[getdns-api] getdns 0.5.0 release candidate
Willem Toorop
willem at nlnetlabs.nl
Thu Oct 22 17:59:31 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear All,
We have a release candidate for version 0.5.0 of getdns.
This is mostly a new features release
This release does all crypto operations using OpenSSL directly and has
no longer a dependency on libldns. Note however that libldns is still
used by the unit tests.
Following the October 2015 release of the API specification, this
library release now allows to accesses deeply embeded datastructure
members in getdns_dicts by JSON Pointer RFC 6901. This works both for
both the getter and setter functions.
DNS over TLS now uses the default IANA assigned port number for
domain-s: 853.
This release includes an experimental implementation of upstream
server hostname authentication for TLS connections in stub mode (note
that the default behaviour has not changed compared to the 0.3
release). A new, non-standard function
getdns_context_set_tls_authentication() can be used to set the
authentication to GETDNS_AUTHENTICATION_ which requires that a server
provides a valid certificate (validated using the default CA
repository) and that the hostname specified in the "tls_auth_name"
field of the upstream dict matches that in the certificate. The
authentication setting is only enforced when the transport list
contains only GETDNS_TRANSPORT_TLS and in this case if authentication
fails for all upstreams, queries will fail. If the transport list
contains other clear text transports then opportunistic TLS will be
performed which does not require authentication of the TLS connection.
Examples of usage using the getdns_query tool can be found in the
tests_transports.sh script in the test directory.
Please review this candidate carefully. If no issues arrise the actual
release will follow Thursday the 29th of October 2015.
link: https://getdnsapi.net/dist/getdns-0.5.0rc1.tar.gz
md5 : 725bcde3bfd344ecd9e680aa535b4771
sha1: fe76fd6cff4e118da91c592ff76e99d9da1f311e
pgp : https://getdnsapi.net/dist/getdns-0.5.0rc1.tar.gz.asc
ChangeLog
=========
* 2015-10-??: Version 0.5.0
* Native crypto. No ldns dependency anymore.
(ldns still necessary to be able to run tests though)
* JSON pointer arguments to getdns_dict_get_* and getdns_dict_set_*
to dereference nested dicts and lists.
* Bugfix: DNSSEC code finding zone cut with redirects +
pursuing unsigned DS answers close to the root.
Thanks Theogene Bucuti!
* Default port for TLS changed to 853
* Unofficial extension to the API to allow TLS hostname verification
to be required for stub mode when using only TLS as a transport.
When required a hostname must be supplied in the
'hostname' field of the upstream_list dict and the TLS cipher
suites are restricted to the 4 AEAD suites recommended in RFC7525.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJWKSQCAAoJEOX4+CEvd6SYq98P/34BXNi5+3DXe90GCskg6nCu
bNaVwIg8J/VnevHZtM83+hhp837TI+F/TaAZz6vfYYXRBJ6tsU6J5q201J/DkgYm
Y3nPYRgHLRQ9lSNJ9+3qQvLZvMN0uyosDBkCCw7eoLYdQH22PrUUwDiyi8DxG5r3
MneVw00N4qS66FAF+fyA/wtH3zGqBImMhP4ENaGx4RCwH/UMUeSGcJEEIul+xrxT
3TpmLu1bS0JQyaJXXvEPe0q0kEU7CbTyDbyUvre/hwQdQw1lmF2IdGyZMdf7oLx7
7IGpCLwhLl8NumeF7Nr5MZ2uPiqVU9qMYIIFx5aUFsdRu0vlnE9vB4hsPNi/LE1c
vwVOcRsjoMUuZLRc07f75VXnbMNfgwCLWCn4nYaMv62CwGE5Ft+Ioo5X0+hAkYzI
V57D9ulo9ZwRoPLKXz/BI7SP1Z43e/gcbP1HzIiQ7iZXr5fTcbEqTsYvlwxOYawM
J3YOiUUtbs0uh5s1u1pAnuiheFy6mpDhVKjuLpcww/fddASVM5ovvjn7FMByxXWE
XmIKJnUvyG0YGn9bOnISKfeCjEopTvu0CvR3anMNWVkJF+8KfeLMyUDZPsaXNEqg
Jtw6n2J8dKA8f+B0USllkka5yT8HaGiEkYmKr+D1WnpVAdBc5W6tSSF5JK+VqIcz
6SI0wu1kmsOtat8gLQ09
=1u7/
-----END PGP SIGNATURE-----
More information about the spec
mailing list