[Swan-commit] Changes to ref refs/heads/main

Tue, 23 Dec 2025 13:14:38 -0800 

New commits:
commit d6d01e8eea37a76a02004e5223c7f05bf106650c
Merge: c31f17e21f b11d61b7a9
Author: Andrew Cagney <[email protected]>
Date:   Tue Dec 23 15:52:09 2025 -0500

    Merge ddns: use unbound, when enabled, to resolve right=right.libreswan.org
    
    notes:
    
    - `ipsec whack --dns` expects an uncached resolve
    
      hence code is creating unbound context on every request
      the command should instead flush the cache (but how?)
    
      see #2559 ipsec ddns should flush cache
    
    - the tests needed dnssec disabled (but still use unbound)
    
      else things didn't validate
    
    - there's still unbound code for looking up dnskeys
    
      see #2560 merge resolve helper and ikev2_ipseckey?
    
    - need to update ttoaddress_dns() to use unbound
    
      but this means somehow making ipsec.conf's dns* settings
      available to that code; for instance in showhostkey
    
      see #2333 should ttoaddress_dns() call unbound_resolve() when available?
    
    close #2353 should a half resolved connection orient
    close #1749 ikev2-ddns-02 fails intermittently

commit b11d61b7a9bd5d70828afefd1a258e1096a356f2
Author: Andrew Cagney <[email protected]>
Date:   Fri Dec 19 13:29:31 2025 -0500

    resolve: use UNBOUND when enabled

commit a4366c60ce14065a60da1ce2e1bb251fdd2ad317
Author: Andrew Cagney <[email protected]>
Date:   Tue Dec 23 09:44:15 2025 -0500

    testing: update DDNS tests to demonstrate unbound pluto's behaviour
    
    - update messages
    
    - add -ready variant HOST and UNBOUND tests
      demonstrates behaviour when things can resolve
    
    - shuffle to -delayed, HOST and UNBOUND tests
      the name only becomes available after conn is added

commit 4323da659a4de2880e791462a57a4e0bf22d83f4
Author: Andrew Cagney <[email protected]>
Date:   Fri Dec 19 13:15:30 2025 -0500

    building: define both USE_UNBOUND and USE_DNSSEC
    
    latter is a misnomer, it enables a feature

commit e845e54fd220906237e2d642bfb6db5a814cb364
Author: Andrew Cagney <[email protected]>
Date:   Fri Dec 19 13:05:51 2025 -0500

    unbound: replace unbound_resolve() with unbound_sync_resolve()
    
    ... takes ub_ctx parameter; and return ub_ctx from
    unbound_sync_init().
    
    Drop static dns_ctx variable.
    
    Also delete unbound_ctx_free(), and call from whack_shutdown.c.
    No point trying to free the never set dns_ctx.

_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to