diff options
| author | erwin <erwin@FreeBSD.org> | 2013-08-22 08:15:03 +0000 |
|---|---|---|
| committer | erwin <erwin@FreeBSD.org> | 2013-08-22 08:15:03 +0000 |
| commit | 6a288ef517fece2ca5a21d081efd7b4a81da0053 (patch) | |
| tree | 37271fd86c9be9a6bab12a7aebd85ccfbb8a7b62 /contrib/bind9/lib/dns/rdata/generic/keydata_65533.c | |
| parent | 0b46e38a09fbccfdfd7bca0f387c66b2c64fa5b6 (diff) | |
| parent | f32b4abce98c97ee6e51b7aa8f8fde6e4cab7f28 (diff) | |
| download | FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.zip FreeBSD-src-6a288ef517fece2ca5a21d081efd7b4a81da0053.tar.gz | |
Update Bind to 9.9.3-P2
Notable new features:
* Elliptic Curve Digital Signature Algorithm keys and signatures in
DNSSEC are now supported per RFC 6605. [RT #21918]
* Introduces a new tool "dnssec-verify" that validates a signed zone,
checking for the correctness of signatures and NSEC/NSEC3 chains.
[RT #23673]
* BIND now recognizes the TLSA resource record type, created to
support IETF DANE (DNS-based Authentication of Named Entities)
[RT #28989]
* The new "inline-signing" option, in combination with the
"auto-dnssec" option that was introduced in BIND 9.7, allows
named to sign zones completely transparently.
Approved by: delphij (mentor)
MFC after: 3 days
Sponsored by: DK Hostmaster A/S
Diffstat (limited to 'contrib/bind9/lib/dns/rdata/generic/keydata_65533.c')
| -rw-r--r-- | contrib/bind9/lib/dns/rdata/generic/keydata_65533.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c b/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c index 317e1a8..a2d83f4 100644 --- a/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c +++ b/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009, 2012 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC") * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -89,6 +89,8 @@ totext_keydata(ARGS_TOTEXT) { unsigned int flags; unsigned char algorithm; unsigned long when; + char algbuf[DNS_NAME_FORMATSIZE]; + const char *keyinfo; REQUIRE(rdata->type == 65533); REQUIRE(rdata->length != 0); @@ -119,6 +121,13 @@ totext_keydata(ARGS_TOTEXT) { sprintf(buf, "%u", flags); RETERR(str_totext(buf, target)); RETERR(str_totext(" ", target)); + if ((flags & DNS_KEYFLAG_KSK) != 0) { + if (flags & DNS_KEYFLAG_REVOKE) + keyinfo = "revoked KSK"; + else + keyinfo = "KSK"; + } else + keyinfo = "ZSK"; /* protocol */ sprintf(buf, "%u", sr.base[0]); @@ -140,10 +149,13 @@ totext_keydata(ARGS_TOTEXT) { if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) RETERR(str_totext(" (", target)); RETERR(str_totext(tctx->linebreak, target)); - RETERR(isc_base64_totext(&sr, tctx->width - 2, - tctx->linebreak, target)); + if (tctx->width == 0) /* No splitting */ + RETERR(isc_base64_totext(&sr, 60, "", target)); + else + RETERR(isc_base64_totext(&sr, tctx->width - 2, + tctx->linebreak, target)); - if ((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0) + if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) RETERR(str_totext(tctx->linebreak, target)); else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) RETERR(str_totext(" ", target)); @@ -151,10 +163,16 @@ totext_keydata(ARGS_TOTEXT) { if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) RETERR(str_totext(")", target)); - if ((tctx->flags & DNS_STYLEFLAG_COMMENT) != 0) { + if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) { isc_region_t tmpr; - RETERR(str_totext(" ; key id = ", target)); + RETERR(str_totext(" ; ", target)); + RETERR(str_totext(keyinfo, target)); + dns_secalg_format((dns_secalg_t) algorithm, algbuf, + sizeof(algbuf)); + RETERR(str_totext("; alg = ", target)); + RETERR(str_totext(algbuf, target)); + RETERR(str_totext("; key id = ", target)); dns_rdata_toregion(rdata, &tmpr); /* Skip over refresh, addhd, and removehd */ isc_region_consume(&tmpr, 12); |
