diff options
| -rw-r--r-- | NEWS | 8 | ||||
| -rw-r--r-- | libdane/dane.c | 4 |
2 files changed, 10 insertions, 2 deletions
@@ -9,6 +9,14 @@ See the end for copying conditions. ** certtool: pathlen constraint is now read correctly. Reported by Christoph Seitz. +** libdane: Added interfaces to allow initialization of dane_query_t from +external DNS resolutions, and to allow direct verification of a certificate +chain against a dane_query_t. Contributed by Christian Grothoff. + +** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be +triggered by a DNS server supplying more than 4 DANE records. Report and fix +by Christian Grothoff. + ** API and ABI modifications: dane_verify_crt_raw: Added dane_raw_tlsa: Added diff --git a/libdane/dane.c b/libdane/dane.c index 01872b519c..4c1dcd11ab 100644 --- a/libdane/dane.c +++ b/libdane/dane.c @@ -246,9 +246,9 @@ void dane_query_deinit(dane_query_t q) * caller must guarantee that the referenced data remains * valid until dane_query_deinit() is called. * @dane_data_len: the length n bytes of the dane_data items - * @param secure true if the result is validated securely, false if + * @secure: true if the result is validated securely, false if * validation failed or the domain queried has no security info - * @param bogus if the result was not secure (secure = 0) due to a security failure, + * @bogus: if the result was not secure (secure = 0) due to a security failure, * and the result is due to a security failure, bogus is true. * * |