Backport DoT/DoH-related merge requests
This issue contains a list of DoT/DoH-related merge requests which
should be eventually backported to
v9_16, but may need to wait in a
queue for a while before that happens.
Merge requests that must be backported:
- !3532 (merged) Add TLS support to named and dig
- !4373 (merged) Add support to link with libssl
- !4584 (merged) refactor TLSDNS module to work with libuv/ssl directly
- !4571 (merged) Add support for incoming tranfers via XoT
- !4644 (merged) Resolve "Encrypted DNS - RFC 8484, DNS over HTTPS, DOH (also DoT comments)"
- !4653 (merged) Resolve "too easy to configure unencrypted DoH"
- !4689 (merged) report libnghttp2 version in 'named -V'
- !4766 (merged) Fix comparison between signed and unsigned integer expressions
- !4672 (merged) Resolve "RFC8484, DoH support in DIG (and any other relevant utilities)"
- !4794 (merged) Resolve "warning: array subscript is of type 'char' on NetBSD 9"
- !4792 (merged) Load full certificate chain from a certificate chain file
- !4803 (merged) Fix a XoT crash
- !4806 (merged) Resolve "Does not compile without deprecated OpenSSL APIs"
- !4820 (merged) Fix dangling uvreq when data is sent from tlsdns_cycle()
- !4809 (merged) Fix memory accounting bug in TLSDNS
- !4824 (merged) Call isc__nm_tlsdns_failed_read on tls_error to cleanup the socket
- !4851 (merged) TLS transport code refactoring and unit tests
- !4863 (merged) Fix "doth" system test failure with SSL_ERROR_SYSCALL (5)
- !4893 (merged) Merge the tls_test.c into netmgr_test.c and extend the tests suite
- !4906 (merged) Resolve "tlsstream.c: warning: comparison of integer expressions of different signedness"
- !5005 (merged) Fix flawed DoH unit tests logic and some corner cases in the DoH code. Fix doh_test failure on FreeBSD 13.0
- !5019 (merged) DoH flamethrower fixes
- !5024 (merged) Add DoH quota tests
- !5121 (merged) HTTP/2 write buffering