git.ipfire.org Git - thirdparty/bind9.git/commit

author	Artem Boldariev <artem@boldariev.com>
	Wed, 19 Jan 2022 11:10:08 +0000 (13:10 +0200)
committer	Artem Boldariev <artem@boldariev.com>
	Mon, 28 Mar 2022 13:22:53 +0000 (16:22 +0300)
commit	fd38a4e1bf76fd262c2825316127a9e8893cec26
tree	da1fc22805025fffa7338f08825b9141e98c04e7	tree \| snapshot
parent	783663db80253507e50a3b7a070c9b3ddb3c0eac	commit \| diff

Add support for Strict/Mutual TLS to dig

This commit adds support for Strict/Mutual TLS to dig.

The new command-line options and their behaviour are modelled after
kdig (+tls-ca, +tls-hostname, +tls-certfile, +tls-keyfile) for
compatibility reasons. That is, using +tls-* is sufficient to enable
DoT in dig, implying +tls-ca

If there is no other DNS transport specified via command-line,
specifying any of +tls-* options makes dig use DoT. In this case, its
behaviour is the same as if +tls-ca is specified: that is, the remote
peer's certificate is verified using the platform-specific
intermediate CA certificates store. This behaviour is introduced for
compatibility with kdig.

bin/dig/dig.c		diff \| blob \| blame \| history
bin/dig/dig.rst		diff \| blob \| blame \| history
bin/dig/dighost.c		diff \| blob \| blame \| history
bin/dig/dighost.h		diff \| blob \| blame \| history
doc/man/dig.1in		diff \| blob \| blame \| history