mark 'tkey-dhkey' as deprecated

Diffie-Hellman TKEY mode has been removed for 9.20.

diff --git a/bin/tests/system/checkconf/deprecated.conf b/bin/tests/system/checkconf/deprecated.conf
index 4ff773cb2b677cb73efa6e693a2c91ed6fd17047..11853745107fdea7ae8c128dd78296752dcf5a63 100644 (file)
--- a/bin/tests/system/checkconf/deprecated.conf
+++ b/bin/tests/system/checkconf/deprecated.conf
@@ -23,6 +23,8 @@ options {
        avoid-v4-udp-ports { range 1 1023; };
        avoid-v6-udp-ports { range 1 1023; };
 
+       tkey-dhkey "server" 12345;
+
        root-delegation-only exclude { "them"; };
 };
 

diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index b89925e3ed6c38b472dc281952dc1a0513f4b9cf..76a9330efcc29919af59af0ff3bfe327d37c58cc 100644 (file)
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -169,6 +169,7 @@ grep "option 'use-v6-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null |
 grep "option 'avoid-v4-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "option 'avoid-v6-udp-ports' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "option 'delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
+grep "option 'tkey-dhkey' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "option 'root-delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "'type delegation-only' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1
 grep "token 'port' is deprecated" < checkconf.out$n.1 > /dev/null || ret=1

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index be74c30f22748325f24796633b592fb403a07858..24de4b1abb80a308baf4b5c9bfbb009109655158 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -1453,7 +1453,7 @@ default is used.
    is specified using :any:`tkey-gssapi-keytab`.
 
 .. namedconf:statement:: tkey-dhkey
-   :tags: security
+   :tags: deprecated
    :short: Sets the Diffie-Hellman key used by the server to generate shared keys.
 
    This is the Diffie-Hellman key used by the server to generate shared keys
@@ -1462,6 +1462,9 @@ default is used.
    working directory. In most cases, the ``key_name`` should be the
    server's host name.
 
+   This option is deprecated, and will be rendered non-operational in a
+   future release.
+
 .. namedconf:statement:: dump-file
    :tags: logging
    :short: Indicates the pathname of the file where the server dumps the database after :option:`rndc dumpdb`.

diff --git a/doc/misc/options b/doc/misc/options
index 3a3f7af1d0cda48f8e24b0322efafa4a3efac733..78eaa1f5821863cb31c5197629226f516b863bf3 100644 (file)
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -293,7 +293,7 @@ options {
        tcp-listen-queue <integer>;
        tcp-receive-buffer <integer>;
        tcp-send-buffer <integer>;
-       tkey-dhkey <quoted_string> <integer>;
+       tkey-dhkey <quoted_string> <integer>; // deprecated
        tkey-domain <quoted_string>;
        tkey-gssapi-credential <quoted_string>;
        tkey-gssapi-keytab <quoted_string>;

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index c28afddd5b70cac7b59f6f09a1e64bb5772a5769..c500bce9b81724ba1c298d30f20772603e88152d 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1333,7 +1333,7 @@ static cfg_clausedef_t options_clauses[] = {
        { "tcp-listen-queue", &cfg_type_uint32, 0 },
        { "tcp-receive-buffer", &cfg_type_uint32, 0 },
        { "tcp-send-buffer", &cfg_type_uint32, 0 },
-       { "tkey-dhkey", &cfg_type_tkey_dhkey, 0 },
+       { "tkey-dhkey", &cfg_type_tkey_dhkey, CFG_CLAUSEFLAG_DEPRECATED },
        { "tkey-domain", &cfg_type_qstring, 0 },
        { "tkey-gssapi-credential", &cfg_type_qstring, 0 },
        { "tkey-gssapi-keytab", &cfg_type_qstring, 0 },