mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Deprecate AES algorithm for DNS cookies

Browse Source 
The AES algorithm for DNS cookies was being kept for legacy reasons,
and it can be safely removed in the next major release.  Mark is as
deprecated, so the `named-checkconf` prints a warning when in use.
This commit is contained in:
Ondřej Surý 2023-11-07 15:17:10 +01:00
parent fd4ad5f0ba
commit 67d14b0ee5
No known key found for this signature in database
GPG Key ID: 2820F37E873DEA41
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/isccfg/check.c
View File

@ -1561,6 +1561,10 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
(void)cfg_map_get(options, "cookie-algorithm", &obj); (void)cfg_map_get(options, "cookie-algorithm", &obj);
if (obj != NULL) { if (obj != NULL) {
ccalg = cfg_obj_asstring(obj); ccalg = cfg_obj_asstring(obj);
if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"cookie-algorithm 'aes' is deprecated");
}
} }
obj = NULL; obj = NULL;