Backport DoT/DoH-related merge requests
This issue contains a list of DoT/DoH-related merge requests which
should be eventually backported to v9_16
, but may need to wait in a
queue for a while before that happens.
Merge requests that must be backported:
-
!3532 (merged) Add TLS support to named and dig -
!4373 (merged) Add support to link with libssl -
!4584 (merged) refactor TLSDNS module to work with libuv/ssl directly -
!4571 (merged) Add support for incoming tranfers via XoT -
!4644 (merged) Resolve "Encrypted DNS - RFC 8484, DNS over HTTPS, DOH (also DoT comments)" -
!4653 (merged) Resolve "too easy to configure unencrypted DoH" -
!4689 (merged) report libnghttp2 version in 'named -V' -
!4766 (merged) Fix comparison between signed and unsigned integer expressions -
!4672 (merged) Resolve "RFC8484, DoH support in DIG (and any other relevant utilities)" -
!4794 (merged) Resolve "warning: array subscript is of type 'char' on NetBSD 9" -
!4792 (merged) Load full certificate chain from a certificate chain file -
!4803 (merged) Fix a XoT crash -
!4806 (merged) Resolve "Does not compile without deprecated OpenSSL APIs" -
!4820 (merged) Fix dangling uvreq when data is sent from tlsdns_cycle() -
!4809 (merged) Fix memory accounting bug in TLSDNS -
!4824 (merged) Call isc__nm_tlsdns_failed_read on tls_error to cleanup the socket -
!4851 (merged) TLS transport code refactoring and unit tests -
!4863 (merged) Fix "doth" system test failure with SSL_ERROR_SYSCALL (5) -
!4893 (merged) Merge the tls_test.c into netmgr_test.c and extend the tests suite -
!4906 (merged) Resolve "tlsstream.c: warning: comparison of integer expressions of different signedness" -
!5005 (merged) Fix flawed DoH unit tests logic and some corner cases in the DoH code. Fix doh_test failure on FreeBSD 13.0 -
!5019 (merged) DoH flamethrower fixes -
!5024 (merged) Add DoH quota tests -
!5121 (merged) HTTP/2 write buffering