UNBOUND_VERSION_MICRO=23
-LIBUNBOUND_CURRENT=4
+LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=3
-LIBUNBOUND_AGE=2
+LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
# 1.0.2 had 0:14:0
# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
-# 1.4.23 had 4:3:2
+# 1.4.23 had 5:3:3 # adds ub_ctx_add_ta_autr
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
-LIBUNBOUND_CURRENT=4
+LIBUNBOUND_CURRENT=5
LIBUNBOUND_REVISION=3
-LIBUNBOUND_AGE=2
+LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
# 1.0.2 had 0:14:0
# 1.4.20 had 4:0:2 # adds libunbound.ttl # but shipped 3:5:1
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
-# 1.4.23 had 4:3:2
+# 1.4.23 had 5:3:3 # adds ub_ctx_add_ta_autr
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
+4 November 2014: Wouter
+ - Add ub_ctx_add_ta_autr function to add a RFC5011 automatically
+ tracked trust anchor to libunbound.
+
27 October 2014: Wouter
- Disabled use of SSLv3 in remote-control and ssl-upstream.
- iana portlist update.
.B ub_ctx_resolvconf,
.B ub_ctx_hosts,
.B ub_ctx_add_ta,
+.B ub_ctx_add_ta_autr,
.B ub_ctx_add_ta_file,
.B ub_ctx_trustedkeys,
.B ub_ctx_debugout,
\fBub_ctx_add_ta\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR ta);
.LP
\fIint\fR
+\fBub_ctx_add_ta_autr\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
+.LP
+\fIint\fR
\fBub_ctx_add_ta_file\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
The format is a string, similar to the zone\-file format,
[domainname] [type] [rdata contents]. Both DS and DNSKEY records are accepted.
.TP
+.B ub_ctx_add_ta_autr
+Add filename with automatically tracked trust anchor to the given context.
+Pass name of a file with the managed trust anchor. You can create this
+file with \fIunbound\-anchor\fR(8) for the root anchor. You can also
+create it with an initial file with one line with a DNSKEY or DS record.
+If the file is writable, it is updated when the trust anchor changes.
+At this time it is only possible to add trusted keys before the
+first resolve is done.
+.TP
.B ub_ctx_add_ta_file
Add trust anchors to the given context.
Pass name of a file with DS and DNSKEY records in zone file format.
return UB_NOERROR;
}
+int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname)
+{
+ char* dup = strdup(fname);
+ if(!dup) return UB_NOMEM;
+ lock_basic_lock(&ctx->cfglock);
+ if(ctx->finalized) {
+ lock_basic_unlock(&ctx->cfglock);
+ free(dup);
+ return UB_AFTERFINAL;
+ }
+ if(!cfg_strlist_insert(&ctx->env->cfg->auto_trust_anchor_file_list,
+ dup)) {
+ lock_basic_unlock(&ctx->cfglock);
+ free(dup);
+ return UB_NOMEM;
+ }
+ lock_basic_unlock(&ctx->cfglock);
+ return UB_NOERROR;
+}
+
int
ub_ctx_trustedkeys(struct ub_ctx* ctx, const char* fname)
{
ub_ctx_resolvconf
ub_ctx_hosts
ub_ctx_add_ta
+ub_ctx_add_ta_autr
ub_ctx_add_ta_file
ub_ctx_trustedkeys
ub_ctx_debugout
*/
int ub_ctx_add_ta_file(struct ub_ctx* ctx, const char* fname);
+/**
+ * Add trust anchor to the give context that is tracked with RFC5011
+ * automated trust anchor maintenance. The file is written to when the
+ * trust anchor is changed.
+ * Pass the name of a file that was output from eg. unbound-anchor,
+ * or you can start it by providing a trusted DNSKEY or DS record on one
+ * line in the file.
+ * @param ctx: context.
+ * At this time it is only possible to add trusted keys before the
+ * first resolve is done.
+ * @param fname: filename of file with trust anchor.
+ * @return 0 if OK, else error.
+ */
+int ub_ctx_add_ta_autr(struct ub_ctx* ctx, const char* fname);
+
/**
* Add trust anchors to the given context.
* Pass the name of a bind-style config file with trusted-keys{}.
projects / thirdparty / unbound.git / commitdiff
