mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

[master] remove default algorithm in dnssec-keygen

Browse Source 
4594.	[func]		dnssec-keygen no longer uses RSASHA1 by default;
			the signing algorithm must be specified on
			the command line with the "-a" option.  Signing
			scripts that rely on the existing default behavior
			will break; use "dnssec-keygen -a RSASHA1" to
			repair them. (The goal of this change is to make
			it easier to find scripts using RSASHA1 so they
			can be changed in the event of that algorithm
			being deprecated in the future.) [RT #44755]
This commit is contained in:
Evan Hunt
2017-08-30 18:51:11 -07:00
parent 2bfc294f0a
commit 45afdb2672
33 changed files with 468 additions and 431 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/dns/rcode.c
View File

@@ -131,7 +131,9 @@
{ DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
{ DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
{ DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \
{ DNS_KEYALG_ECDSA256, "ECDSA256", 0 }, \
{ DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \
{ DNS_KEYALG_ECDSA384, "ECDSA384", 0 }, \
{ DNS_KEYALG_ED25519, "ED25519", 0 }, \
{ DNS_KEYALG_ED448, "ED448", 0 }, \
{ DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \