9.7.0b3

parent 8326481b
--- 9.7.0b3 released ---
2785. [bug] Revoked keys could fail to self-sign [RT #20652]
2784. [bug] TC was not always being set when required glue was
dropped. [RT #20655]
2783. [func] Return minimal responses to EDNS/UDP queries with a UDP
buffer size of 512 or less. [RT #20654]
2782. [port] win32: use getaddrinfo() for hostname lookups.
[RT #20650]
2781. [bug] Inactive keys could be used for signing. [RT #20649]
2780. [bug] dnssec-keygen -A none didn't properly unset the
activation date in all cases. [RT #20648]
2779. [bug] Dynamic key revokation could fail. [RT #20644]
2778. [bug] dnssec-signzone could fail when a key was revoked
without deleting the unrevoked version. [RT #20638]
2777. [contrib] DLZ MYSQL auto reconnect support discovery was wrong.
2776. [bug] Change #2762 was not correct. [RT #20647]
2775. [bug] Accept RSASHA256 and RSASHA512 as NSEC3 compatible
in dnssec-keyfromlabel. [RT #20643]
2774. [bug] Existing cache DB wasn't being reused after
reconfiguration. [RT #20629]
2773. [bug] In autosigned zones, the SOA could be signed
with the KSK. [RT #20628]
2772. [security] When validating, track whether pending data was from
the additional section or not and only return it if
validates as secure. [RT #20438]
2771. [bug] dnssec-signzone: DNSKEY records could be
corrupted when importing from key files [RT #20624]
2770. [cleanup] Add log messages to resolver.c to indicate events
causing FORMERR responses. [RT #20526]
2769. [cleanup] Change #2742 was incomplete. [RT #19589]
2768. [bug] dnssec-signzone: -S no longer implies -g [RT #20568]
2767. [bug] named could crash on startup if a zone was
configured with auto-dnssec and there was no
key-directory. [RT #20615]
2766. [bug] isc_socket_fdwatchpoke() should only update the
socketmgr state if the socket is not pending on a
read or write. [RT #20603]
2765. [bug] Skip masters for which the TSIG key cannot be found.
[RT #20595]
2764. [bug] "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
2763. [bug] "rndc sign" didn't create an NSEC chain. [RT #20591]
2762. [bug] DLV validation failed with a local slave DLV zone.
[RT #20577]
2761. [cleanup] Enable internal symbol table for backtrace only for
systems that are known to work. Currently, BSD
variants, Linux and Solaris are supported. [RT# 20202]
2760. [cleanup] Corrected named-compilezone usage summary. [RT #20533]
2759. [doc] Add information about .jbk/.jnw files to
the ARM. [RT #20303]
2758. [bug] win32: Added a workaround for a windows 2008 bug
that could cause the UDP client handler to shut
down. [RT #19176]
2757. [bug] dig: assertion failure could occur in connect
timeout. [RT #20599]
2756. [bug] Fixed corrupt logfile message in update.c. [RT# 20597]
2755. [placeholder]
2754. [bug] Secure-to-insecure transitions failed when zone
was signed with NSEC3. [RT #20587]
2753. [bug] Removed an unnecessary warning that could appear when
building an NSEC chain. [RT #20588]
2752. [bug] Locking violation. [RT #20587]
2751. [bug] Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
2750. [bug] dig: assertion failure could occur when a server
didn't have an address. [RT #20579]
2749. [bug] ixfr-from-differences generated a non-minimal ixfr
for NSEC3 signed zones. [RT #20452]
2748. [func] Identify bad answers from GTLD servers and treat them
as referrals. [RT #18884]
2747. [bug] Journal roll forwards failed to set the re-signing
time of RRSIGs correctly. [RT #20541]
2746. [port] hpux: address signed/unsigned expansion mismatch of
dns_rbtnode_t.nsec. [RT #20542]
2745. [bug] configure script didn't probe the return type of
gai_strerror(3) correctly. [RT #20573]
2744. [func] Log if a query was over TCP. [RT #19961]
2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
for a insecure delegation.
--- 9.7.0b2 released ---
2742. [cleanup] Clarify some DNSSEC-related log messages in
......
......@@ -244,7 +244,7 @@ A: You choose one view to be master and the second a slave and transfer
type master;
file "internal/example.db";
allow-update { key mykey; };
notify-also { 10.0.1.1; };
also-notify { 10.0.1.1; };
};
};
......@@ -254,7 +254,7 @@ A: You choose one view to be master and the second a slave and transfer
type slave;
file "external/example.db";
masters { 10.0.1.1; };
transfer-source { 10.0.1.1; };
transfer-source 10.0.1.1;
// allow-update-forwarding { any; };
// allow-notify { ... };
};
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: FAQ.xml,v 1.51 2009/10/05 01:49:59 each Exp $ -->
<!-- $Id: FAQ.xml,v 1.52 2009/11/03 14:02:20 marka Exp $ -->
<article class="faq">
<title>Frequently Asked Questions about BIND 9</title>
......@@ -448,7 +448,7 @@ Master 10.0.1.1:
type master;
file "internal/example.db";
allow-update { key mykey; };
notify-also { 10.0.1.1; };
also-notify { 10.0.1.1; };
};
};
......@@ -458,7 +458,7 @@ Master 10.0.1.1:
type slave;
file "external/example.db";
masters { 10.0.1.1; };
transfer-source { 10.0.1.1; };
transfer-source 10.0.1.1;
// allow-update-forwarding { any; };
// allow-notify { ... };
};
......
......@@ -49,7 +49,7 @@ BIND 9.7.0
New features include:
- Fully automatic signing of zones by "named"
- Fully automatic signing of zones by "named".
- Simplified configuration of DNSSEC Lookaside Validation (DLV).
- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
command line tool or the "local" update-policy option. (As a side
......
......@@ -8,7 +8,7 @@ independent API for the control of hardware security modules (HSMs)
and other cryptographic support devices.
BIND 9 is known to work with two HSMs: The Sun SCA 6000 cryptographic
acceration board, tested under Solaris x86, and the AEP Keyper
acceleration board, tested under Solaris x86, and the AEP Keyper
network-attached key storage device, tested with Debian Linux,
Solaris x86 and Windows Server 2003.
......@@ -47,23 +47,23 @@ choice depends on the HSM hardware:
intensive operations. The AEP Keyper is an example of such a device.
The modified OpenSSL code is included in the BIND 9.7.0b1 release, in the
form of a context diff against OpenSSL 0.9.8k. Before building BIND 9
form of a context diff against OpenSSL 0.9.8l. Before building BIND 9
with PKCS #11 support, it will be necessary to build OpenSSL with this
patch in place and inform it of the path to the HSM-specific PKCS #11
provider library.
Obtain OpenSSL 0.9.8k:
Obtain OpenSSL 0.9.8l:
wget http://www.openssl.org/source/openssl-0.9.8k.tar.gz
wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
Extract the tarball:
tar zxf openssl-0.9.8k.tar.gz
tar zxf openssl-0.9.8l.tar.gz
Apply the patch from the BIND 9 release:
patch -p1 -d openssl-0.9.8k \
< bind-9.7.0b1/bin/pkcs11/openssl-0.9.8k-patch
patch -p1 -d openssl-0.9.8l \
< bind-9.7.0b1/bin/pkcs11/openssl-0.9.8l-patch
(Note that the patch file may not be compatible with the "patch"
utility on all operating systems. You may need to install GNU patch.)
......@@ -92,7 +92,7 @@ We will use this location when we configure BIND 9.
Finally, the Keyper library requires threads, so we must specify -pthread.
cd openssl-0.9.8k
cd openssl-0.9.8l
./Configure linux-generic32 -m32 -pthread \
--pk11-libname=/opt/pkcs11/usr/lib/libpkcs11.so \
--pk11-flavor=sign-only \
......@@ -110,7 +110,7 @@ We will use this location when we configure BIND 9.
In this example, we are building on Solaris x86 on an AMD64 system.
cd openssl-0.9.8k
cd openssl-0.9.8l
./Configure solaris64-x86_64-cc \
--pk11-libname=/usr/lib/64/libpkcs11.so \
--pk11-flavor=crypto-accelerator \
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: named-checkzone.8,v 1.44 2009/07/11 01:12:45 tbox Exp $
.\" $Id: named-checkzone.8,v 1.45 2009/11/11 01:14:41 tbox Exp $
.\"
.hy 0
.ad l
......@@ -33,9 +33,9 @@
named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
.SH "SYNOPSIS"
.HP 16
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
.HP 18
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
.SH "DESCRIPTION"
.PP
\fBnamed\-checkzone\fR
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.55 2009/09/29 15:06:05 fdupont Exp $ */
/* $Id: named-checkzone.c,v 1.57 2009/11/10 21:30:42 each Exp $ */
/*! \file */
......@@ -76,14 +76,16 @@ usage(void) ISC_PLATFORM_NORETURN_POST;
static void
usage(void) {
fprintf(stderr,
"usage: %s [-djqvD] [-c class] [-o output] "
"usage: %s [-djqvD] [-c class] "
"[-f inputformat] [-F outputformat] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
"[-i (full|full-sibling|local|local-sibling|none)] "
"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
"[-W (ignore|warn)] "
"zonename filename\n", prog_name);
"%s zonename filename\n",
prog_name,
progmode == progmode_check ? "[-o filename]" : "-o filename");
exit(1);
}
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.36 2009/01/20 23:47:56 tbox Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.37 2009/11/10 20:02:01 each Exp $ -->
<refentry id="man.named-checkzone">
<refentryinfo>
<date>June 13, 2000</date>
......@@ -69,7 +69,6 @@
<arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
<arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
......@@ -99,6 +98,7 @@
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
<arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
<arg choice="req">zonename</arg>
<arg choice="req">filename</arg>
</cmdsynopsis>
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.html,v 1.44 2009/07/11 01:12:45 tbox Exp $ -->
<!-- $Id: named-checkzone.html,v 1.45 2009/11/11 01:14:41 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -29,11 +29,11 @@
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-checkzone</code> [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
<div class="cmdsynopsis"><p><code class="command">named-compilezone</code> [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
</div>
<div class="refsect1" lang="en">
<a name="id2543672"></a><h2>DESCRIPTION</h2>
<a name="id2543674"></a><h2>DESCRIPTION</h2>
<p><span><strong class="command">named-checkzone</strong></span>
checks the syntax and integrity of a zone file. It performs the
same checks as <span><strong class="command">named</strong></span> does when loading a
......@@ -53,7 +53,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2543707"></a><h2>OPTIONS</h2>
<a name="id2543709"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl>
<dt><span class="term">-d</span></dt>
<dd><p>
......@@ -239,14 +239,14 @@
</dl></div>
</div>
<div class="refsect1" lang="en">
<a name="id2544328"></a><h2>RETURN VALUES</h2>
<a name="id2544330"></a><h2>RETURN VALUES</h2>
<p><span><strong class="command">named-checkzone</strong></span>
returns an exit status of 1 if
errors were detected and 0 otherwise.
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544340"></a><h2>SEE ALSO</h2>
<a name="id2544342"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
<span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
<em class="citetitle">RFC 1035</em>,
......@@ -254,7 +254,7 @@
</p>
</div>
<div class="refsect1" lang="en">
<a name="id2544373"></a><h2>AUTHOR</h2>
<a name="id2544375"></a><h2>AUTHOR</h2>
<p><span class="corpauthor">Internet Systems Consortium</span>
</p>
</div>
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: keygen.c,v 1.3 2009/06/11 23:47:55 tbox Exp $ */
/* $Id: keygen.c,v 1.4 2009/11/12 14:02:38 marka Exp $ */
/*! \file */
......@@ -194,7 +194,7 @@ write_key_file(const char *keyfile, const char *user,
dns_secalg_t alg) {
isc_result_t result;
const char *algname = alg_totext(alg);
FILE *fd;
FILE *fd = NULL;
DO("create keyfile", isc_file_safecreate(keyfile, &fd));
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.326 2009/09/15 23:48:09 tbox Exp $ */
/* $Id: dighost.c,v 1.328 2009/11/10 17:27:40 each Exp $ */
/*! \file
* \note
......@@ -2582,11 +2582,9 @@ connect_timeout(isc_task_t *task, isc_event_t *event) {
if (!l->tcp_mode)
send_udp(ISC_LIST_NEXT(cq, link));
else {
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
isc_socket_detach(&query->sock);
sockcount--;
debug("sockcount=%d", sockcount);
if (query->sock != NULL)
isc_socket_cancel(query->sock, NULL,
ISC_SOCKCANCEL_ALL);
send_tcp_connect(ISC_LIST_NEXT(cq, link));
}
UNLOCK_LOOKUP;
......@@ -2790,8 +2788,8 @@ connect_done(isc_task_t *task, isc_event_t *event) {
if (sevent->result == ISC_R_CANCELED) {
debug("in cancel handler");
isc_socket_detach(&query->sock);
INSIST(sockcount > 0);
sockcount--;
INSIST(sockcount >= 0);
debug("sockcount=%d", sockcount);
query->waiting_connect = ISC_FALSE;
isc_event_free(&event);
......
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keyfromlabel.8,v 1.15 2009/10/23 01:14:47 tbox Exp $
.\" $Id: dnssec-keyfromlabel.8,v 1.16 2009/11/03 21:58:30 tbox Exp $
.\"
.hy 0
.ad l
......@@ -67,7 +67,7 @@ Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used
.PP
\-E \fIengine\fR
.RS 4
Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pcks11".
Specifies the name of the crypto hardware (OpenSSL engine). When compiled with PKCS#11 support it defaults to "pkcs11".
.RE
.PP
\-l \fIlabel\fR
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keyfromlabel.c,v 1.25 2009/10/27 18:56:48 each Exp $ */
/* $Id: dnssec-keyfromlabel.c,v 1.28 2009/11/23 02:55:40 each Exp $ */
/*! \file */
......@@ -197,7 +197,7 @@ main(int argc, char **argv) {
options |= DST_TYPE_KEY;
break;
case 'l':
label = isc_commandline_argument;
label = isc_mem_strdup(mctx, isc_commandline_argument);
break;
case 'n':
nametype = isc_commandline_argument;
......@@ -320,8 +320,11 @@ main(int argc, char **argv) {
int len;
len = strlen(label) + strlen(engine) + 2;
l = isc_mem_get(mctx, len);
l = isc_mem_allocate(mctx, len);
if (l == NULL)
fatal("cannot allocate memory");
snprintf(l, len, "%s:%s", engine, label);
isc_mem_free(mctx, label);
label = l;
}
......@@ -351,7 +354,8 @@ main(int argc, char **argv) {
}
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1) {
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}
......@@ -457,12 +461,14 @@ main(int argc, char **argv) {
if (setpub)
dst_key_settime(key, DST_TIME_PUBLISH, publish);
else if (!genonly)
else if (setact)
dst_key_settime(key, DST_TIME_PUBLISH, activate);
else if (!genonly && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH, now);
if (setact)
dst_key_settime(key, DST_TIME_ACTIVATE, activate);
else if (!genonly)
else if (!genonly && !unsetact)
dst_key_settime(key, DST_TIME_ACTIVATE, now);
if (setrev) {
......@@ -525,6 +531,7 @@ main(int argc, char **argv) {
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_free(mctx, label);
isc_mem_destroy(&mctx);
return (0);
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.14 2009/10/22 02:21:30 each Exp $ -->
<!-- $Id: dnssec-keyfromlabel.docbook,v 1.15 2009/11/03 21:44:46 each Exp $ -->
<refentry id="man.dnssec-keyfromlabel">
<refentryinfo>
<date>February 8, 2008</date>
......@@ -128,7 +128,7 @@
<listitem>
<para>
Specifies the name of the crypto hardware (OpenSSL engine).
When compiled with PKCS#11 support it defaults to "pcks11".
When compiled with PKCS#11 support it defaults to "pkcs11".
</para>
</listitem>
</varlistentry>
......
......@@ -13,7 +13,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keyfromlabel.html,v 1.14 2009/10/23 01:14:47 tbox Exp $ -->
<!-- $Id: dnssec-keyfromlabel.html,v 1.15 2009/11/03 21:58:30 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -79,7 +79,7 @@
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
<dd><p>
Specifies the name of the crypto hardware (OpenSSL engine).
When compiled with PKCS#11 support it defaults to "pcks11".
When compiled with PKCS#11 support it defaults to "pkcs11".
</p></dd>
<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
<dd><p>
......
......@@ -13,7 +13,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-keygen.8,v 1.52 2009/10/28 01:14:38 tbox Exp $
.\" $Id: dnssec-keygen.8,v 1.53 2009/11/03 21:58:30 tbox Exp $
.\"
.hy 0
.ad l
......@@ -100,7 +100,7 @@ Indicates that the DNS record containing the key should have the specified class
.PP
\-E \fIengine\fR
.RS 4
Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine.
Uses a crypto hardware (OpenSSL engine) for random number and, when supported, key generation. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
.RE
.PP
\-e
......
......@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.106 2009/10/28 00:27:10 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.107 2009/11/23 02:55:40 each Exp $ */
/*! \file */
......@@ -772,13 +772,16 @@ main(int argc, char **argv) {
if (setpub)
dst_key_settime(key, DST_TIME_PUBLISH, publish);
else if (!genonly && !setact)
else if (setact)
dst_key_settime(key, DST_TIME_PUBLISH,
activate);
else if (!genonly && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH, now);
if (setact)
dst_key_settime(key, DST_TIME_ACTIVATE,
activate);
else if (!genonly && !setpub)
else if (!genonly && !unsetact)
dst_key_settime(key, DST_TIME_ACTIVATE, now);
if (setrev) {
......
......@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.docbook,v 1.32 2009/10/28 00:27:10 marka Exp $ -->
<!-- $Id: dnssec-keygen.docbook,v 1.33 2009/11/03 21:44:46 each Exp $ -->
<refentry id="man.dnssec-keygen">
<refentryinfo>
<date>June 30, 2000</date>
......@@ -218,7 +218,7 @@
<para>
Uses a crypto hardware (OpenSSL engine) for random number
and, when supported, key generation. When compiled with PKCS#11
support it defaults to pcks11, the empty name resets it to
support it defaults to pkcs11; the empty name resets it to
no engine.
</para>
</listitem>
......
......@@ -14,7 +14,7 @@
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-keygen.html,v 1.44 2009/10/28 01:14:38 tbox Exp $ -->
<!-- $Id: dnssec-keygen.html,v 1.45 2009/11/03 21:58:30 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -133,7 +133,7 @@
<dd><p>
Uses a crypto hardware (OpenSSL engine) for random number
and, when supported, key generation. When compiled with PKCS#11
support it defaults to pcks11, the empty name resets it to
support it defaults to pkcs11; the empty name resets it to
no engine.
</p></dd>
<dt><span class="term">-e</span></dt>
......
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-revoke.8,v 1.7 2009/10/06 01:14:41 tbox Exp $
.\" $Id: dnssec-revoke.8,v 1.8 2009/11/03 21:58:30 tbox Exp $
.\"
.hy 0
.ad l
......@@ -61,7 +61,7 @@ Sets the debugging level.
.PP
\-E \fIengine\fR
.RS 4
Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine.
Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
.RE
.PP
\-f
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-revoke.docbook,v 1.6 2009/10/05 17:30:49 fdupont Exp $ -->
<!-- $Id: dnssec-revoke.docbook,v 1.7 2009/11/03 21:44:46 each Exp $ -->
<refentry id="man.dnssec-revoke">
<refentryinfo>
<date>June 1, 2009</date>
......@@ -108,7 +108,7 @@
<listitem>
<para>
Use the given OpenSSL engine. When compiled with PKCS#11 support
it defaults to pcks11, the empty name resets it to no engine.
it defaults to pkcs11; the empty name resets it to no engine.
</para>
</listitem>
</varlistentry>
......
......@@ -14,7 +14,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-revoke.html,v 1.7 2009/10/06 01:14:41 tbox Exp $ -->
<!-- $Id: dnssec-revoke.html,v 1.8 2009/11/03 21:58:30 tbox Exp $ -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
......@@ -62,7 +62,7 @@
<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
<dd><p>
Use the given OpenSSL engine. When compiled with PKCS#11 support
it defaults to pcks11, the empty name resets it to no engine.
it defaults to pkcs11; the empty name resets it to no engine.
</p></dd>
<dt><span class="term">-f</span></dt>
<dd><p>
......
......@@ -12,7 +12,7 @@
.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.\" $Id: dnssec-settime.8,v 1.8 2009/10/17 01:14:35 tbox Exp $
.\" $Id: dnssec-settime.8,v 1.9 2009/11/03 21:58:30 tbox Exp $
.\"
.hy 0
.ad l
......@@ -79,7 +79,7 @@ Sets the debugging level.
.PP
\-E \fIengine\fR
.RS 4
Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pcks11, the empty name resets it to no engine.
Use the given OpenSSL engine. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
.RE
.SH "TIMING OPTIONS"
.PP
......
......@@ -17,7 +17,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dnssec-settime.docbook,v 1.6 2009/10/16 15:37:01 jreed Exp $ -->
<!-- $Id: dnssec-settime.docbook,v 1.7 2009/11/03 21:44:46 each Exp $ -->
<refentry id="man.dnssec-settime">
<refentryinfo>
<date>July 15, 2009</date>
......@@ -134,7 +134,7 @@