[getdns-users] getdns 0.5.0 release candidate
Hollenbeck, Scott
shollenbeck at verisign.com
Thu Oct 29 12:47:31 UTC 2015
> -----Original Message-----
> From: Users [mailto:users-bounces at getdnsapi.net] On Behalf Of Willem
> Toorop
> Sent: Thursday, October 22, 2015 2:00 PM
> To: libgetdns users list
> Subject: [getdns-users] getdns 0.5.0 release candidate
>
> Dear All,
>
> We have a release candidate for version 0.5.0 of getdns.
>
> This is mostly a new features release
>
> This release does all crypto operations using OpenSSL directly and has
> no longer a dependency on libldns. Note however that libldns is still
> used by the unit tests.
>
> Following the October 2015 release of the API specification, this
> library release now allows to accesses deeply embeded datastructure
> members in getdns_dicts by JSON Pointer RFC 6901. This works both for
> both the getter and setter functions.
>
> DNS over TLS now uses the default IANA assigned port number for
> domain-s: 853.
>
> This release includes an experimental implementation of upstream
> server hostname authentication for TLS connections in stub mode (note
> that the default behaviour has not changed compared to the 0.3
> release). A new, non-standard function
> getdns_context_set_tls_authentication() can be used to set the
> authentication to GETDNS_AUTHENTICATION_ which requires that a server
> provides a valid certificate (validated using the default CA
> repository) and that the hostname specified in the "tls_auth_name"
> field of the upstream dict matches that in the certificate. The
> authentication setting is only enforced when the transport list
> contains only GETDNS_TRANSPORT_TLS and in this case if authentication
> fails for all upstreams, queries will fail. If the transport list
> contains other clear text transports then opportunistic TLS will be
> performed which does not require authentication of the TLS connection.
> Examples of usage using the getdns_query tool can be found in the
> tests_transports.sh script in the test directory.
Willem, I had some time to look at the release this morning to see what needs to be done with the PHP language bindings. I did a git pull and checked out the v0.5.0 branch. I see that a new constant (GETDNS_RETURN_NOT_IMPLEMENTED) has been added, but I don't see any changes to the getdns_dict_get_* and getdns_dict_set_* functions. I don't see getdns_context_set_tls_authentication(). What did I miss?
Scott
More information about the Users
mailing list