| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Fix repr() of GSS-TSIG key [Issue #657] | Bob Halley | 2021-04-17 | 1 | -3/+6 |
| | | |||||
| * | Add repr() for dns.tsig.Key. | Brian Wellington | 2020-10-29 | 1 | -0/+5 |
| | | |||||
| * | Adds support for reading TSIG text format. | Brian Wellington | 2020-08-10 | 1 | -5/+2 |
| | | | | | | | | | | | | | | | | | Implements from_text for the TSIG record type, and clean up some other things. Fixes the text format to emit fields in the right order; fudge and time_signed were reversed. This also matches BIND's output format now. Add get_uint48() to the tokenizer, so that from_text() can use it. Add get_uint48() to the wire parser, and use it in from_wire, for consistency. Change dns.tsig.sign() to use rdata.replace() rather than constructing a new TSIG record manually; this couldn't be done before, because replace() uses text format for validation. | ||||
| * | Add support for new TSIG algorithms. | Brian Wellington | 2020-08-10 | 1 | -26/+43 |
| | | | | | | | This adds support for the hmac-sha256-128, hmac-sha384-192, and hmac-sha512-256 truncated algorithms. This also reorders some of the declarations in the TSIG code. | ||||
| * | Support callable() TSIG keyrings for use-cases like GSSTSig. | Nick Hall | 2020-08-08 | 1 | -0/+32 |
| | | |||||
| * | Add a lightweight wrapper around the HMAC types and refactor the "is gss-api ↵ | Nick Hall | 2020-08-08 | 1 | -44/+48 |
| | | | | | or not" wrapper functions to just call the class methods | ||||
| * | Add gss-tsig support to dnspython | Nick Hall | 2020-08-08 | 1 | -6/+60 |
| | | |||||
| * | Merge pull request #531 from bwelling/tsig2 | Bob Halley | 2020-07-07 | 1 | -25/+43 |
| |\ | | | | | Split TSIG sign and validate. | ||||
| | * | Split TSIG sign and validate. | Brian Wellington | 2020-07-07 | 1 | -25/+43 |
| | | | |||||
| * | | TSIG code now uses dns.rcode.Rcode enum values for the TSIG error field. | Bob Halley | 2020-07-07 | 1 | -9/+5 |
| |/ | |||||
| * | Better deal with backwards compatibility. | Brian Wellington | 2020-07-01 | 1 | -0/+2 |
| | | | | | | | | | If dns.tsigkeyring.from_text() creates dns.tsig.Key objects with the default algorithm, that causes problems for code that specifies a different algorithm. There's no good way to handle this, so change dns.tsigkeyring.from_text() to not create dns.tsig.Key objects unless it knows the algorithm. | ||||
| * | Explicitly use the key's algorithm. | Brian Wellington | 2020-07-01 | 1 | -2/+2 |
| | | |||||
| * | Add dns.tsig.Key class. | Brian Wellington | 2020-07-01 | 1 | -9/+38 |
| | | | | | | | | | | | | | | | | | | | | | This creates a new class to represent a TSIG key, containing name, secret, and algorithm. The keyring format is changed to be {name : key}, and the methods in dns.tsigkeyring are updated to deal with old and new formats. The Message class is updated to use dns.tsig.Key, although (to avoid breaking existing code), it stores them in the keyring field. Message.use_tsig() can accept either explicit keys, or keyrings; it will extract and/or create a key. dns.message.from_wire() can accept either a key or a keyring in the keyring parameter. If passed a key, it will now raise if the TSIG record in the message was signed with a different key. If passed a keyring containing keys (as opposed to bare secrets), it will check that the TSIG record's algorithm matches that of the key. | ||||
| * | Fix documentation. | Brian Wellington | 2020-06-30 | 1 | -1/+1 |
| | | |||||
| * | Remove the concept from "first" from TSIG. | Brian Wellington | 2020-06-30 | 1 | -3/+4 |
| | | | | | | | | | | The sign() and validate() routines took a "first" parameter, which indicated that this message was the first in a multi-message sequence. This isn't needed, as it's identical to "not (ctx and multi)". Remove the parameter from both, as well as the now-unneeded field in the message object and message.from_wire() parameter. | ||||
| * | Store a TSIG rrset on the message object. | Brian Wellington | 2020-06-30 | 1 | -46/+24 |
| | | |||||
| * | Change dns.tsig.validate() to take a TSIG record. | Brian Wellington | 2020-06-30 | 1 | -31/+14 |
| | | |||||
| * | Remove hmac_md5(), as it was added for backwards compatibility when we | Bob Halley | 2020-06-19 | 1 | -7/+0 |
| | | | | | switched to using sign() back in 2010. | ||||
| * | Update the default TSIG algorithm to hmac-sha256. | Brian Wellington | 2020-05-11 | 1 | -1/+1 |
| | | | | | | In the upcoming update to RFC 2845, HMAC-MD5 will move to "MUST NOT" use, so it shouldn't be the default. | ||||
| * | Remove _compat module. | Bob Halley | 2018-12-09 | 1 | -7/+5 |
| | | |||||
| * | update copyright | Bob Halley | 2018-12-01 | 1 | -0/+2 |
| | | |||||
| * | dns/tsig: use hashlib to avoid cryptodome dependency for TSIG | Tomas Krizek | 2018-07-20 | 1 | -8/+8 |
| | | |||||
| * | Update DNSSEC code to use pycryptodome instead of pycrypto. These changes | Daniel Robbins | 2018-07-20 | 1 | -2/+2 |
| | | | | | | make dnspython *incompatible* with pycrypto -- pycryptodome must be used. The ecdsa module continues to be used for ECDSA support. | ||||
| * | Pylint: enable superfluous-parens check | Martin Basti | 2016-06-27 | 1 | -1/+1 |
| | | |||||
| * | Pylint: enable unused-import check | Martin Basti | 2016-06-27 | 1 | -1/+0 |
| | | |||||
| * | Convert TSIG other data into a binary type if needed. | Bob Halley | 2016-06-01 | 1 | -1/+3 |
| | | |||||
| * | Try again to fix TSIG hashes | Bob Halley | 2016-05-12 | 1 | -1/+1 |
| | | |||||
| * | Fix TSIG algorithm to hash mapping | Bob Halley | 2016-05-12 | 1 | -2/+10 |
| | | |||||
| * | python3 support | Arthur Gautier | 2016-04-21 | 1 | -35/+28 |
| | | | | | Signed-off-by: Arthur Gautier <baloo@gandi.net> | ||||
| * | Remove redundant 'pass' from class definitions. | Petr Spacek | 2015-02-12 | 1 | -7/+0 |
| | | |||||
| * | Amend doc strings for all DNSExceptions to make them suitable for direct ↵ | Petr Spacek | 2015-02-12 | 1 | -6/+6 |
| | | | | | printing. | ||||
| * | Responses to messages signed with TSIG were broken. | Bob Halley | 2014-04-04 | 1 | -0/+16 |
| | | |||||
| * | Make multi-message TSIGs compute correctly for algorithms other than MD5 | Bob Halley | 2013-08-26 | 1 | -1/+1 |
| | | |||||
| * | update copyrights | Bob Halley | 2011-05-12 | 1 | -1/+1 |
| | | |||||
| * | make hash compatibility handling its own module; add basic DNSSEC validation | Bob Halley | 2010-11-10 | 1 | -28/+13 |
| | | |||||
| * | Set up the TSIG hashes table only once. | Bob Halley | 2010-10-17 | 1 | -30/+43 |
| | | | | | | | | | Make algorithm constants domain names. Detect attempts to use HMAC-SHA384 and HMAC-SHA512 on Python versions less than 2.5.2, and raise a NotImplemented exception. (We want to do this because old versions of Python do not compute them correctly.) | ||||
| * | add constants for TSIG algorithms | Bob Halley | 2010-10-17 | 1 | -9/+18 |
| | | |||||
| * | Fix bugs in pre-hashlib compatibility code | Bob Halley | 2010-10-17 | 1 | -2/+2 |
| | | |||||
| * | create exceptions with arguments as "raise E(args)" instead of "raise E, args" | Bob Halley | 2010-01-14 | 1 | -4/+4 |
| | | |||||
| * | tsig import cleanups; rename tsig signing routing from "hmac_md5" to "sign" | Bob Halley | 2010-01-13 | 1 | -13/+20 |
| | | |||||
| * | update copyrights for 2010 | Bob Halley | 2010-01-13 | 1 | -1/+1 |
| | | |||||
| * | add support for more TSIG algorithms | Bob Halley | 2009-11-13 | 1 | -7/+57 |
| | | |||||
| * | Add BADTRUNC | Bob Halley | 2009-06-18 | 1 | -0/+7 |
| | | |||||
| * | update copyrights | Bob Halley | 2009-06-18 | 1 | -1/+1 |
| | | |||||
| * | raise an exception if the TSIG error is non-zero | Bob Halley | 2008-02-06 | 1 | -3/+32 |
| | | |||||
| * | update copyrights for 2007 | Bob Halley | 2007-01-01 | 1 | -1/+1 |
| | | |||||
| * | update copyrights | Bob Halley | 2005-09-02 | 1 | -1/+1 |
| | | | | | | Original author: Bob Halley <halley@dnspython.org> Date: 2005-01-08 08:13:48 | ||||
| * | remove cvs $Id$ tags | Bob Halley | 2005-09-02 | 1 | -2/+0 |
| | | | | | | Original author: Bob Halley <halley@dnspython.org> Date: 2004-07-31 09:51:40 | ||||
| * | initial import | Bob Halley | 2005-09-02 | 1 | -0/+125 |
| Original author: Bob Halley <halley@dnspython.org> Date: 2004-03-23 21:57:40 | |||||
