778
|
[1778]
|
2 years |
ahu |
repair some tabdamage
|
|
|
|
@1777
|
[1777]
|
2 years |
ahu |
fix up export-zone-key so that we set the algorithm field correctly
|
|
|
|
@1773
|
[1773]
|
2 years |
ahu |
spruce up 'show-zone' output, add 'set-nsec3', 'unset-nsec3', …
|
|
|
|
@1769
|
[1769]
|
2 years |
ahu |
re-enable order-zone, make it nsec/nsec3 aware dnsseckeeper
|
|
|
|
@1760
|
[1760]
|
2 years |
ahu |
align our key storage naming with the excellent ldns/nsd/unbound tools, …
|
|
|
|
@1757
|
[1757]
|
2 years |
ahu |
move to mature key management (unified zsks, proper ids, active, inactive)
|
|
|
|
@1755
|
[1755]
|
2 years |
ahu |
move to keys with ids in addition to tags, so we can refer to keys in an …
|
|
|
|
@1726
|
[1726]
|
3 years |
ahu |
make dnsseckeeper & pdnssec understand the new world of 'active' and …
|
|
|
|
@1724
|
[1724]
|
3 years |
ahu |
fix up pdnssec compilation
|
|
|
|
@1648
|
[1648]
|
3 years |
ahu |
implement 'check-zone' for phibs, plus make powerdns crash violently if a …
|
|
|
|
@1645
|
[1645]
|
3 years |
ahu |
fix up algorithm 5 and 7 confusion, make sure that basis comparisons …
|
|
|
|
@1616
|
[1616]
|
3 years |
ahu |
implement 'NSEC3', and enable it for NXDOMAIN responses - other cases have …
|
|
|
|
@1615
|
[1615]
|
3 years |
ahu |
implement first ghetto nsec3 generation code - all wrong
|
|
|
|
@1613
|
[1613]
|
3 years |
ahu |
infrastructure in packethandler.cc & pdnssec to start to do something with …
|
|
|
|
@1604
|
[1604]
|
3 years |
ahu |
add in-place reordering infrastructure
|
|
|
|
@1596
|
[1596]
|
3 years |
ahu |
revamp the 'activeness' of keys, dnsseckeeper now gives more information …
|
|
|
|
@1593
|
[1593]
|
3 years |
ahu |
do not make more zsks if there are 2 *or more* present already
|
|
|
|
@1573
|
[1573]
|
3 years |
ahu |
make the pdnssec tool be more helpful, both in not crashing and showing …
|
|
|
|
@1572
|
[1572]
|
3 years |
ahu |
make pdnssec not segfault if the key repository does not exist, plus add …
|
|
|
|
@1565
|
[1565]
|
3 years |
ahu |
teach pdnssec not to crash when you do not mention which zone it should …
|
|
|
|
@1553
|
[1553]
|
3 years |
ahu |
the 'pdnssec' control program
|
