mirror of https://github.com/getdnsapi/getdns.git
Merge branch 'release/1.3.0' into develop
This commit is contained in:
commit
2ff1bf6152
18
ChangeLog
18
ChangeLog
|
@ -1,10 +1,20 @@
|
|||
* 2017-12-??: Version 1.2.2
|
||||
* 2017-12-21: Version 1.3.0
|
||||
* Bugfix #300: Detect dnsmasq and skip unit test that fails with it.
|
||||
Thanks Tim Rühsen and Konomi Kitten
|
||||
* Specify default available cipher suites for authenticated TLS
|
||||
upstreams with getdns_context_set_tls_ciphers_list()
|
||||
An upstream specific available cipher suite may also be given
|
||||
with the tls_cipher_list setting in the upstream dict with
|
||||
getdns_context_set_upstream_recursive_servers()
|
||||
* PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
|
||||
Thanks Pascal Ernster
|
||||
* Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
|
||||
context configured upstreams.
|
||||
context configured upstreams. Thanks Andreas Schulze
|
||||
* Report default extension settings with
|
||||
getdns_context_get_api_information()
|
||||
* Specify locations at which CA certificates for verification purposes
|
||||
are located: getdns_context_set_CApath() getdns_context_set_CAfile()
|
||||
are located: getdns_context_set_tls_ca_path()
|
||||
getdns_context_set_tls_ca_file()
|
||||
* getdns_context_set_resolvconf() function to initialize a context
|
||||
upstreams and suffices with a resolv.conf file.
|
||||
getdns_context_get_resolvconf() to get the file used to initialize
|
||||
|
@ -17,7 +27,7 @@
|
|||
when available with getdns_context_get_api_information()
|
||||
* GETDNS_RETURN_IO_ERROR return error code
|
||||
* Bugfix #359: edns_client_subnet_private should set family
|
||||
Thanks Daniel Areiza
|
||||
Thanks Daniel Areiza & Andreas Schulze
|
||||
* Bugfix getdnsapi/stubby#34: Segfault issue with native DNSSEC
|
||||
validation. Thanks Bruno Pagani
|
||||
|
||||
|
|
10
configure.ac
10
configure.ac
|
@ -36,7 +36,7 @@ sinclude(./m4/acx_getaddrinfo.m4)
|
|||
sinclude(./m4/ax_check_compile_flag.m4)
|
||||
sinclude(./m4/pkg.m4)
|
||||
|
||||
AC_INIT([getdns], [1.2.2], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
|
||||
AC_INIT([getdns], [1.3.0], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
|
||||
|
||||
# Autoconf 2.70 will have set up runstatedir. 2.69 is frequently (Debian)
|
||||
# patched to do the same, but frequently (MacOS) not. So add a with option
|
||||
|
@ -52,7 +52,7 @@ AC_SUBST([runstatedir], [$with_piddir])
|
|||
# Dont forget to put a dash in front of the release candidate!!!
|
||||
# That is how it is done with semantic versioning!
|
||||
#
|
||||
AC_SUBST(RELEASE_CANDIDATE, [-rc1])
|
||||
AC_SUBST(RELEASE_CANDIDATE, [])
|
||||
|
||||
# Set current date from system if not set
|
||||
AC_ARG_WITH([current-date],
|
||||
|
@ -62,7 +62,7 @@ AC_ARG_WITH([current-date],
|
|||
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
|
||||
|
||||
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
|
||||
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010201c1])
|
||||
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01030000])
|
||||
AC_SUBST(API_VERSION, ["December 2015"])
|
||||
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
|
||||
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
|
||||
|
@ -98,8 +98,8 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
|
|||
# getdns-1.1.2 had libversion 7:0:1
|
||||
# getdns-1.1.3 had libversion 7:1:1
|
||||
# getdns-1.2.0 had libversion 8:0:2
|
||||
# getdns-1.2.1 has libversion 8:1:2
|
||||
# getdns-1.2.2 will have libversion 9:0:3
|
||||
# getdns-1.2.1 had libversion 8:1:2
|
||||
# getdns-1.3.0 has libversion 9:0:3
|
||||
#
|
||||
GETDNS_LIBVERSION=9:0:3
|
||||
|
||||
|
|
|
@ -89,8 +89,9 @@ static struct const_info consts_info[] = {
|
|||
{ 628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
|
||||
{ 629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT },
|
||||
{ 630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT },
|
||||
{ 631, "GETDNS_CONTEXT_CODE_CAPATH", GETDNS_CONTEXT_CODE_CAPATH_TEXT },
|
||||
{ 632, "GETDNS_CONTEXT_CODE_CAFILE", GETDNS_CONTEXT_CODE_CAFILE_TEXT },
|
||||
{ 631, "GETDNS_CONTEXT_CODE_TLS_CA_PATH", GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT },
|
||||
{ 632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT },
|
||||
{ 633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
|
||||
{ 700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
|
||||
{ 701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
|
||||
{ 702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
|
||||
|
@ -161,8 +162,6 @@ static struct const_name_info consts_name_info[] = {
|
|||
{ "GETDNS_CALLBACK_TIMEOUT", 702 },
|
||||
{ "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 },
|
||||
{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
|
||||
{ "GETDNS_CONTEXT_CODE_CAFILE", 632 },
|
||||
{ "GETDNS_CONTEXT_CODE_CAPATH", 631 },
|
||||
{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
|
||||
{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
|
||||
{ "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 },
|
||||
|
@ -186,6 +185,9 @@ static struct const_name_info consts_name_info[] = {
|
|||
{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
|
||||
{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
|
||||
{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
|
||||
|
|
167
src/context.c
167
src/context.c
|
@ -165,6 +165,17 @@ static void set_ub_dnssec_allowed_skew(struct getdns_context*, uint32_t);
|
|||
/* Stuff to make it compile pedantically */
|
||||
#define RETURN_IF_NULL(ptr, code) if(ptr == NULL) return code;
|
||||
|
||||
static char *
|
||||
_getdns_strdup2(const struct mem_funcs *mfs, const getdns_bindata *s)
|
||||
{
|
||||
char *r;
|
||||
if (!s || !(r = GETDNS_XMALLOC(*mfs, char, s->size + 1)))
|
||||
return NULL;
|
||||
else {
|
||||
r[s->size] = '\0';
|
||||
return memcpy(r, s, s->size);
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
/* For windows, the CA trust store is not read by openssl.
|
||||
|
@ -717,12 +728,16 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
|
|||
{
|
||||
_getdns_closesocket(upstream->fd);
|
||||
}
|
||||
if (upstream->tcp.read_buf)
|
||||
GETDNS_FREE(upstreams->mf, upstream->tcp.read_buf);
|
||||
while (pin) {
|
||||
sha256_pin_t *nextpin = pin->next;
|
||||
GETDNS_FREE(upstreams->mf, pin);
|
||||
pin = nextpin;
|
||||
}
|
||||
upstream->tls_pubkey_pinset = NULL;
|
||||
if (upstream->tls_cipher_list)
|
||||
GETDNS_FREE(upstreams->mf, upstream->tls_cipher_list);
|
||||
}
|
||||
GETDNS_FREE(upstreams->mf, upstreams);
|
||||
}
|
||||
|
@ -1006,6 +1021,7 @@ upstream_init(getdns_upstream *upstream,
|
|||
upstream->fd = -1;
|
||||
upstream->tls_obj = NULL;
|
||||
upstream->tls_session = NULL;
|
||||
upstream->tls_cipher_list = NULL;
|
||||
upstream->transport = GETDNS_TRANSPORT_TCP;
|
||||
upstream->tls_hs_state = GETDNS_HS_NONE;
|
||||
upstream->tls_auth_name[0] = '\0';
|
||||
|
@ -1377,11 +1393,11 @@ static void _getdns_check_expired_pending_netreqs_cb(void *arg)
|
|||
_getdns_check_expired_pending_netreqs((getdns_context *)arg, &now_ms);
|
||||
}
|
||||
|
||||
static const char *_getdns_default_trust_anchors_url =
|
||||
static char const * const _getdns_default_trust_anchors_url =
|
||||
"http://data.iana.org/root-anchors/root-anchors.xml";
|
||||
|
||||
/* The ICANN CA fetched at 24 Sep 2010. Valid to 2028 */
|
||||
static const char *_getdns_default_trust_anchors_verify_CA =
|
||||
static char const * const _getdns_default_trust_anchors_verify_CA =
|
||||
"-----BEGIN CERTIFICATE-----\n"
|
||||
"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
|
||||
"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
|
||||
|
@ -1404,9 +1420,12 @@ static const char *_getdns_default_trust_anchors_verify_CA =
|
|||
"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
static const char *_getdns_default_trust_anchors_verify_email =
|
||||
static char const * const _getdns_default_trust_anchors_verify_email =
|
||||
"dnssec@iana.org";
|
||||
|
||||
static char const * const _getdns_default_tls_cipher_list =
|
||||
"TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"
|
||||
"TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20";
|
||||
|
||||
/*
|
||||
* getdns_context_create
|
||||
|
@ -1513,8 +1532,9 @@ getdns_context_create_with_extended_memory_functions(
|
|||
result->trust_anchors_verify_email = NULL;
|
||||
result->trust_anchors_verify_CA = NULL;
|
||||
result->appdata_dir = NULL;
|
||||
result->CApath = NULL;
|
||||
result->CAfile = NULL;
|
||||
result->tls_ca_path = NULL;
|
||||
result->tls_ca_file = NULL;
|
||||
result->tls_cipher_list = NULL;
|
||||
|
||||
(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));
|
||||
|
||||
|
@ -1779,11 +1799,12 @@ getdns_context_destroy(struct getdns_context *context)
|
|||
, context->trust_anchors_verify_email);
|
||||
if (context->appdata_dir)
|
||||
GETDNS_FREE(context->mf, context->appdata_dir);
|
||||
if (context->CApath)
|
||||
GETDNS_FREE(context->mf, context->CApath);
|
||||
if (context->CAfile)
|
||||
GETDNS_FREE(context->mf, context->CAfile);
|
||||
|
||||
if (context->tls_ca_path)
|
||||
GETDNS_FREE(context->mf, context->tls_ca_path);
|
||||
if (context->tls_ca_file)
|
||||
GETDNS_FREE(context->mf, context->tls_ca_file);
|
||||
if (context->tls_cipher_list)
|
||||
GETDNS_FREE(context->mf, context->tls_cipher_list);
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
WSACleanup();
|
||||
|
@ -2972,16 +2993,19 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
|
|||
upstream->addr.ss_family = addr.ss_family;
|
||||
upstream_init(upstream, upstreams, ai);
|
||||
upstream->transport = getdns_upstream_transports[j];
|
||||
if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) {
|
||||
if (dict && getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) {
|
||||
getdns_list *pubkey_pinset = NULL;
|
||||
if (dict && (r = getdns_dict_get_bindata(
|
||||
getdns_bindata *tls_cipher_list = NULL;
|
||||
|
||||
if ((r = getdns_dict_get_bindata(
|
||||
dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) {
|
||||
|
||||
if (tls_auth_name->size >= sizeof(upstream->tls_auth_name)) {
|
||||
/* tls_auth_name's are just
|
||||
* domain names and should
|
||||
* thus not be larger than 256
|
||||
* bytes.
|
||||
/* tls_auth_name's are
|
||||
* domain names in presentation
|
||||
* format and, taking escaping
|
||||
* into account, should not
|
||||
* be larger than 1024 bytes.
|
||||
*/
|
||||
goto invalid_parameter;
|
||||
}
|
||||
|
@ -2991,7 +3015,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
|
|||
upstream->tls_auth_name
|
||||
[tls_auth_name->size] = '\0';
|
||||
}
|
||||
if (dict && (r = getdns_dict_get_list(dict, "tls_pubkey_pinset",
|
||||
if ((r = getdns_dict_get_list(dict, "tls_pubkey_pinset",
|
||||
&pubkey_pinset)) == GETDNS_RETURN_GOOD) {
|
||||
/* TODO: what if the user supplies tls_pubkey_pinset with
|
||||
* something other than a list? */
|
||||
|
@ -3001,6 +3025,12 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
|
|||
if (r != GETDNS_RETURN_GOOD)
|
||||
goto invalid_parameter;
|
||||
}
|
||||
(void) getdns_dict_get_bindata(
|
||||
dict, "tls_cipher_list", &tls_cipher_list);
|
||||
upstream->tls_cipher_list = tls_cipher_list
|
||||
? _getdns_strdup2(&upstreams->mf
|
||||
, tls_cipher_list)
|
||||
: NULL;
|
||||
}
|
||||
if ((upstream->tsig_alg = tsig_alg)) {
|
||||
if (tsig_name) {
|
||||
|
@ -3574,14 +3604,15 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
|
|||
# endif
|
||||
/* Be strict and only use the cipher suites recommended in RFC7525
|
||||
Unless we later fallback to opportunistic. */
|
||||
const char* const PREFERRED_CIPHERS = "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20";
|
||||
if (!SSL_CTX_set_cipher_list(context->tls_ctx, PREFERRED_CIPHERS))
|
||||
if (!SSL_CTX_set_cipher_list(context->tls_ctx,
|
||||
context->tls_cipher_list ? context->tls_cipher_list
|
||||
: _getdns_default_tls_cipher_list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
/* For strict authentication, we must have local root certs available
|
||||
Set up is done only when the tls_ctx is created (per getdns_context)*/
|
||||
if ((context->CAfile || context->CApath) &&
|
||||
if ((context->tls_ca_file || context->tls_ca_path) &&
|
||||
SSL_CTX_load_verify_locations(context->tls_ctx
|
||||
, context->CAfile, context->CApath))
|
||||
, context->tls_ca_file, context->tls_ca_path))
|
||||
; /* pass */
|
||||
# ifndef USE_WINSOCK
|
||||
else if (!SSL_CTX_set_default_verify_paths(context->tls_ctx)) {
|
||||
|
@ -3625,7 +3656,7 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
|
|||
return r;
|
||||
} /* _getdns_context_prepare_for_resolution */
|
||||
|
||||
char *
|
||||
static char *
|
||||
_getdns_strdup(const struct mem_funcs *mfs, const char *s)
|
||||
{
|
||||
size_t sz;
|
||||
|
@ -3887,10 +3918,12 @@ _get_context_settings(getdns_context* context)
|
|||
(void) getdns_dict_util_set_string(result, "resolvconf", str_value);
|
||||
if (!getdns_context_get_hosts(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "hosts", str_value);
|
||||
if (!getdns_context_get_CApath(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "CApath", str_value);
|
||||
if (!getdns_context_get_CAfile(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "CAfile", str_value);
|
||||
if (!getdns_context_get_tls_ca_path(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "tls_ca_path", str_value);
|
||||
if (!getdns_context_get_tls_ca_file(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "tls_ca_file", str_value);
|
||||
if (!getdns_context_get_tls_cipher_list(context, &str_value) && str_value)
|
||||
(void) getdns_dict_util_set_string(result, "tls_cipher_list", str_value);
|
||||
|
||||
/* Default settings for extensions */
|
||||
(void)getdns_dict_set_int(
|
||||
|
@ -4475,6 +4508,11 @@ getdns_context_get_upstream_recursive_servers(getdns_context *context,
|
|||
break;
|
||||
}
|
||||
}
|
||||
if (upstream->tls_cipher_list) {
|
||||
(void) getdns_dict_util_set_string(
|
||||
d, "tls_cipher_list",
|
||||
upstream->tls_cipher_list);
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!r)
|
||||
|
@ -4677,10 +4715,13 @@ _getdns_context_config_setting(getdns_context *context,
|
|||
CONTEXT_SETTING_STRING(trust_anchors_verify_CA)
|
||||
CONTEXT_SETTING_STRING(trust_anchors_verify_email)
|
||||
CONTEXT_SETTING_STRING(appdata_dir)
|
||||
#ifndef USE_WINSOCK
|
||||
CONTEXT_SETTING_STRING(resolvconf)
|
||||
#endif
|
||||
CONTEXT_SETTING_STRING(hosts)
|
||||
CONTEXT_SETTING_STRING(CApath)
|
||||
CONTEXT_SETTING_STRING(CAfile)
|
||||
CONTEXT_SETTING_STRING(tls_ca_path)
|
||||
CONTEXT_SETTING_STRING(tls_ca_file)
|
||||
CONTEXT_SETTING_STRING(tls_cipher_list)
|
||||
|
||||
/**************************************/
|
||||
/**** ****/
|
||||
|
@ -5149,14 +5190,14 @@ getdns_context *_getdns_context_get_sys_ctxt(
|
|||
context->mf.mf.ext.free)))
|
||||
DEBUG_ANCHOR("Could not create system context: %s\n"
|
||||
, getdns_get_errorstr_by_id(r));
|
||||
|
||||
#ifndef USE_WINSOCK
|
||||
else if (*context->fchg_resolvconf.fn &&
|
||||
(r = getdns_context_set_resolvconf(
|
||||
context->sys_ctxt, context->fchg_resolvconf.fn)))
|
||||
DEBUG_ANCHOR("Could initialize system context with resolvconf "
|
||||
"\"%s\": %s\n", context->fchg_resolvconf.fn
|
||||
, getdns_get_errorstr_by_id(r));
|
||||
|
||||
#endif
|
||||
else if (*context->fchg_hosts.fn &&
|
||||
(r = getdns_context_set_hosts(
|
||||
context->sys_ctxt, context->fchg_hosts.fn)))
|
||||
|
@ -5186,49 +5227,79 @@ getdns_context *_getdns_context_get_sys_ctxt(
|
|||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_set_CApath(getdns_context *context, const char *CApath)
|
||||
getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path)
|
||||
{
|
||||
if (!context || !CApath)
|
||||
if (!context || !tls_ca_path)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (context->CApath)
|
||||
GETDNS_FREE(context->mf, context->CApath);
|
||||
context->CApath = _getdns_strdup(&context->mf, CApath);
|
||||
if (context->tls_ca_path)
|
||||
GETDNS_FREE(context->mf, context->tls_ca_path);
|
||||
context->tls_ca_path = _getdns_strdup(&context->mf, tls_ca_path);
|
||||
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_CAPATH);
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_PATH);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_get_CApath(getdns_context *context, const char **CApath)
|
||||
getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path)
|
||||
{
|
||||
if (!context || !CApath)
|
||||
if (!context || !tls_ca_path)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
|
||||
*CApath = context->CApath;
|
||||
*tls_ca_path = context->tls_ca_path;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_set_CAfile(getdns_context *context, const char *CAfile)
|
||||
getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file)
|
||||
{
|
||||
if (!context || !CAfile)
|
||||
if (!context || !tls_ca_file)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (context->CAfile)
|
||||
GETDNS_FREE(context->mf, context->CAfile);
|
||||
context->CAfile = _getdns_strdup(&context->mf, CAfile);
|
||||
if (context->tls_ca_file)
|
||||
GETDNS_FREE(context->mf, context->tls_ca_file);
|
||||
context->tls_ca_file = _getdns_strdup(&context->mf, tls_ca_file);
|
||||
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_CAFILE);
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_FILE);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_get_CAfile(getdns_context *context, const char **CAfile)
|
||||
getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file)
|
||||
{
|
||||
if (!context || !CAfile)
|
||||
if (!context || !tls_ca_file)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
|
||||
*CAfile = context->CAfile;
|
||||
*tls_ca_file = context->tls_ca_file;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_set_tls_cipher_list(
|
||||
getdns_context *context, const char *tls_cipher_list)
|
||||
{
|
||||
if (!context)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (context->tls_cipher_list)
|
||||
GETDNS_FREE(context->mf, context->tls_cipher_list);
|
||||
context->tls_cipher_list = tls_cipher_list
|
||||
? _getdns_strdup(&context->mf, tls_cipher_list)
|
||||
: NULL;
|
||||
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t
|
||||
getdns_context_get_tls_cipher_list(
|
||||
getdns_context *context, const char **tls_cipher_list)
|
||||
{
|
||||
if (!context || !tls_cipher_list)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
|
||||
*tls_cipher_list = context->tls_cipher_list
|
||||
? context->tls_cipher_list
|
||||
: _getdns_default_tls_cipher_list;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
|
||||
/* context.c */
|
||||
|
|
|
@ -205,6 +205,7 @@ typedef struct getdns_upstream {
|
|||
getdns_tls_hs_state_t tls_hs_state;
|
||||
getdns_auth_state_t tls_auth_state;
|
||||
unsigned tls_fallback_ok : 1;
|
||||
char *tls_cipher_list;
|
||||
/* Auth credentials*/
|
||||
char tls_auth_name[256];
|
||||
sha256_pin_t *tls_pubkey_pinset;
|
||||
|
@ -343,8 +344,9 @@ struct getdns_context {
|
|||
char *appdata_dir;
|
||||
_getdns_property can_write_appdata;
|
||||
|
||||
char *CApath;
|
||||
char *CAfile;
|
||||
char *tls_ca_path;
|
||||
char *tls_ca_file;
|
||||
char *tls_cipher_list;
|
||||
|
||||
getdns_upstreams *upstreams;
|
||||
uint16_t limit_outstanding_queries;
|
||||
|
@ -527,8 +529,6 @@ void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
|
|||
*/
|
||||
void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
|
||||
|
||||
char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
|
||||
|
||||
struct getdns_bindata *_getdns_bindata_copy(
|
||||
struct mem_funcs *mfs, size_t size, const uint8_t *data);
|
||||
|
||||
|
|
|
@ -1687,6 +1687,8 @@ getdns_context_set_dnssec_allowed_skew(getdns_context *context,
|
|||
* - `value` A SHA256 hash of the `SubjectPublicKeyInfo`
|
||||
* of the upstream, which will be used to authenticate
|
||||
* it.
|
||||
* - `tls_cipher_list` (a bindata) that is the string
|
||||
* of available ciphers specific for this upstream.
|
||||
* @return GETDNS_RETURN_GOOD when successful.
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when `context` or `upstream_list` was `NULL`
|
||||
* @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL when there were problems parsing
|
||||
|
|
|
@ -94,10 +94,12 @@ extern "C" {
|
|||
#define GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT "Change related to getdns_context_set_resolvconf"
|
||||
#define GETDNS_CONTEXT_CODE_HOSTS 630
|
||||
#define GETDNS_CONTEXT_CODE_HOSTS_TEXT "Change related to getdns_context_set_hosts"
|
||||
#define GETDNS_CONTEXT_CODE_CAPATH 631
|
||||
#define GETDNS_CONTEXT_CODE_CAPATH_TEXT "Change related to getdns_context_set_CApath"
|
||||
#define GETDNS_CONTEXT_CODE_CAFILE 632
|
||||
#define GETDNS_CONTEXT_CODE_CAFILE_TEXT "Change related to getdns_context_set_CAfile"
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CA_PATH 631
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT "Change related to getdns_context_set_tls_ca_path"
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CA_FILE 632
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT "Change related to getdns_context_set_tls_ca_file"
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST 633
|
||||
#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list"
|
||||
|
||||
/** @}
|
||||
*/
|
||||
|
@ -717,27 +719,39 @@ getdns_context_set_hosts(getdns_context *context, const char *hosts);
|
|||
/**
|
||||
* Specify where the location for CA certificates for verification purposes
|
||||
* are located.
|
||||
* @see getdns_context_get_CApath
|
||||
* @see getdns_context_set_CAfile
|
||||
* @see getdns_context_get_tls_ca_path
|
||||
* @see getdns_context_set_tls_ca_file
|
||||
* @param[in] context The context to configure
|
||||
* @param[in] CApath Directory with Certificate Authority certificates.
|
||||
* @param[in] tls_ca_path Directory with Certificate Authority certificates.
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_set_CApath(getdns_context *context, const char *CApath);
|
||||
getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path);
|
||||
|
||||
/**
|
||||
* Specify the file with CA certificates for verification purposes.
|
||||
* @see getdns_context_get_CAfile
|
||||
* @see getdns_context_set_CApath
|
||||
* @see getdns_context_get_tls_ca_file
|
||||
* @see getdns_context_set_tls_ca_path
|
||||
* @param[in] context The context to configure
|
||||
* @param[in] CAfile The file with Certificate Authority certificates.
|
||||
* @param[in] tls_ca_file The file with Certificate Authority certificates.
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_set_CAfile(getdns_context *context, const char *CAfile);
|
||||
getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file);
|
||||
|
||||
/**
|
||||
* Sets the list of available ciphers for authenticated TLS upstreams.
|
||||
* @see getdns_context_get_tls_cipher_list
|
||||
* @param[in] context The context to configure
|
||||
* @param[in] cipher_list The cipher list
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_set_tls_cipher_list(
|
||||
getdns_context *context, const char *cipher_list);
|
||||
|
||||
/**
|
||||
* Get the current resolution type setting from this context.
|
||||
|
@ -1222,29 +1236,42 @@ getdns_context_get_hosts(getdns_context *context, const char **hosts);
|
|||
/**
|
||||
* Get the location of the directory for CA certificates for verification
|
||||
* purposes.
|
||||
* @see getdns_context_set_CApath
|
||||
* @see getdns_context_get_CAfile
|
||||
* @see getdns_context_set_tls_ca_path
|
||||
* @see getdns_context_get_tls_ca_file
|
||||
* @param[in] context The context to configure
|
||||
* @param[out] CApath Directory with Certificate Authority certificates
|
||||
* @param[out] tls_ca_path Directory with Certificate Authority certificates
|
||||
* or NULL when one was not configured.
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_get_CApath(getdns_context *context, const char **CApath);
|
||||
getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path);
|
||||
|
||||
/**
|
||||
* Get the file location with CA certificates for verification purposes.
|
||||
* @see getdns_context_set_CAfile
|
||||
* @see getdns_context_get_CApath
|
||||
* @see getdns_context_set_tls_ca_file
|
||||
* @see getdns_context_get_tls_ca_path
|
||||
* @param[in] context The context to configure
|
||||
* @param[out] CAfile The file with Certificate Authority certificates
|
||||
* @param[out] tls_ca_file The file with Certificate Authority certificates
|
||||
* or NULL when one was not configured.
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_get_CAfile(getdns_context *context, const char **CAfile);
|
||||
getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file);
|
||||
|
||||
/**
|
||||
* Get the list of available ciphers for authenticated TLS upstreams.
|
||||
* @see getdns_context_set_tls_cipher_list
|
||||
* @param[in] context The context configure
|
||||
* @param[out] cipher_list The cipher list
|
||||
* @return GETDNS_RETURN_GOOD when successful
|
||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||
*/
|
||||
getdns_return_t
|
||||
getdns_context_get_tls_cipher_list(
|
||||
getdns_context *context, const char **cipher_list);
|
||||
|
||||
|
||||
/** @}
|
||||
*/
|
||||
|
|
|
@ -7,8 +7,6 @@ getdns_context_create_with_extended_memory_functions
|
|||
getdns_context_create_with_memory_functions
|
||||
getdns_context_destroy
|
||||
getdns_context_detach_eventloop
|
||||
getdns_context_get_CAfile
|
||||
getdns_context_get_CApath
|
||||
getdns_context_get_api_information
|
||||
getdns_context_get_append_name
|
||||
getdns_context_get_dns_root_servers
|
||||
|
@ -35,6 +33,9 @@ getdns_context_get_suffix
|
|||
getdns_context_get_timeout
|
||||
getdns_context_get_tls_authentication
|
||||
getdns_context_get_tls_backoff_time
|
||||
getdns_context_get_tls_ca_file
|
||||
getdns_context_get_tls_ca_path
|
||||
getdns_context_get_tls_cipher_list
|
||||
getdns_context_get_tls_connection_retries
|
||||
getdns_context_get_tls_query_padding_blocksize
|
||||
getdns_context_get_trust_anchors_url
|
||||
|
@ -44,8 +45,6 @@ getdns_context_get_update_callback
|
|||
getdns_context_get_upstream_recursive_servers
|
||||
getdns_context_process_async
|
||||
getdns_context_run
|
||||
getdns_context_set_CAfile
|
||||
getdns_context_set_CApath
|
||||
getdns_context_set_appdata_dir
|
||||
getdns_context_set_append_name
|
||||
getdns_context_set_context_update_callback
|
||||
|
@ -77,6 +76,9 @@ getdns_context_set_suffix
|
|||
getdns_context_set_timeout
|
||||
getdns_context_set_tls_authentication
|
||||
getdns_context_set_tls_backoff_time
|
||||
getdns_context_set_tls_ca_file
|
||||
getdns_context_set_tls_ca_path
|
||||
getdns_context_set_tls_cipher_list
|
||||
getdns_context_set_tls_connection_retries
|
||||
getdns_context_set_tls_query_padding_blocksize
|
||||
getdns_context_set_trust_anchors_url
|
||||
|
|
|
@ -986,9 +986,12 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
SSL_set_cipher_list(ssl, "DEFAULT");
|
||||
DEBUG_STUB("%s %-35s: WARNING: Using Oppotunistic TLS (fallback allowed)!\n",
|
||||
STUB_DEBUG_SETUP_TLS, __FUNC__);
|
||||
} else
|
||||
} else {
|
||||
if (upstream->tls_cipher_list)
|
||||
SSL_set_cipher_list(ssl, upstream->tls_cipher_list);
|
||||
DEBUG_STUB("%s %-35s: Using Strict TLS \n", STUB_DEBUG_SETUP_TLS,
|
||||
__FUNC__);
|
||||
}
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback);
|
||||
|
||||
SSL_set_connect_state(ssl);
|
||||
|
|
|
@ -144,6 +144,8 @@
|
|||
uint16_t payload_size;
|
||||
uint8_t do_bit;
|
||||
getdns_transport_t trans;
|
||||
int upstream_is_dnsmasq = 0;
|
||||
getdns_bindata *version_str = NULL;
|
||||
|
||||
/* Note that stricly this test just establishes that the requested transport
|
||||
and the reported transport are consistent, it does not guarentee which
|
||||
|
@ -156,6 +158,7 @@
|
|||
ASSERT_RC(getdns_dict_set_int(extensions,"return_call_reporting", GETDNS_EXTENSION_TRUE),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
|
||||
|
||||
|
||||
/* Request a response that should be truncated over UDP */
|
||||
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_ONLY),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
|
||||
|
@ -163,6 +166,15 @@
|
|||
GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport()");
|
||||
ck_assert_msg(trans == 541, "dns_transport should be 541(GETDNS_TRANSPORT_UDP_ONLY) but got %d", (int)trans);
|
||||
|
||||
ASSERT_RC(getdns_dict_set_int(extensions,"specify_class", GETDNS_RRCLASS_CH),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
|
||||
ASSERT_RC(getdns_general_sync(context, "version.bind.", GETDNS_RRTYPE_TXT, extensions, &response),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
|
||||
(void) getdns_dict_get_bindata(response, "/replies_tree/0/answer/0/rdata/txt_strings/0", &version_str);
|
||||
upstream_is_dnsmasq = version_str && version_str->size > 7 &&
|
||||
strncmp((char *)version_str->data, "dnsmasq", 7) == 0;
|
||||
ASSERT_RC(getdns_dict_set_int(extensions,"specify_class", GETDNS_RRCLASS_IN),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
|
||||
|
||||
ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_edns_maximum_udp_payload_size()");
|
||||
|
@ -187,35 +199,36 @@
|
|||
ASSERT_RC(type, GETDNS_RESOLUTION_STUB, "Query did not use stub mode");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/replies_tree/0/header/tc", &tc),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
|
||||
ASSERT_RC(tc, 1, "Packet not trucated as expected");
|
||||
if (!upstream_is_dnsmasq) {
|
||||
ASSERT_RC(tc, 1, "Packet not truncated as expected");
|
||||
|
||||
/* Re-do over TCP */
|
||||
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
|
||||
/* Re-do over TCP */
|
||||
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
|
||||
|
||||
ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
|
||||
|
||||
ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/call_reporting/0/transport", &transport),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"transport\"");
|
||||
ASSERT_RC(transport, GETDNS_TRANSPORT_TCP, "Query did not go over TCP");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/replies_tree/0/header/tc", &tc),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
|
||||
ASSERT_RC(tc, 0, "Packet trucated - not as expected");
|
||||
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/call_reporting/0/transport", &transport),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"transport\"");
|
||||
ASSERT_RC(transport, GETDNS_TRANSPORT_TCP, "Query did not go over TCP");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/replies_tree/0/header/tc", &tc),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
|
||||
ASSERT_RC(tc, 0, "Packet trucated - not as expected");
|
||||
|
||||
/* Now let it fall back to TCP */
|
||||
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
|
||||
ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
|
||||
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/call_reporting/0/transport", &transport),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"transport\"");
|
||||
ASSERT_RC(transport, GETDNS_TRANSPORT_TCP, "Query did not go over TCP");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/replies_tree/0/header/tc", &tc),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
|
||||
ASSERT_RC(tc, 0, "Packet trucated - not as expected");
|
||||
/* Now let it fall back to TCP */
|
||||
ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
|
||||
ASSERT_RC(getdns_general_sync(context, "large.getdnsapi.net", GETDNS_RRTYPE_TXT, extensions, &response),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_general_sync()");
|
||||
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/call_reporting/0/transport", &transport),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"transport\"");
|
||||
ASSERT_RC(transport, GETDNS_TRANSPORT_TCP, "Query did not go over TCP");
|
||||
ASSERT_RC(getdns_dict_get_int(response, "/replies_tree/0/header/tc", &tc),
|
||||
GETDNS_RETURN_GOOD, "Failed to extract \"tc\"");
|
||||
ASSERT_RC(tc, 0, "Packet trucated - not as expected");
|
||||
}
|
||||
ASSERT_RC(getdns_context_unset_edns_maximum_udp_payload_size(context),
|
||||
GETDNS_RETURN_GOOD, "Return code from getdns_context_unset_edns_maximum_udp_payload_size()");
|
||||
|
||||
|
|
|
@ -91,7 +91,9 @@ static int async = 0, interactive = 0;
|
|||
static enum { GENERAL, ADDRESS, HOSTNAME, SERVICE } calltype = GENERAL;
|
||||
static int bogus_answers = 0;
|
||||
static int check_dnssec = 0;
|
||||
#ifndef USE_WINSOCK
|
||||
static char *resolvconf = NULL;
|
||||
#endif
|
||||
static int print_api_info = 0, print_trust_anchors = 0;
|
||||
|
||||
static int get_rrtype(const char *t)
|
||||
|
@ -256,8 +258,10 @@ print_usage(FILE *out, const char *progname)
|
|||
fprintf(out, "\t\t(should look like '" EXAMPLE_PIN "')\n");
|
||||
fprintf(out, "\t-m\tSet TLS authentication mode to REQUIRED\n");
|
||||
fprintf(out, "\t-n\tSet TLS authentication mode to NONE (default)\n");
|
||||
#ifndef USE_WINSOCK
|
||||
fprintf(out, "\t-o <filename>\tSet resolver configuration file path\n");
|
||||
fprintf(out, "\t\t(default = %s)\n", GETDNS_FN_RESOLVCONF);
|
||||
#endif
|
||||
fprintf(out, "\t-p\tPretty print response dict (default)\n");
|
||||
fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n"
|
||||
"\t\t(special values: 0: no padding, 1: sensible default policy)\n");
|
||||
|
@ -824,6 +828,7 @@ getdns_return_t parse_args(int argc, char **argv)
|
|||
getdns_context_set_tls_authentication(context,
|
||||
GETDNS_AUTHENTICATION_REQUIRED);
|
||||
break;
|
||||
#ifndef USE_WINSOCK
|
||||
case 'o':
|
||||
if (c[1] != 0 || ++i >= argc || !*argv[i]) {
|
||||
fprintf(stderr, "<filename>"
|
||||
|
@ -832,6 +837,7 @@ getdns_return_t parse_args(int argc, char **argv)
|
|||
}
|
||||
resolvconf = argv[i];
|
||||
break;
|
||||
#endif
|
||||
case 'P':
|
||||
if (c[1] != 0 || ++i >= argc || !*argv[i]) {
|
||||
fprintf(stderr, "tls_query_padding_blocksize "
|
||||
|
@ -1733,6 +1739,7 @@ main(int argc, char **argv)
|
|||
|
||||
if ((r = parse_args(argc, argv)) && r != CONTINUE)
|
||||
goto done_destroy_context;
|
||||
#ifndef USE_WINSOCK
|
||||
if (resolvconf) {
|
||||
if ((r = getdns_context_set_resolvconf(context, resolvconf))) {
|
||||
fprintf(stderr, "Problem initializing with resolvconf: %d\n", (int)r);
|
||||
|
@ -1741,6 +1748,7 @@ main(int argc, char **argv)
|
|||
if ((r = parse_args(argc, argv)))
|
||||
goto done_destroy_context;
|
||||
}
|
||||
#endif
|
||||
if (print_api_info) {
|
||||
getdns_dict *api_information =
|
||||
getdns_context_get_api_information(context);
|
||||
|
|
2
stubby
2
stubby
|
@ -1 +1 @@
|
|||
Subproject commit 3d0766f832368ff249020fc5101cca1a41a98620
|
||||
Subproject commit f0b330454b95a07106af33b1869b7cd18cfaebf2
|
Loading…
Reference in New Issue