interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

set and return the pubkey_pinsets on the upstream resolvers

This commit is contained in:
Daniel Kahn Gillmor 2015-12-21 18:08:53 -05:00 committed by Sara Dickinson
parent b305f073fe
commit 0d2256df09
1 changed files with 25 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/context.c
View File

@ -55,6 +55,7 @@
#include "stub.h" #include "stub.h"
#include "list.h" #include "list.h"
#include "dict.h" #include "dict.h"
#include "pubkey-pinning.h"
#define GETDNS_PORT_ZERO 0 #define GETDNS_PORT_ZERO 0
#define GETDNS_PORT_DNS 53 #define GETDNS_PORT_DNS 53
@ -1950,6 +1951,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
upstream_init(upstream, upstreams, ai); upstream_init(upstream, upstreams, ai);
upstream->transport = getdns_upstream_transports[j]; upstream->transport = getdns_upstream_transports[j];
if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) { if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) {
getdns_list *pubkey_pinset = NULL;
if ((r = getdns_dict_get_bindata( if ((r = getdns_dict_get_bindata(
dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) { dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) {
/*TODO: VALIDATE THIS STRING!*/ /*TODO: VALIDATE THIS STRING!*/
@ -1958,6 +1960,16 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
tls_auth_name->size); tls_auth_name->size);
upstream->tls_auth_name[tls_auth_name->size] = '\0'; upstream->tls_auth_name[tls_auth_name->size] = '\0';
} }
if ((r = getdns_dict_get_list(dict, "tls_pubkey_pinset",
&pubkey_pinset)) == GETDNS_RETURN_GOOD) {
/* TODO: what if the user supplies tls_pubkey_pinset with
* something other than a list? */
r = _getdns_get_pubkey_pinset_from_list(pubkey_pinset,
&(upstreams->mf),
&(upstream->tls_pubkey_pinset));
if (r != GETDNS_RETURN_GOOD)
goto invalid_parameter;
}
} }
if ((upstream->tsig_alg = tsig_alg)) { if ((upstream->tsig_alg = tsig_alg)) {
if (tsig_name) { if (tsig_name) {
@ -3170,11 +3182,19 @@ getdns_context_get_upstream_recursive_servers(getdns_context *context,
(uint32_t)upstream_port(upstream)))) (uint32_t)upstream_port(upstream))))
break; break;
if (upstream->transport == GETDNS_TRANSPORT_TLS && if (upstream->transport == GETDNS_TRANSPORT_TLS) {
upstream_port(upstream) != getdns_port_array[j] && if (upstream_port(upstream) == getdns_port_array[j])
(r = getdns_dict_set_int(d, "tls_port", (void) getdns_dict_set_int(d, "tls_port",
(uint32_t)upstream_port(upstream)))) (uint32_t) upstream_port(upstream));
break; if (upstream->tls_pubkey_pinset) {
getdns_list *pins = NULL;
if (_getdns_get_pubkey_pinset_list(context,
upstream->tls_pubkey_pinset,
&pins) == GETDNS_RETURN_GOOD)
(void) getdns_dict_set_list(d, "tls_pubkey_pinset", pins);
getdns_list_destroy(pins);
}
}
} }
if (!r) if (!r)
r = _getdns_list_append_dict(upstreams, d); r = _getdns_list_append_dict(upstreams, d);