New configuration file format, changed command line options, improved HTTPS support using GnuTLS and Open/LibreSSL. Inadyn now comes with certificate validation enabled by default.
Changes
-
New configuration file format using libConfuse
-
Radically simplified command line, a .conf file is now required
-
Reorganized SSL code, split
ssl.c
intoopenssl.c
andgnutls.c
-
Strict HTTPS certificate validation is now default. To disable this
usestrict-ssl = false
in the .conf file. -
Certificate validation uses trusted CA certificates from the system
with fall-backs to certain known locations. To override this default
handling aca-trust-file = FILE
setting ininadyn.conf
can be used
to provide the path to another CA cert bundle, in PEM format. -
Massive overhaul of
inadyn(8)
andinadyn.conf(5)
man pages -
Support for reading address from interface, including IPv6 addresses
-
Support for calling an external script to get the IP address
-
Support for multiple users @ same provider, idea from Valery Frolov:
provider default@no-ip.com:1 { username = ian password = secret alias = flemming.no-ip.com } provider default@no-ip.com:2 { username = james password = bond alias = spectre.no-ip.com }
-
Support for ddnss.de and dynv6.com, contributed by Sven Hoefer
-
Support for spdyn.de, on request from Frank Röhm
-
Support for strato.com, contributed by Duncan Overbruck
-
Support for disabling IP address validation:
verify-address = false
-
Refactored memory handling and privilige separation to simplify code
-
Refactored logging and backgrounding to simplify code
-
Removed old compatibility symlinks and other required GNU specific
files, we now distribute and install README.md and ChangeLog.md
Fixes
- Fix issue #61: Add HTTPS certificate validation for OpenSSL/LibreSSL
- Fix issue #67: Use GnuTLS native API for HTTPS
- Fix DuckDNS: now requires 'www.' prefix in server URL. By Frank Aurich
- Fix issue #110: Poodle
SSL_MODE_SEND_FALLBACK_SCSV
not needed - Fix issue #101: Remove support for custom pidfile
- Fix issue #102: Relocate cache files
/var/run/inadyn
to/var/cache/inadyn
- Fix issue #113:
--drop-privs
does not work - Add actual permissions check to
os_check_perms()
- Fix issue #121: Support for fully customizable update URL
- Fix issue #122: Only use HTTPS connection for DNS update, not checkip
- Fix issue #131: Use FreeDNS' own checkip server instead of DYN.com's
- Fix issue #134: Support wildcard cert with GnuTLS backend