3760. [bug] Improve SIT with native PKCS#11 and on Windows.
[RT #35433]
3759. [port] Enable delve on Windows. [RT #35441]
3758. [port] Enable export library APIs on windows. [RT #35382]
3741. [func] "delve" (domain entity lookup and validation engine):
A new tool with dig-like semantics for performing DNS
lookups, with internal DNSSEC validation, using the
same resolver and validator logic as named. This
allows easy validation of DNSSEC data in environments
with untrustworthy resolvers, and assists with
troubleshooting of DNSSEC problems. (Note: not yet
available on win32.) [RT #32406]
on a missing resolv.conf file and initializes the
structure as if it had been configured with:
nameserver ::1
nameserver 127.0.0.1
Note: Callers will need to be updated to treat
ISC_R_FILENOTFOUND as a qualified success or else
they will leak memory. The following code fragment
will work with both only and new versions without
changing the behaviour of the existing code.
resconf = NULL;
result = irs_resconf_load(mctx, "/etc/resolv.conf",
&resconf);
if (result != ISC_SUCCESS) {
if (resconf != NULL)
irs_resconf_destroy(&resconf);
....
}
[RT #35194]
3705. [func] "configure --enable-native-pkcs11" enables BIND
to use the PKCS#11 API for all cryptographic
functions, so that it can drive a hardware service
module directly without the need to use a modified
OpenSSL as intermediary (so long as the HSM's vendor
provides a complete-enough implementation of the
PKCS#11 interface). This has been tested successfully
with the Thales nShield HSM and with SoftHSMv2 from
the OpenDNSSEC project. [RT #29031]
