Maintenance Blog

We have a new Net::DNS::SEC release version 0.22.

This release introduces the following new features and improvements:

RRSIG::siginception and RRSIG::siginception in time values

RRSIG::siginception and RRSIG::siginception now return, besides the format date in string context like before, the date as seconds since epoch in numeric context.

ECDSA and GOST signature creation and verification

The optional Crypt::OpenSSL::EC, Crypt::OpenSSL::ECDSA and Digest::GOST need to be available to enable this feature.

Version requirements detection for optional modules

Besides the optional modules just mentioned, Crypt::OpenSSL::Random is an optional module which enables private key generation and Digest::BubbleBabble enables Net::DNS::RR::DS::babble

Besides these features, architectural modifications have been made to loosen the Net::DNS::RR::* classes from the Net::DNS::SEC package, so that they can be added to the regular Net::DNS in the future, although without cryptographic operations.

To this end, all cryptographic operations are now concentrated in their own modules Net::DNS::SEC::RSA, Net::DNS::SEC::DSA, Net::DNS::SEC::ECDSA and Net::DNS::SEC::ECCGOST.

An affected module of this rework is Net::DNS::SEC::Private. This module previously performed cryptographic operations with the generate_rsa, new_rsa_priv and dump_rsa_* methods.

The generate_rsa and new_rsa_priv methods are still available as before, but the dump_rsa_* methods are now available only if the generate_rsa or new_rsa_priv function were used to create the Net::DNS::SEC::Private object. This is different from previous behaviour (i.e. not backwards compatible).

For a complete list of changes and bugfixes see the CHANGES file.