[getdns-users] getdns 0.5.0 release

Willem Toorop willem at nlnetlabs.nl
Thu Oct 29 19:29:22 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear All,

We have a new release version 0.5.0 of getdns.

This is mostly a new features release

This release does all crypto operations using OpenSSL directly and has
no longer a dependency on libldns. Note however that libldns is still
used by the unit tests.

Following the October 2015 release of the API specification, the
library can now access deeply embedded data structure members in
getdns_dicts by using JSON Pointers as the name to be accessed (RFC
6901). This works for the getter and setter functions
(getdns_dict_get_* and getdns_dict_set_*).

DNS over TLS now uses the default IANA assigned port number for
domain-s: 853.

This release includes an experimental implementation of upstream
server hostname authentication for TLS connections in stub mode (note
that the default behaviour has not changed compared to the 0.3
release). A new, non-standard function
getdns_context_set_tls_authentication() can be used to set the
authentication to GETDNS_AUTHENTICATION_ which requires that a server
provides a valid certificate (validated using the default CA
repository) and that the hostname specified in the "tls_auth_name"
field of the upstream dict matches that in the certificate. The
authentication setting is only enforced when the transport list
contains only GETDNS_TRANSPORT_TLS and in this case if authentication
fails for all upstreams, queries will fail. If the transport list
contains other clear text transports then opportunistic TLS will be
performed which does not require authentication of the TLS connection.
Examples of usage using the getdns_query tool can be found in the
tests_transports.sh script in the test directory.


link: https://getdnsapi.net/dist/getdns-0.5.0.tar.gz
md5 : b0458582455c8e1be9de1a41ac4fa889
sha1: 67aafdd6566bd3c99b51524191a036710819c7cd
pgp : https://getdnsapi.net/dist/getdns-0.5.0.tar.gz.asc


ChangeLog
=========
* 2015-10-29: Version 0.5.0
* Native crypto. No ldns dependency anymore.
(ldns still necessary to be able to run tests though)
* JSON pointer arguments to getdns_dict_get_* and getdns_dict_set_*
to dereference nested dicts and lists.
* Bugfix: DNSSEC code finding zone cut with redirects + pursuing
unsigned DS answers close to the root. Thanks Theogene Bucuti!
* Default port for TLS changed to 853
* Unofficial extension to the API to allow TLS hostname verification
to be required for stub mode when using only TLS as a transport.
When required a hostname must be supplied in the
'hostname' field of the upstream_list dict and the TLS cipher
suites are restricted to the 4 AEAD suites recommended in RFC7525.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWMnOSAAoJEOX4+CEvd6SY2f0QAKkoPf6fe5/OASODT8j06JOc
e5bgMR2bpn2/q+764xR3LpKpOUNrcaIaGEj690pP2KsUzGZiMzCShHCfTnfGO+iu
q5sQBBIsoDxiK7jtL9oWELHDmsc5WYAO6WbnR0w/zIPImkcXCYeMtRH4RXvpD13x
E+SujVji7DUfM0HEZOJkbPyww3zfgy6cPBYKdmz7sCFc2PceoKIXKcsgsaqKy+aB
YB15/YxUu2iYqjB0Y2bqNs+f19eZyzEyr77PaEedgtJVQWqYca5bIOk47/T8Hrqt
FE3UcxOz/vgDuP3ANF4w9PAaLdhISoMRRhL6B/CU+dp6PzxkTyAHHaqPQVQLiV4J
bFaH4HadjfJL0NlUoBslRtF23RrV2F1qAyt3Wb0U9WOISdaBB3E4hOQBWcOuP4Ut
C2JsIg/qwMVUpVAnHOEJgWHzuYvNGhIHkjS4b0CperGYUgOa7TVBQoF5HCycIBDV
W88zgDoBRfNWAROSQN+6++BVIyIcU/Moqtzu21MSBaSF3qt0gtWYRvbn2p/aZbgU
qNHdV/R3mpupbhBczQ7TxQuMVKYgZZS9Aear3vkPm04vY57+1y4ziQGcoSrX9bgB
efuIthpTuJLhc2Wa6sxyu1SxAbAumL/c5Tadq7zBm7mRTMiU3acH3hTtD1WHLSqy
sijpeR4h7mPoVZkENlE1
=olws
-----END PGP SIGNATURE-----



More information about the Users mailing list