summaryrefslogtreecommitdiff
path: root/test/dnszones-src
AgeCommit message (Collapse)Author
2018-11-27Testsuite: regenerate CA trees with 2048-bit keysJeremy Harris
This is to support RHEL 8.0 where OpenSSL dislikes 1024
2018-09-09DANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server certJeremy Harris
2018-04-13DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkeyJeremy Harris
2018-03-25DKIM: move ed25519_privkey_pem_to_pubkey_raw_b64 to src/util/ and add usage ↵Jeremy Harris
notes to docs
2018-02-06DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)Jeremy Harris
2017-12-22DANE/GnuTLS: split verification of mixed sets of TLSA records by usageJeremy Harris
This is because we cannot do the required CA-anchor and names checks for TA-mode and not for EE-mode, without knowing which usage TLSA was used.
2017-12-20DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE modeJeremy Harris
Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing
2017-12-19DANE: support under GnuTLS. Bug 1523Jeremy Harris
GnuTLS version 3.0.0 onwards; still Experimental
2017-12-18Testsuite: move CRL testcases away from using SHA1-signed certsJeremy Harris
2017-12-16Testsuite: regenerate certs treeJeremy Harris
2017-12-16Testsuite: restore lost dns config for DKIM extra-txt-records testcaseJeremy Harris
Broken-by: 854586e149
2017-12-16Testsuite: testcase for Bug 2198Jeremy Harris
2017-12-09Testsuite: regen TLSA records, to match cert treeJeremy Harris
2017-12-03DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207Heiko Schlittermann (HS12-RIPE)
2017-08-09DKIM: Enforce any "h" field present in the DNS publickey record. This can ↵Jeremy Harris
be set to require specific hash types, eg sha256, in signatues. There is an IETF draft in discussion which deprecates sha1 so this feature may start to be used.
2017-05-07Testsuite: add DANE cases for DNS secure no-TLSA lookupsJeremy Harris
2017-05-07Testsuite: add DANE testcase for TLSA lookup SERVFAILJeremy Harris
2017-01-31Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵Jeremy Harris
clamp on small-size_t platforms
2016-12-29DKIM: More validation of DNS key record. Bug 1926Jeremy Harris
2016-11-02Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofsJeremy Harris
2016-01-05DKIM: fix base64 decode to ignore whitespace; needed for private-key inputJeremy Harris
from file. Use this for general-purpose b64decode also. Testsuite: DKIM signing testcase
2015-12-17DANE: do not override a cert verify failure, in callback. Also fix some ↵Jeremy Harris
test mistakes
2015-12-16DANE: fix testcase 2/0/1 TLSA recordJeremy Harris
2015-12-01DKIM: $dkim_key_length visibility variable. Bug 1311Jeremy Harris
2015-11-29DKIM: relaxed body canonicalisation should ignore whitespace at EOLJeremy Harris
and empty lines at EOM. Bug 1721
2015-09-17DNS: time-limit cached returns, using TTL. Bug 1395Jeremy Harris
This can matter for fast-changing data such as DNSBLs.
2015-06-22Testsuite: fakens may return AUTHORITY recordsHeiko Schlittermann (HS12)
If an entry in db.<zone> is prefixed with "AA ", fakens will put a valid NS record into the AUTHORITY section of the returned packet. This will be used by dns_trust_aa checks.
2015-05-23tidyingJeremy Harris
2015-05-22DANE: do not fail/defer message due to TLSA lookup but dane is only requestedJeremy Harris
2015-05-21Fix DANE for multiple-MX when all TLSA lookup defer. Bug 1634Jeremy Harris
2015-05-20Testsuite: Check debug message if we requested AD but got AAHeiko Schlittermann (HS12)
2015-05-19Change HELO-verify forward case from byname to bydns and add DNSSEC trackingJeremy Harris
2015-05-13Testsuite: Check dnssec_{request,require}_domains for dnslookupHeiko Schlittermann (HS12)
2015-05-11Do not use the A lookup following an AAAA for setting the FQDN. Bug 1588Jeremy Harris
Normally benign, it bites when the pair was led to by a CNAME; modern usage is to not canoicalize the domain to a cname target (and we were inconsistent anyway for A-only vs AAAA+A).
2015-05-09Support SOA lookup in dnsdb lookups. Bug 286Jeremy Harris
2015-05-07 Log lengthy DNS lookups. Bug 514Jeremy Harris
Original by <derrick.rice@gmail.com>, massaged by JH
2015-04-18UTF8: Avoid treating a punycoded dns lookup as an implicit redirectionJeremy Harris
2015-04-12DNS lookups never use UTF-8Jeremy Harris
2015-02-18Testsuite: permit use of IPv6 loopbackJeremy Harris
2014-11-08Testsuite: additional dns zone for certificate name testingJeremy Harris
2014-08-10Add (2 0 1) testJeremy Harris
2014-08-10Add direct-A testJeremy Harris
2014-08-10Verifiable conn with DANE-EE(3) / SPKI(1) / SHA2-512(2)Jeremy Harris
2014-08-10Add support in the fakens utility for TLSA recordsJeremy Harris
2014-08-10Add support in the fakens utility for marking records as "secure"Jeremy Harris
and returning an AD bit for lookups.
2011-06-29Remove obsolete $Cambridge$ CVS revision strings.Tony Finch
I have also de-CVSed the ABOUT files and cleaned up a few introductory comments.
2007-03-14Fix manualroute bug for localhost following multihomed host.Philip Hazel
2006-10-03Michael Deutschmann's patch for getting TXT from a specific list whenPhilip Hazel
a match is found on a merged list.
2006-04-18Extend ${readsocket to TCP sockets (modified John Jetmore's patch).Philip Hazel
2006-02-20One final test added to the test suite.Philip Hazel
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-21 21:07:07 +0000