1. 18 Apr, 2019 2 commits
  2. 17 Apr, 2019 1 commit
  3. 08 Apr, 2019 1 commit
    • Vladimír Čunát's avatar
      validate nitpick fix: unsupported algo edge case · 2bd31a48
      Vladimír Čunát authored
      kr_dnskeys_trusted() semantics is changed, but I do NOT consider that
      a part of public API.
      
      Go insecure due to algorithm support even if DNSKEY is NODATA.
      I can't see how that's relevant to practical usage, but I think this new
      behavior makes more sense.  We still do try to fetch the DNSKEY even
      though we have information about its un-usability beforehand.
      I'd consider fixing that a premature optimization.
      We'll still be affected if the DNSKEY query SERVFAILs or something.
      
      Thanks to PowerDNS people for catching this!
      2bd31a48
  4. 04 Apr, 2019 2 commits
  5. 12 Mar, 2019 6 commits
  6. 08 Mar, 2019 2 commits
  7. 05 Mar, 2019 2 commits
  8. 28 Feb, 2019 1 commit
  9. 25 Feb, 2019 1 commit
  10. 22 Feb, 2019 1 commit
    • Vladimír Čunát's avatar
      policy.TLS_FORWARD: send SNI on wire if configured · a4284580
      Vladimír Čunát authored
      In https world it's standard to do that, and it's relied on.
      Real-life example: 8.8.8.8#853 over TLSv1.3 won't send a certificate
      if we don't send SNI (no idea why; also they do send it with TLSv1.2).
      
      As a consequence, we no longer allow multiple hostnames per
      address-port tuple, but that didn't seem useful.
      a4284580
  11. 11 Feb, 2019 1 commit
  12. 06 Feb, 2019 1 commit
  13. 29 Jan, 2019 1 commit
  14. 23 Jan, 2019 2 commits
  15. 14 Jan, 2019 1 commit
  16. 10 Jan, 2019 1 commit
  17. 09 Jan, 2019 2 commits
  18. 04 Jan, 2019 1 commit
  19. 17 Dec, 2018 2 commits
  20. 14 Dec, 2018 2 commits
  21. 13 Dec, 2018 1 commit
    • Vladimír Čunát's avatar
      view: change :addr to a more natural semantics · 732a6616
      Vladimír Čunát authored
      Continue executing :addr rules until a non-chain action is executed.
      Before this, the only the first match in view:addr rules got a chance,
      even though the inner policy rule might not trigger in that case
      or be a chain action.
      732a6616
  22. 11 Dec, 2018 3 commits
  23. 03 Dec, 2018 1 commit
  24. 28 Nov, 2018 2 commits