summaryrefslogtreecommitdiff
path: root/src/resolve/resolved-dns-dnssec.c
AgeCommit message (Expand)Author
2016-01-03Merge pull request #2255 from teg/resolved-fixes-2Lennart Poettering
2016-01-03resolved: add negative trust anchro support, and add trust anchor configurati...Lennart Poettering
2016-01-03resolved: dnssec - properly take wildcards into account in NESC3 proofTom Gundersen
2016-01-03resolved: dnssec - factor out hashed domain generationTom Gundersen
2016-01-03resolved: don't conclude NODATA if CNAME existsTom Gundersen
2016-01-02resolved: don't accept NSEC3 iteration fields unboundedLennart Poettering
2016-01-01resolved: dnssec - add reference to the algorithm we implementTom Gundersen
2016-01-01resolved: dnssec - prepend hashed labels to zone nameTom Gundersen
2016-01-01resolved: dnssec - rename some variablesTom Gundersen
2016-01-01resoled: dnssec - don't refuse to verify answer due to too many unrelated RRsTom Gundersen
2016-01-01resolved: dnssec - fix off-by-one in RSA key parsingTom Gundersen
2015-12-29resolved: NSEC3 hash algorithms are distinct from DS digest algorithmsLennart Poettering
2015-12-29update DNSSEC TODOLennart Poettering
2015-12-29resolved: add comments referencing various RFCs to various placesLennart Poettering
2015-12-28Merge pull request #2231 from phomes/resolve-misc2Tom Gundersen
2015-12-28resolved: update DNSSEC TODOLennart Poettering
2015-12-28resolved: use RRSIG expiry and original TTL for cache managementLennart Poettering
2015-12-28resolved: only keep a single list of supported signature algorithmsLennart Poettering
2015-12-28resolved: add ECDSA signature supportLennart Poettering
2015-12-28resolved: split out RSA-specific code from dnssec_verify_rrset()Lennart Poettering
2015-12-28resolved: simplify MD algorithm initialization a bitLennart Poettering
2015-12-28resolved: add SHA384 digest supportLennart Poettering
2015-12-28resolve: remove unused variablesThomas Hindoe Paaboel Andersen
2015-12-26resolved: add an automatic downgrade to non-DNSSEC modeLennart Poettering
2015-12-26resolved: if we accepted unauthenticated NSEC/NSEC3 RRs, use them for proofsLennart Poettering
2015-12-26resolved: be stricter when searching for a DS RR for a DNSKEY RRLennart Poettering
2015-12-26update DNSSEC TODOLennart Poettering
2015-12-26resolved: tighten search for NSEC3 RRs a bitLennart Poettering
2015-12-26resolved: when doing NSEC3 proof, first find right NSEC3 suffixLennart Poettering
2015-12-26resolved: properly implement RRSIG validation of wildcarded RRsetsLennart Poettering
2015-12-18resolved: update TODOLennart Poettering
2015-12-18resolved: add support NSEC3 proofs, as well as proofs for domains that are OK...Lennart Poettering
2015-12-14resolved: update DNSSEC TODOLennart Poettering
2015-12-14resolved: add basic proof of non-existance support for NSEC+NSEC3Lennart Poettering
2015-12-14resolved: initialize libgcrypt before using itLennart Poettering
2015-12-14resolved: rework how we get the gcrypt digest algorithm ID from DNSSEC digest...Lennart Poettering
2015-12-11resolved: rework dnssec validation resultsLennart Poettering
2015-12-10resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabledLennart Poettering
2015-12-10resolved: when matching up DNSKEY and DS RRs, it's fine if we don't support t...Lennart Poettering
2015-12-10resolved: when matching up RRSIG and DNSKEY RRs, use the RRSIG's signer name,...Lennart Poettering
2015-12-10resolved: fix sorting of RRsetsLennart Poettering
2015-12-10resolved: fix libgcrypt error checkingLennart Poettering
2015-12-06resolve: remove unused variableThomas Hindoe Paaboel Andersen
2015-12-03resolved: update DNSSEC TODO list a bitLennart Poettering
2015-12-03resolved: maintain a short TODO list for DNSSEC support in the dnssec C files...Lennart Poettering
2015-12-03resolved: introduce a dnssec_mode setting per scopeLennart Poettering
2015-12-03resolved: add a limit on the max DNSSEC RRSIG expiry skew we allowLennart Poettering
2015-12-03resolved: make expiration error recognizableLennart Poettering
2015-12-03resolved: support the RSASHA1_NSEC3_SHA1 pseudo-algorithmLennart Poettering
2015-12-03resolved: don't accept expired RRSIGsLennart Poettering