bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-11 13:54 UTC
[Bug 1320] New: Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320 Summary: Add support for ldns Product: Portable OpenSSH Version: -current Platform: Other OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: svallet at genoscope.cns.fr Created an attachment (id=1301) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1301) Patch against CVS trying to make use of SSHFP records (RFC 4255) to publish host key fingerprints in the DNS, we're stumbling on some issues. It appears some non-OpenBSD platforms don't support DNSSEC in the native resolver (e.g. glibc), which renders such a setup quite useless, since openssh correctly requires the RRs to be signed and validated. The following patch adds support for ldns, an external resolver library, with the following functionality: - Set DO on the SSHFP query - Support AD if the answer comes from a validating resolver - Support autonomous validation using a configured trust anchor in case the answer is not marked as authentic. It depends on the SVN version of ldns (revision 2345), which is available there: http://www.nlnetlabs.nl/ldns/ The patch is against current CVS (and needs a minor adjustment to config.h.in, which does not seem to be under version control) Simon -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-11 14:01 UTC
[Bug 1320] Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2007-06-12 00:01:46 --- (In reply to comment #0)> The patch is against current CVS (and needs a minor adjustment to > config.h.in, which does not seem to be under version control)config.h.in is created by autoconf, so if you need changes then it's autoconf that needs to be changed. What exactly needs to be adjusted? -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-11 14:17 UTC
[Bug 1320] Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #2 from Simon Vallet <svallet at genoscope.cns.fr> 2007-06-12 00:17:03 --- (In reply to comment #1)> (In reply to comment #0) > > The patch is against current CVS (and needs a minor adjustment to > > config.h.in, which does not seem to be under version control) > > config.h.in is created by autoconf, so if you need changes then it's > autoconf that needs to be changed. > > What exactly needs to be adjusted?weirdly I had to manually add the '#undef HAVE_LDNS' to config.h.in. I thought it was automatically added by this macro: AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) but it seems it was not -- maybe my autoconf's broken in some way. -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-11 14:23 UTC
[Bug 1320] Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2007-06-12 00:23:49 --- (In reply to comment #2)> weirdly I had to manually add the '#undef HAVE_LDNS' to config.h.in. I > thought it was automatically added by this macro: > > AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) > > but it seems it was not -- maybe my autoconf's broken in some way.Actually it's the autoheader too which isn't run by autoconf by default. Try running "autoreconf" instead of autoconf, or run "autoheader" as well. -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-11 15:10 UTC
[Bug 1320] Add support for ldns
http://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #4 from Simon Vallet <svallet at genoscope.cns.fr> 2007-06-12 01:10:14 --- (In reply to comment #3)> (In reply to comment #2) > > weirdly I had to manually add the '#undef HAVE_LDNS' to config.h.in. I > > thought it was automatically added by this macro: > > > > AC_DEFINE(HAVE_LDNS, 1, [Define if you want ldns support]) > > > > but it seems it was not -- maybe my autoconf's broken in some way. > > Actually it's the autoheader too which isn't run by autoconf by > default. Try running "autoreconf" instead of autoconf, or run > "autoheader" as well.You're right -- I missed the autoheader part: running autoreconf correctly includes the line in config.h.in -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Aug-18 00:38 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Blocks| |1626 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2009-Dec-21 02:49 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1301|0 |1 is obsolete| | --- Comment #5 from Darren Tucker <dtucker at zip.com.au> 2009-12-21 13:49:36 EST --- Created an attachment (id=1761) --> (https://bugzilla.mindrot.org/attachment.cgi?id=1761) Updated ldns patch Replaced strndup (a GNUism) with malloc/memcpy. Fixed a few style nits, whitespace and such. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-13 00:21 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #6 from Darren Tucker <dtucker at zip.com.au> 2010-01-13 11:21:19 EST --- If someone who uses ldns could confirm that the updated patch functions correctly then I'd like to put this in for the next release. Thanks. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1626 | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Jan-29 00:13 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1708 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-01 10:25 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Colin Watson <cjwatson at debian.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cjwatson at debian.org --- Comment #7 from Colin Watson <cjwatson at debian.org> 2010-03-01 21:25:09 EST --- It was recently brought to my attention (http://bugs.debian.org/572049) that Fedora is shipping a patch purporting to enable DNSSEC with glibc: https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Perhaps this is an alternative to depending on another library? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Mar-07 03:45 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #8 from Darren Tucker <dtucker at zip.com.au> 2010-03-07 14:45:50 EST --- (In reply to comment #7)> Perhaps this is an alternative to depending on another library?I have no objection to enabling the support when glibc has it, but glibc is only viable on a subset of the platforms supported by openssh. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2010-Aug-03 05:13 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1708 |1803 --- Comment #9 from Darren Tucker <dtucker at zip.com.au> --- No test reports, punting to next release. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:30 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1803 | --- Comment #10 from Damien Miller <djm at mindrot.org> 2011-01-24 12:30:55 EST --- Retarget unclosed bugs from 5.7=>5.8 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jan-24 01:31 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1845 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:34 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #11 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:25 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:36 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 --- Comment #12 from Damien Miller <djm at mindrot.org> 2011-09-06 10:36:36 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:39 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1845 | --- Comment #13 from Damien Miller <djm at mindrot.org> 2011-09-06 10:39:12 EST --- Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-23 03:44 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1761|0 |1 is obsolete| | Attachment #2095| |ok?(djm at mindrot.org) Flags| | --- Comment #14 from Darren Tucker <dtucker at zip.com.au> 2011-09-23 13:44:03 EST --- Created attachment 2095 --> https://bugzilla.mindrot.org/attachment.cgi?id=2095 Updated ldns patch Some changes at djm's request: - renamed bsd-getrrsetbyname.c to getrrsetbyname-ldns.c since it is ldns specific. - used xmalloc and friends for extra checking (using #define so any future code syncs will be easier). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-24 03:54 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2095|ok?(djm at mindrot.org) |ok+ Flags| | -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Nov-04 00:25 UTC
[Bug 1320] Add support for ldns
https://bugzilla.mindrot.org/show_bug.cgi?id=1320 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #15 from Darren Tucker <dtucker at zip.com.au> 2011-11-04 11:25:55 EST --- patch commited, it will be in the openssh 6.0p1 release. Thanks! -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [PATCH] Add support for ldns
- [Bug 2603] New: Build with ldns and without kerberos support fails if ldns compiled with kerberos support
- [Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
- sshfp/ldns still having issues in 7.6
- sshfp/ldns still having issues in 7.6