1.6.14
+ * DANE support (RFC6698), including ldns-dane example tool.
+ * bugfix #473: Dead code removal and resource leak fix in drill
* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
* Various bugfixes from code reviews from CZ.NIC and Paul Wouters
* ldns-notify TSIG option argument checking
* bugfix #459: Export only symbols defined in ldns_symbols
* bugfix #458: Track all newly created signatures when signing.
* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
- * bugfix #457: Memroy leak fix for ldns_key_new_frm_algorithm.
+ * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
* pyldns memory handling fixes and the python3/ldns-signzone.py
examples script contribution from Karel Slany.
* bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
* New -p option for ldns-read-zone to prepend-pad SOA serial to take
up ten characters.
* Return error if printing RR fails due to unknown/null RDATA.
- * New TLSA support (draft-ietf-dane-protocol).
1.6.13 2012-05-21
* New -S option for ldns-verify-zone to chase signatures online.
#include <arpa/inet.h>
#endif
+/* Returns whether the last label in the name is a root label (a empty label).
+ * Note that it is not enough to just test the last character to be 0,
+ * because it may be part of the last label itself.
+ */
static bool
-ldns_dname_has_root_label(const ldns_rdf* dname)
+ldns_dname_last_label_is_root_label(const ldns_rdf* dname)
{
size_t src_pos;
size_t len = 0;
* rd, by reducing the size with 1
*/
left_size = ldns_rdf_size(rd1);
- if (ldns_dname_has_root_label(rd1)) {
+ if (ldns_dname_last_label_is_root_label(rd1)) {
left_size--;
}
* rd, by reducing the size with 1
*/
left_size = ldns_rdf_size(rd1);
- if (ldns_dname_has_root_label(rd1)) {
+ if (ldns_dname_last_label_is_root_label(rd1)) {
left_size--;
}
/* If dname ends in a root label, the reverse should too.
*/
- if (ldns_dname_has_root_label(dname)) {
+ if (ldns_dname_last_label_is_root_label(dname)) {
buf[rd_size - 1] = 0;
rd_size -= 1;
}
.SH DESCRIPTION
-In the first two forms ldns-dane will be in \fBverify\fR modus.
-In the third form in \fBcreate\fR modus.
-
In the first form:
-A TLS connection to \fIname\fR:\fIport\fR is made. The TLSA resource
-record(s) for \fIname\fR are used to authenticate the connection.
+A TLS connection to \fIname\fR:\fIport\fR is established.
+The TLSA resource record(s) for \fIname\fR are used to authenticate
+the connection.
In the second form:
-The TLSA record(s) are read from \fItlsafile\fR and user to authenticate
+The TLSA record(s) are read from \fItlsafile\fR and used to authenticate
the TLS service they reference.
In the third form:
-A TLS connection to \fIname\fR:\fIport\fR is made and used to create the TLSA
-resource record(s) that would authenticate the connection.
-The parameters that determine the form of the TLSA records to be created
-are:
+A TLS connection to \fIname\fR:\fIport\fR is established and used to
+create the TLSA resource record(s) that would authenticate the connection.
+The parameters for TLSA rr creation are:
.PD 0
.I Certificate-usage\fR:
.RE
.PD 1
-In case of numbers the first few letters of the intended meaning may be used.
-Except for the hash algorithm names in which need the full name.
+In stead of numbers the first few letters of the value may be used.
+Except for the hash algorithm name, where the full name must be specified.
.SH OPTIONS
.IP -4
This option may be given more than once.
.IP -b
-print "\fIname\fR\. TYPE52 \\#\fIsize\fR \fIhexdata\fR" form in stead
+print "\fIname\fR\. TYPE52 \\# \fIsize\fR \fIhexdata\fR" form in stead
of TLSA presentation format.
.IP "-c \fIcertfile\fR"
Do not TLS connect to \fIname\fR:\fIport\fR, but authenticate (or make
\fItransport\fR are used. Otherwise the owner name of the TLSA record(s)
will be used to determine \fIname\fR, \fIport\fR and \fItransport\fR.
.IP -u
-Use UDP transport in stead of TCP to TLS connect.
+Use UDP transport in stead of TCP.
.IP -v
Show version and exit.
-.IP "-V \fI[0-5]\fR
-Set verbosity level (defaul 3)
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
ssl_err(s);
} else {
fprintf(stderr, "error: %s\n", ldns_get_errorstr_by_id(err));
- assert(0);
exit(EXIT_FAILURE);
}
}
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
sz += ldns_rdf_size(ldns_rr_rdf(rr, i));
}
- ldns_buffer_printf(buf, "\t\\#%d ", sz);
+ ldns_buffer_printf(buf, "\t\\# %d ", sz);
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
s = ldns_rdf2buffer_str_hex(buf, ldns_rr_rdf(rr, i));
LDNS_ERR(s, "could not ldns_rdf2buffer_str_hex");
/**
* Set the key's rsa data.
- * The rsa data should be freed by the user themselve.
+ * The rsa data should be freed by the user.
* \param[in] k the key
* \param[in] r the rsa data
*/
/**
* Set the key's dsa data
- * The dsa data should be freed by the user themselve.
+ * The dsa data should be freed by the user.
* \param[in] k the key
* \param[in] d the dsa data
*/
int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key,
radix_strlen_t len, ldns_radix_node_t** result);
-/** ldns_radix_find_less_equal */
-
/**
* Get the first element in the tree.
* @param tree: tree.
projects / thirdparty / ldns.git / commitdiff
