summaryrefslogtreecommitdiff
path: root/test/dnszones-src
Commit message (Collapse)AuthorAgeFilesLines
* Testsuite: fix TLSA recordJeremy Harris2022-11-241-1/+6
|
* Lose duplicated cert in ocsp responseJeremy Harris2022-11-222-10/+20
|
* Testsuite: regenerate OCSP proofs with proof-signer certsJeremy Harris2022-11-222-21/+11
|
* Testsuite: regenerate certificates treeJeremy Harris2022-11-032-10/+10
| | | | The OCSP proofs had become out-of-date
* Testsuite: Automation for TLDA regenJeremy Harris2022-11-032-0/+26
|
* Testsuite: regen certificates suite with fixed Authority IdentifierJeremy Harris2021-06-042-11/+11
|
* TLS DANE to multiple recipients w/ different DNSSec statusHeiko Schlittermann (HS12-RIPE)2021-05-111-0/+16
|
* Testsuite: fix testcase for SPF empty-mailfrom-use-helo. Bug 467Jeremy Harris2021-02-021-0/+1
|
* DANE: Fix 2 messages from queue caseJeremy Harris2020-08-261-0/+1
|
* DANE: Fix 2-rcpt message, diff domins case. Bug 2265Jeremy Harris2020-08-231-0/+1
|
* dnslists: hardwired return value check. Bug 2631Jeremy Harris2020-08-101-0/+11
|
* TLS: use RFC 6125 rules for certifucate name checks when CNAMES are present. ↵Jeremy Harris2020-06-111-1/+4
| | | | Bug 2594
* Testsuite: more tidying for AlpineJeremy Harris2020-04-221-0/+8
|
* Testsuite: SPF testcase additionsJeremy Harris2019-12-281-0/+4
|
* SPF: support uppercase in v=spf1, permerror-on-multiple-RRs. Bug 2499Jeremy Harris2019-12-271-0/+5
|
* Be careful about DNS response AD/AA bits for error returnsJeremy Harris2019-10-221-0/+30
|
* Testsuite: increase RBL record TTLJeremy Harris2019-09-071-1/+1
|
* Testsuite: drop test.ex domain neg-cache ttl to 3000Jeremy Harris2019-09-051-1/+1
|
* Support TTL from SOA for NXDOMAIN & NODATA cache entries for dnslists. Bug 1395Jeremy Harris2019-09-051-1/+1
|
* Testsuite: keep noqualify testcase from using external DNSJeremy Harris2019-09-011-0/+5
|
* Support TTL from SOA for NXDOMAIN & NODATA cache entries. Bug 1395Jeremy Harris2019-09-011-0/+3
|
* SPF: use exim facilities for DNS lookupsJeremy Harris2019-08-131-0/+4
| | | | This enables testing with the testsuite
* Testsuite: regenerate CA trees with 2048-bit keysJeremy Harris2018-11-272-30/+12
| | | | This is to support RHEL 8.0 where OpenSSL dislikes 1024
* DANE - testcase for fail under GnuTLS with TA-mode to a selfsigned server certJeremy Harris2018-09-091-0/+19
|
* DKIM: add support for the SubjectPublicKeyInfo wrapped form of pubkeyJeremy Harris2018-04-131-1/+7
|
* DKIM: move ed25519_privkey_pem_to_pubkey_raw_b64 to src/util/ and add usage ↵Jeremy Harris2018-03-251-1/+1
| | | | notes to docs
* DKIM: Ed25519 signatures (GnuTLS 3.6.0 and later)Jeremy Harris2018-02-061-0/+8
|
* DANE/GnuTLS: split verification of mixed sets of TLSA records by usageJeremy Harris2017-12-221-1/+6
| | | | | This is because we cannot do the required CA-anchor and names checks for TA-mode and not for EE-mode, without knowing which usage TLSA was used.
* DANE/GnuTLS: ignore traditional CA anchor validation in DANE-EE modeJeremy Harris2017-12-201-0/+20
| | | | Not quite right for a mixed TA+EE set of TLSA records, but better than always-enforcing
* DANE: support under GnuTLS. Bug 1523Jeremy Harris2017-12-191-8/+27
| | | | GnuTLS version 3.0.0 onwards; still Experimental
* Testsuite: move CRL testcases away from using SHA1-signed certsJeremy Harris2017-12-181-2/+2
|
* Testsuite: regenerate certs treeJeremy Harris2017-12-161-2/+2
|
* Testsuite: restore lost dns config for DKIM extra-txt-records testcaseJeremy Harris2017-12-161-0/+2
| | | | Broken-by: 854586e149
* Testsuite: testcase for Bug 2198Jeremy Harris2017-12-161-3/+22
|
* Testsuite: regen TLSA records, to match cert treeJeremy Harris2017-12-091-1/+1
|
* DKIM: Ignore non-DKIM TXT records in DNS response. Bug 2207Heiko Schlittermann (HS12-RIPE)2017-12-031-0/+2
|
* DKIM: Enforce any "h" field present in the DNS publickey record. This can ↵Jeremy Harris2017-08-091-0/+6
| | | | | | | be set to require specific hash types, eg sha256, in signatues. There is an IETF draft in discussion which deprecates sha1 so this feature may start to be used.
* Testsuite: add DANE cases for DNS secure no-TLSA lookupsJeremy Harris2017-05-071-1/+11
|
* Testsuite: add DANE testcase for TLSA lookup SERVFAILJeremy Harris2017-05-071-0/+4
|
* Testsuite: use certs expring before end of 2037, to avoid GnuTLS top-limit ↵Jeremy Harris2017-01-311-1/+1
| | | | clamp on small-size_t platforms
* DKIM: More validation of DNS key record. Bug 1926Jeremy Harris2016-12-291-0/+3
|
* Testsuite: regen certs, now with additional LetsEncrypt-style OCSP proofsJeremy Harris2016-11-021-1/+1
|
* DKIM: fix base64 decode to ignore whitespace; needed for private-key inputJeremy Harris2016-01-051-1/+1
| | | | | from file. Use this for general-purpose b64decode also. Testsuite: DKIM signing testcase
* DANE: do not override a cert verify failure, in callback. Also fix some ↵Jeremy Harris2015-12-171-1/+1
| | | | test mistakes
* DANE: fix testcase 2/0/1 TLSA recordJeremy Harris2015-12-161-1/+17
|
* DKIM: $dkim_key_length visibility variable. Bug 1311Jeremy Harris2015-12-011-0/+4
|
* DKIM: relaxed body canonicalisation should ignore whitespace at EOLJeremy Harris2015-11-291-0/+8
| | | | and empty lines at EOM. Bug 1721
* DNS: time-limit cached returns, using TTL. Bug 1395Jeremy Harris2015-09-171-1/+5
| | | | This can matter for fast-changing data such as DNSBLs.
* Testsuite: fakens may return AUTHORITY recordsHeiko Schlittermann (HS12)2015-06-221-0/+3
| | | | | | If an entry in db.<zone> is prefixed with "AA ", fakens will put a valid NS record into the AUTHORITY section of the returned packet. This will be used by dns_trust_aa checks.
* tidyingJeremy Harris2015-05-231-1/+1
|
View Lorry Controller Status