Skip to content

getdns-0.5.0 release
Compare
Choose a tag to compare
@wtoorop wtoorop released this 28 Dec 11:40
· 1993 commits to develop since this release
v0.5.0
de59b70
 
Please do not use the github generated Source code (zip) and (tar.gz) files, but our own tarball instead:
tarball https://getdnsapi.net/dist/getdns-0.5.0.tar.gz
pgp sig https://getdnsapi.net/dist/getdns-0.5.0.tar.gz.asc
sha256 b0680170249ba9987b8af4c7f2bc64833fe6396ecd66565c991b33775f78ccdb

Dear All,

We have a new release version 0.5.0 of getdns.

This is mostly a new features release

This release does all crypto operations using OpenSSL directly and has no longer a dependency on libldns. Note however that libldns is still used by the unit tests.

Following the October 2015 release of the API specification, the library can now access deeply embedded data structure members in getdns_dicts by using JSON Pointers as the name to be accessed (RFC 6901). This works for the getter and setter functions (getdns_dict_get_* and getdns_dict_set_*).

DNS over TLS now uses the default IANA assigned port number for domain-s: 853.

This release includes an experimental implementation of upstream server hostname authentication for TLS connections in stub mode (note that the default behaviour has not changed compared to the 0.3 release). A new, non-standard function getdns_context_set_tls_authentication() can be used to set the authentication to GETDNS_AUTHENTICATION_HOSTNAME which requires that a server provides a valid certificate (validated using the default CA repository) and that the hostname specified in the "tls_auth_name" field of the upstream dict matches that in the certificate. The authentication setting is only enforced when the transport list contains only GETDNS_TRANSPORT_TLS and in this case if authentication fails for all upstreams, queries will fail. If the transport list contains other clear text transports then opportunistic TLS will be performed which does not require authentication of the TLS connection. Examples of usage using the getdns_query tool can be found in the tests_transports.sh script in the test directory.

ChangeLog

* 2015-10-29: Version 0.5.0
  * Native crypto.  No ldns dependency anymore.
    (ldns still necessary to be able to run tests though)
  * JSON pointer arguments to getdns_dict_get_* and getdns_dict_set_* 
    to dereference nested dicts and lists.
  * Bugfix: DNSSEC code finding zone cut with redirects + pursuing unsigned
    DS answers close to the root.  Thanks Theogene Bucuti!
  * Default port for TLS changed to 853
  * Unofficial extension to the API to allow TLS hostname verification to be
    required for stub mode when using only TLS as a transport. 
    When required a hostname must be supplied in the
    'hostname' field of the upstream_list dict and the TLS cipher suites are
    restricted to the 4 AEAD suites recommended in RFC7525.
Assets 4
Loading