]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a177b07) | patch
Deprecate SHA-1 in `dnssec-dsfromkey`
authorTony Finch <dot@dotat.at>
Thu, 31 Jan 2019 17:05:57 +0000 (17:05 +0000)
committerEvan Hunt <each@isc.org>
Thu, 9 May 2019 01:17:55 +0000 (18:17 -0700)
commit796a6c4e4e5872a85289097ee1e7f5eaed16c8a6
tree10b3c8ab6b389d4cf04cef464e207fe094cbfd65tree | snapshot
parenta177b07da1d321841027660180901885461103e6commit | diff
Deprecate SHA-1 in `dnssec-dsfromkey`

This makes the `-12a` options to `dnssec-dsfromkey` work more like
`dnssec-cds`, in that you can specify more than one digest and you
will get multiple records. (Previously you could only get one
non-default digest type at a time.)

The default is now `-2`. You can get the old behaviour with `-12`.

Tests and tools that use `dnssec-dsfromkey` have been updated to use
`-12` where necessary.

This is for conformance with the DS/CDS algorithm requirements in
https://tools.ietf.org/html/draft-ietf-dnsop-algorithm-update
bin/dnssec/dnssec-cds.c diff | blob | blame | history
bin/dnssec/dnssec-dsfromkey.c diff | blob | blame | history
bin/dnssec/dnssec-dsfromkey.docbook diff | blob | blame | history
bin/dnssec/dnssectool.c diff | blob | blame | history
bin/dnssec/dnssectool.h diff | blob | blame | history
bin/python/isc/checkds.py.in diff | blob | blame | history
bin/tests/system/cds/setup.sh diff | blob | blame | history
bin/tests/system/dnssec/tests.sh diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git