Age | Commit message (Collapse) | Author |
|
This enables testing with the testsuite
|
|
This is to support RHEL 8.0 where OpenSSL dislikes 1024
|
|
|
|
|
|
notes to docs
|
|
|
|
This is because we cannot do the required CA-anchor and names checks for TA-mode
and not for EE-mode, without knowing which usage TLSA was used.
|
|
Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing
|
|
GnuTLS version 3.0.0 onwards; still Experimental
|
|
|
|
|
|
Broken-by: 854586e149
|
|
|
|
|
|
|
|
be set to require specific
hash types, eg sha256, in signatues. There is an IETF draft in discussion which deprecates sha1 so this
feature may start to be used.
|
|
|
|
|
|
clamp on small-size_t platforms
|
|
|
|
|
|
from file. Use this for general-purpose b64decode also.
Testsuite: DKIM signing testcase
|
|
test mistakes
|
|
|
|
|
|
and empty lines at EOM. Bug 1721
|
|
This can matter for fast-changing data such as DNSBLs.
|
|
If an entry in db.<zone> is prefixed with "AA ", fakens
will put a valid NS record into the AUTHORITY section of the
returned packet. This will be used by dns_trust_aa checks.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Normally benign, it bites when the pair was led to by a CNAME;
modern usage is to not canoicalize the domain to a cname target
(and we were inconsistent anyway for A-only vs AAAA+A).
|
|
|
|
Original by <derrick.rice@gmail.com>, massaged by JH
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and returning an AD bit for lookups.
|
|
I have also de-CVSed the ABOUT files and cleaned up a few
introductory comments.
|
|
|
|
a match is found on a merged list.
|
|
|