From 767ca21bc075477121a7f1e07827ce25f12d8512 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 19:02:51 +0100
Subject: [PATCH 001/140] Debugging for anchor management

---
 configure.ac |  7 +++++++
 src/debug.h  | 10 +++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 2d5deeab..89f07be8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -201,6 +201,13 @@ case "$enable_debug_server" in
 	no|*)
 		;;
 esac
+case "$enable_debug_anchor" in
+	yes)
+		AC_DEFINE_UNQUOTED([ANCHOR_DEBUG], [1], [Define this enable printing of anchor debugging messages.])
+		;;
+	no|*)
+		;;
+esac
 
 
 dnl  Hidden debugging options
diff --git a/src/debug.h b/src/debug.h
index 9c5fa6f1..60c2c5a4 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -139,12 +139,20 @@
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+#include <time.h>
+#define DEBUG_ANCHOR(...) DEBUG_ON(__VA_ARGS__)
+#else
+#define DEBUG_ANCHOR(...) DEBUG_OFF(__VA_ARGS__)
+#endif
+
 #if (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
     (defined(STUB_DEBUG)   && STUB_DEBUG)   || \
     (defined(DAEMON_DEBUG) && DAEMON_DEBUG) || \
     (defined(SEC_DEBUG)    && SEC_DEBUG)    || \
     (defined(SERVER_DEBUG) && SERVER_DEBUG) || \
-    (defined(MDNS_DEBUG)   && MDNS_DEBUG)
+    (defined(MDNS_DEBUG)   && MDNS_DEBUG)   || \
+    (defined(ANCHOR_DEBUG) && ANCHOR_DEBUG)
 #define DEBUGGING 1
 #endif
 

From edecca8b633c00955dbe29f67dca27aacf2ae1c7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 27 Mar 2017 09:21:29 -0500
Subject: [PATCH 002/140] smime verification of root-anchors.xml in ~/.getdns

---
 configure.ac             |   2 +
 spec/example/Makefile.in |  24 +--
 src/Makefile.in          | 427 ++++++++++++++-------------------------
 src/anchor.c             | 305 ++++++++++++++++++++++++++++
 src/anchor.h             |  42 ++++
 src/context.c            |   4 +-
 src/test/Makefile.in     |  71 ++-----
 src/tools/Makefile.in    |   7 +-
 8 files changed, 539 insertions(+), 343 deletions(-)
 create mode 100644 src/anchor.c
 create mode 100644 src/anchor.h

diff --git a/configure.ac b/configure.ac
index 31de7f16..bc0c6e84 100644
--- a/configure.ac
+++ b/configure.ac
@@ -155,6 +155,7 @@ AC_ARG_ENABLE(debug-stub, AC_HELP_STRING([--enable-debug-stub], [Enable stub deb
 AC_ARG_ENABLE(debug-daemon, AC_HELP_STRING([--enable-debug-daemon], [Enable daemon debugging messages]))
 AC_ARG_ENABLE(debug-sec, AC_HELP_STRING([--enable-debug-sec], [Enable dnssec debugging messages]))
 AC_ARG_ENABLE(debug-server, AC_HELP_STRING([--enable-debug-server], [Enable server debugging messages]))
+AC_ARG_ENABLE(debug-anchor, AC_HELP_STRING([--enable-debug-anchor], [Enable anchor debugging messages]))
 AC_ARG_ENABLE(all-debugging, AC_HELP_STRING([--enable-all-debugging], [Enable scheduling, stub and dnssec debugging]))
 case "$enable_all_debugging" in
 	yes)
@@ -163,6 +164,7 @@ case "$enable_all_debugging" in
 		enable_debug_daemon=yes
 		enable_debug_sec=yes
 		enable_debug_server=yes
+		enable_debug_anchor=yes
 		;;
 	no|*)
 		;;
diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 8ff7f2d1..7bf5e016 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,24 +149,16 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index c1cb8f12..4813b6e7 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -67,7 +67,7 @@ C99COMPATFLAGS=@C99COMPATFLAGS@
 
 DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
 
-GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
+GETDNS_OBJ=anchor.lo const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
 	rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
 	mdns.lo
@@ -216,287 +216,170 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
- $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+anchor.lo anchor.o: $(srcdir)/anchor.c config.h $(srcdir)/debug.h $(srcdir)/anchor.h getdns/getdns.h
+const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
+ $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h \
+ $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/parseutil.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
+ config.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
- $(srcdir)/convert.h $(srcdir)/general.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- getdns/getdns_extra.h \
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
- getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/stub.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
+ $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
+stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
+ getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
+ $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
  $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
- config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+version.lo version.o: version.c
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
- config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
- config.h \
- $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
- config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
- config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
- config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
- config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
- config.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
 getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
- config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
- config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
- config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
- config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
- config.h
-locks.lo locks.o: $(srcdir)/util/locks.c \
- config.h \
- $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
- config.h \
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
+locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/util/storage/lookup3.h \
+ $(srcdir)/util/lookup3.h $(srcdir)/util/orig-headers/lookup3.h
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/util/storage/lruhash.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
  $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
  $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/extension/select_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h \
+ getdns/getdns_extra.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h \
+ getdns/getdns_extra.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
+ getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h \
+ getdns/getdns_extra.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
+ $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h config.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
+ $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
diff --git a/src/anchor.c b/src/anchor.c
new file mode 100644
index 00000000..4db8cef5
--- /dev/null
+++ b/src/anchor.c
@@ -0,0 +1,305 @@
+/**
+ *
+ * /brief functions for DNSSEC trust anchor management
+ */
+/*
+ * Copyright (c) 2017, NLnet Labs, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "debug.h"
+#include "anchor.h"
+#include <expat.h>
+#include <fcntl.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+#define P7SIGNER "dnssec@iana.org"
+
+static const char*
+get_builtin_cert(void)
+{
+	return
+/* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
+"-----BEGIN CERTIFICATE-----\n"
+"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
+"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
+"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
+"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
+"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
+"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
+"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
+"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
+"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
+"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
+"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
+"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
+"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
+"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
+"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
+"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
+"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
+"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
+"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
+"-----END CERTIFICATE-----\n";
+}
+
+/* get key usage out of its extension, returns 0 if no key_usage extension */
+static unsigned long
+get_usage_of_ex(X509* cert)
+{
+	unsigned long val = 0;
+	ASN1_BIT_STRING* s;
+	if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
+		if(s->length > 0) {
+			val = s->data[0];
+			if(s->length > 1)
+				val |= s->data[1] << 8;
+		}
+		ASN1_BIT_STRING_free(s);
+	}
+	return val;
+}
+
+/** get valid signers from the list of signers in the signature */
+static STACK_OF(X509)*
+get_valid_signers(PKCS7* p7, const char* p7signer)
+{
+	const int verb = 5;
+	int i;
+	STACK_OF(X509)* validsigners = sk_X509_new_null();
+	STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0);
+	unsigned long usage = 0;
+	if(!validsigners) {
+		if(verb) printf("out of memory\n");
+		sk_X509_free(signers);
+		return NULL;
+	}
+	if(!signers) {
+		if(verb) printf("no signers in pkcs7 signature\n");
+		sk_X509_free(validsigners);
+		return NULL;
+	}
+	for(i=0; i<sk_X509_num(signers); i++) {
+		X509_NAME* nm = X509_get_subject_name(
+			sk_X509_value(signers, i));
+		char buf[1024];
+		if(!nm) {
+			if(verb) printf("signer %d: cert has no subject name\n", i);
+			continue;
+		}
+		if(verb && nm) {
+			char* nmline = X509_NAME_oneline(nm, buf,
+				(int)sizeof(buf));
+			printf("signer %d: Subject: %s\n", i,
+				nmline?nmline:"no subject");
+			if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
+				NID_commonName, buf, (int)sizeof(buf)))
+				printf("commonName: %s\n", buf);
+			if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
+				NID_pkcs9_emailAddress, buf, (int)sizeof(buf)))
+				printf("emailAddress: %s\n", buf);
+		}
+		if(verb) {
+			int ku_loc = X509_get_ext_by_NID(
+				sk_X509_value(signers, i), NID_key_usage, -1);
+			if(verb >= 3 && ku_loc >= 0) {
+				X509_EXTENSION *ex = X509_get_ext(
+					sk_X509_value(signers, i), ku_loc);
+				if(ex) {
+					printf("keyUsage: ");
+					X509V3_EXT_print_fp(stdout, ex, 0, 0);
+					printf("\n");
+				}
+			}
+		}
+		if(!p7signer || strcmp(p7signer, "")==0) {
+			/* there is no name to check, return all records */
+			if(verb) printf("did not check commonName of signer\n");
+		} else {
+			if(!X509_NAME_get_text_by_NID(nm,
+				NID_pkcs9_emailAddress,
+				buf, (int)sizeof(buf))) {
+				if(verb) printf("removed cert with no name\n");
+				continue; /* no name, no use */
+			}
+			if(strcmp(buf, p7signer) != 0) {
+				if(verb) printf("removed cert with wrong name\n");
+				continue; /* wrong name, skip it */
+			}
+		}
+
+		/* check that the key usage allows digital signatures
+		 * (the p7s) */
+		usage = get_usage_of_ex(sk_X509_value(signers, i));
+		if(!(usage & KU_DIGITAL_SIGNATURE)) {
+			if(verb) printf("removed cert with no key usage Digital Signature allowed\n");
+			continue;
+		}
+
+		/* we like this cert, add it to our list of valid
+		 * signers certificates */
+		sk_X509_push(validsigners, sk_X509_value(signers, i));
+	}
+	sk_X509_free(signers);
+	return validsigners;
+}
+
+static int
+verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
+{
+	const int verb = 5;
+	PKCS7* p7;
+	STACK_OF(X509)* validsigners;
+	int secure = 0;
+#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
+	X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
+	if(!param) {
+		if(verb) printf("out of memory\n");
+		X509_STORE_free(store);
+		return 0;
+	}
+	/* do the selfcheck on the root certificate; it checks that the
+	 * input is valid */
+	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE);
+	if(store) X509_STORE_set1_param(store, param);
+#endif
+	if(!store) {
+		if(verb) printf("out of memory\n");
+#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
+		X509_VERIFY_PARAM_free(param);
+#endif
+		return 0;
+	}
+#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
+	X509_VERIFY_PARAM_free(param);
+#endif
+
+	(void)BIO_reset(p7s);
+	(void)BIO_reset(data);
+
+	/* convert p7s to p7 (the signature) */
+	p7 = d2i_PKCS7_bio(p7s, NULL);
+	if(!p7) {
+		if(verb) printf("could not parse p7s signature file\n");
+		X509_STORE_free(store);
+		return 0;
+	}
+	if(verb >= 2) printf("parsed the PKCS7 signature\n");
+
+	/* check what is in the Subject name of the certificates,
+	 * and build a stack that contains only the right certificates */
+	validsigners = get_valid_signers(p7, p7signer);
+	if(!validsigners) {
+		PKCS7_free(p7);
+		return 0;
+	}
+	BIO *out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+	BIO_printf(out, "Hello World\n");
+	if(PKCS7_verify(p7, validsigners, store, data, out, PKCS7_NOINTERN) == 1) {
+		secure = 1;
+		if(verb) printf("the PKCS7 signature verified\n");
+	} else {
+		if(verb) printf("the PKCS7 signature did not verify\n");
+		if(verb) {
+			ERR_print_errors_fp(stdout);
+		}
+	}
+	BIO_free(out);
+
+	sk_X509_free(validsigners);
+	PKCS7_free(p7);
+	return secure;
+}
+
+void _getdns_context_equip_with_anchor(getdns_context *context)
+{
+	char fn[1024];
+	int xml_fd, p7s_fd;
+	int n;
+	BIO *xml, *p7s, *crt;
+	X509 *x;
+	X509_STORE *store;
+	char *crt_str;
+
+	DEBUG_ANCHOR("entering %s\n", __FUNC__);
+	
+	n = snprintf( fn, sizeof(fn)
+	            , "%s/.getdns/root-anchors.xml", getenv("HOME"));
+
+	if (n < 0 || n >= (int)sizeof(fn))
+		return;
+
+	if ((xml_fd = open(fn, O_RDONLY)) < 0)
+		return;
+
+	(void) snprintf( fn, sizeof(fn)
+	               , "%s/.getdns/root-anchors.p7s", getenv("HOME"));
+
+	if ((p7s_fd = open(fn, O_RDONLY)) < 0) {
+		close(xml_fd);
+		return;
+	}
+	if (!(xml = BIO_new_fd(xml_fd, 1))) {
+		close(xml_fd);
+		close(p7s_fd);
+		return;
+	}
+	if (!(p7s = BIO_new_fd(p7s_fd, 1))) {
+		BIO_free(xml);
+		close(p7s_fd);
+		return;
+	}
+	if (!(crt_str = strdup(get_builtin_cert())))
+		goto error_free_xml;
+	if (!(crt = BIO_new_mem_buf(crt_str, (int)strlen(crt_str))))
+		goto error_free_str;
+       	if (!(store = X509_STORE_new()))
+		goto error_free_crt;
+	if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
+		goto error_free_store;
+	if (!X509_STORE_add_cert(store, x))
+		goto error_free_store;
+	if (verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
+		DEBUG_ANCHOR("Verifying trust-anchors SUCCEEDED, Yay!\n");
+		;
+	} else {
+		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
+		;
+	}
+error_free_store:
+	X509_STORE_free(store);
+error_free_crt:
+	BIO_free(crt);
+error_free_str:
+	free(crt_str);
+error_free_xml:
+	BIO_free(xml);
+	BIO_free(p7s);
+}
+
+/* anchor.c */
diff --git a/src/anchor.h b/src/anchor.h
new file mode 100644
index 00000000..db63a452
--- /dev/null
+++ b/src/anchor.h
@@ -0,0 +1,42 @@
+/**
+ *
+ * /brief functions for DNSSEC trust anchor management
+ *
+ */
+
+/*
+ * Copyright (c) 2017, NLnet Labs
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ANCHOR_H_
+#define ANCHOR_H_
+
+#include "getdns/getdns.h"
+
+void _getdns_context_equip_with_anchor(getdns_context *context);
+
+#endif
+/* anchor.h */
diff --git a/src/context.c b/src/context.c
index c52f770b..14b46721 100644
--- a/src/context.c
+++ b/src/context.c
@@ -35,6 +35,7 @@
  */
 
 #include "config.h"
+#include "anchor.h"
 
 #ifndef USE_WINSOCK
 #include <arpa/inet.h>
@@ -67,7 +68,6 @@ typedef unsigned short in_port_t;
 #endif
 #include <stdbool.h>
 
-#include "config.h"
 #ifdef HAVE_LIBUNBOUND
 #include <unbound.h>
 #endif
@@ -1429,6 +1429,8 @@ getdns_context_create_with_extended_memory_functions(
 	} else
 		result->trust_anchors = result->trust_anchors_spc;
 
+	_getdns_context_equip_with_anchor(result);
+
 	result->upstreams = NULL;
 
 	result->edns_extended_rcode = 0;
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 758435c1..c481fdab 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -216,13 +216,10 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
- ../getdns/getdns.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
- $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
- $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
+ $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
+ $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -242,58 +239,34 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
- ../getdns/getdns.h \
- ../config.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
+ ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+ ../getdns/getdns.h ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
- ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
- ../config.h \
- $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index d066e824..d98cf437 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,8 +113,5 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
- ../config.h \
- $(srcdir)/../debug.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h

From b0af051809645e1e8bbff79d9569c5cf3d494f55 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 20 Jun 2017 12:20:11 +0200
Subject: [PATCH 003/140] Initialize in correct order

---
 src/context.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index 10a7c56f..4bfc8a24 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1430,8 +1430,6 @@ getdns_context_create_with_extended_memory_functions(
 	} else
 		result->trust_anchors = result->trust_anchors_spc;
 
-	_getdns_context_equip_with_anchor(result);
-
 	result->upstreams = NULL;
 
 	result->edns_extended_rcode = 0;
@@ -1500,7 +1498,15 @@ getdns_context_create_with_extended_memory_functions(
 #endif
 	/* Only initialise SSL once and ideally in a thread-safe manner */
 	if (ssl_init == false) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+		OpenSSL_add_all_algorithms();
 		SSL_library_init();
+#else
+		OPENSSL_init_crypto( OPENSSL_INIT_ADD_ALL_CIPHERS
+		                   | OPENSSL_INIT_ADD_ALL_DIGESTS
+		                   | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+		(void)OPENSSL_init_ssl(0, NULL);
+#endif
 		ssl_init = true;
 	}
 #ifdef HAVE_PTHREAD
@@ -1508,6 +1514,7 @@ getdns_context_create_with_extended_memory_functions(
 #else
 	/* XXX implement Windows-style unlock here */
 #endif
+	_getdns_context_equip_with_anchor(result);
 
 #ifdef HAVE_LIBUNBOUND
 	result->unbound_ctx = NULL;

From e496d13777976c926a9a1532524a1abfa33d9654 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 20 Jun 2017 15:38:32 +0200
Subject: [PATCH 004/140] Start with getting files from user area

---
 src/anchor.c  | 203 ++++++++++++++++++++------------------------------
 src/context.c |  33 ++++++++
 src/context.h |   3 +
 src/debug.h   |   3 +
 4 files changed, 119 insertions(+), 123 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 4db8cef5..9a2f76d1 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -37,14 +37,13 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+#include "types-internal.h"
+#include "context.h"
 
 #define P7SIGNER "dnssec@iana.org"
 
-static const char*
-get_builtin_cert(void)
-{
-	return
 /* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
+static const char* _getdns_builtin_cert = 
 "-----BEGIN CERTIFICATE-----\n"
 "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
 "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
@@ -66,14 +65,14 @@ get_builtin_cert(void)
 "0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
 "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
 "-----END CERTIFICATE-----\n";
-}
 
 /* get key usage out of its extension, returns 0 if no key_usage extension */
 static unsigned long
-get_usage_of_ex(X509* cert)
+_getdns_get_usage_of_ex(X509* cert)
 {
 	unsigned long val = 0;
 	ASN1_BIT_STRING* s;
+
 	if((s=X509_get_ext_d2i(cert, NID_key_usage, NULL, NULL))) {
 		if(s->length > 0) {
 			val = s->data[0];
@@ -89,75 +88,57 @@ get_usage_of_ex(X509* cert)
 static STACK_OF(X509)*
 get_valid_signers(PKCS7* p7, const char* p7signer)
 {
-	const int verb = 5;
 	int i;
 	STACK_OF(X509)* validsigners = sk_X509_new_null();
 	STACK_OF(X509)* signers = PKCS7_get0_signers(p7, NULL, 0);
 	unsigned long usage = 0;
 	if(!validsigners) {
-		if(verb) printf("out of memory\n");
+		DEBUG_ANCHOR("ERROR %s(): Failed to allocated validsigners\n"
+		            , __FUNC__);
 		sk_X509_free(signers);
 		return NULL;
 	}
 	if(!signers) {
-		if(verb) printf("no signers in pkcs7 signature\n");
+		DEBUG_ANCHOR("ERROR %s(): Failed to allocated signers\n"
+		            , __FUNC__);
 		sk_X509_free(validsigners);
 		return NULL;
 	}
 	for(i=0; i<sk_X509_num(signers); i++) {
+		char buf[1024];
 		X509_NAME* nm = X509_get_subject_name(
 			sk_X509_value(signers, i));
-		char buf[1024];
 		if(!nm) {
-			if(verb) printf("signer %d: cert has no subject name\n", i);
+			DEBUG_ANCHOR("%s(): cert %d has no subject name\n"
+				    , __FUNC__, i);
 			continue;
 		}
-		if(verb && nm) {
-			char* nmline = X509_NAME_oneline(nm, buf,
-				(int)sizeof(buf));
-			printf("signer %d: Subject: %s\n", i,
-				nmline?nmline:"no subject");
-			if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
-				NID_commonName, buf, (int)sizeof(buf)))
-				printf("commonName: %s\n", buf);
-			if(verb >= 3 && X509_NAME_get_text_by_NID(nm,
-				NID_pkcs9_emailAddress, buf, (int)sizeof(buf)))
-				printf("emailAddress: %s\n", buf);
-		}
-		if(verb) {
-			int ku_loc = X509_get_ext_by_NID(
-				sk_X509_value(signers, i), NID_key_usage, -1);
-			if(verb >= 3 && ku_loc >= 0) {
-				X509_EXTENSION *ex = X509_get_ext(
-					sk_X509_value(signers, i), ku_loc);
-				if(ex) {
-					printf("keyUsage: ");
-					X509V3_EXT_print_fp(stdout, ex, 0, 0);
-					printf("\n");
-				}
-			}
-		}
 		if(!p7signer || strcmp(p7signer, "")==0) {
 			/* there is no name to check, return all records */
-			if(verb) printf("did not check commonName of signer\n");
+			DEBUG_ANCHOR("%s(): did not check commonName of signer\n"
+				    , __FUNC__);
 		} else {
 			if(!X509_NAME_get_text_by_NID(nm,
 				NID_pkcs9_emailAddress,
 				buf, (int)sizeof(buf))) {
-				if(verb) printf("removed cert with no name\n");
+				DEBUG_ANCHOR("%s(): removed cert with no name\n"
+					    , __FUNC__);
 				continue; /* no name, no use */
 			}
 			if(strcmp(buf, p7signer) != 0) {
-				if(verb) printf("removed cert with wrong name\n");
+				DEBUG_ANCHOR("%s(): removed cert with wrong name\n"
+					    , __FUNC__);
 				continue; /* wrong name, skip it */
 			}
 		}
 
 		/* check that the key usage allows digital signatures
 		 * (the p7s) */
-		usage = get_usage_of_ex(sk_X509_value(signers, i));
+		usage = _getdns_get_usage_of_ex(sk_X509_value(signers, i));
 		if(!(usage & KU_DIGITAL_SIGNATURE)) {
-			if(verb) printf("removed cert with no key usage Digital Signature allowed\n");
+			DEBUG_ANCHOR("%s(): removed cert with no key usage "
+			             "Digital Signature allowed\n"
+				    , __FUNC__);
 			continue;
 		}
 
@@ -170,47 +151,34 @@ get_valid_signers(PKCS7* p7, const char* p7signer)
 }
 
 static int
-verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
+_getdns_verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
 {
-	const int verb = 5;
 	PKCS7* p7;
 	STACK_OF(X509)* validsigners;
 	int secure = 0;
 #ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
 	X509_VERIFY_PARAM* param = X509_VERIFY_PARAM_new();
 	if(!param) {
-		if(verb) printf("out of memory\n");
-		X509_STORE_free(store);
+		DEBUG_ANCHOR("ERROR %s(): Failed to allocated param\n"
+		            , __FUNC__);
 		return 0;
 	}
 	/* do the selfcheck on the root certificate; it checks that the
 	 * input is valid */
 	X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CHECK_SS_SIGNATURE);
-	if(store) X509_STORE_set1_param(store, param);
-#endif
-	if(!store) {
-		if(verb) printf("out of memory\n");
-#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
-		X509_VERIFY_PARAM_free(param);
-#endif
-		return 0;
-	}
-#ifdef X509_V_FLAG_CHECK_SS_SIGNATURE
+	X509_STORE_set1_param(store, param);
 	X509_VERIFY_PARAM_free(param);
 #endif
-
 	(void)BIO_reset(p7s);
 	(void)BIO_reset(data);
 
 	/* convert p7s to p7 (the signature) */
 	p7 = d2i_PKCS7_bio(p7s, NULL);
 	if(!p7) {
-		if(verb) printf("could not parse p7s signature file\n");
-		X509_STORE_free(store);
+		DEBUG_ANCHOR("ERROR %s(): could not parse p7s signature file\n"
+		            , __FUNC__);
 		return 0;
 	}
-	if(verb >= 2) printf("parsed the PKCS7 signature\n");
-
 	/* check what is in the Subject name of the certificates,
 	 * and build a stack that contains only the right certificates */
 	validsigners = get_valid_signers(p7, p7signer);
@@ -218,19 +186,16 @@ verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
 		PKCS7_free(p7);
 		return 0;
 	}
-	BIO *out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
-	BIO_printf(out, "Hello World\n");
-	if(PKCS7_verify(p7, validsigners, store, data, out, PKCS7_NOINTERN) == 1) {
+	if(PKCS7_verify(p7, validsigners, store, data, NULL, PKCS7_NOINTERN) == 1) {
 		secure = 1;
-		if(verb) printf("the PKCS7 signature verified\n");
-	} else {
-		if(verb) printf("the PKCS7 signature did not verify\n");
-		if(verb) {
-			ERR_print_errors_fp(stdout);
-		}
 	}
-	BIO_free(out);
-
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+	else {
+		DEBUG_ANCHOR("ERROR %s(): the PKCS7 signature did not verify\n"
+		            , __FUNC__);
+		ERR_print_errors_cb(_getdns_ERR_print_errors_cb_f, NULL);
+	}
+#endif
 	sk_X509_free(validsigners);
 	PKCS7_free(p7);
 	return secure;
@@ -238,68 +203,60 @@ verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signer)
 
 void _getdns_context_equip_with_anchor(getdns_context *context)
 {
-	char fn[1024];
-	int xml_fd, p7s_fd;
-	int n;
-	BIO *xml, *p7s, *crt;
-	X509 *x;
-	X509_STORE *store;
-	char *crt_str;
+	uint8_t xml_spc[16384], *xml_data = xml_spc;
+	uint8_t p7s_spc[16384], *p7s_data = p7s_spc;
+	size_t xml_len, p7s_len;
 
-	DEBUG_ANCHOR("entering %s\n", __FUNC__);
+	BIO *xml = NULL, *p7s = NULL, *crt = NULL;
+	X509 *x = NULL;
+	X509_STORE *store = NULL;
+
+	if (!(xml_data = _getdns_context_get_priv_file(context,
+	    "root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
+		; /* pass */
+
+	else if (!(p7s_data = _getdns_context_get_priv_file(context,
+	    "root-anchors.p7s", p7s_spc, sizeof(p7s_spc), &p7s_len)))
+		; /* pass */
+
+	else if (!(xml = BIO_new_mem_buf(xml_data, xml_len)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
+		            , __FUNC__);
+
+	else if (!(p7s = BIO_new_mem_buf(p7s_data, p7s_len)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
+		            , __FUNC__);
 	
-	n = snprintf( fn, sizeof(fn)
-	            , "%s/.getdns/root-anchors.xml", getenv("HOME"));
+	else if (!(crt = BIO_new_mem_buf(_getdns_builtin_cert, -1)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
+		            , __FUNC__);
 
-	if (n < 0 || n >= (int)sizeof(fn))
-		return;
+	else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
+		DEBUG_ANCHOR("ERROR %s(): Parsing builtin certificate\n"
+		            , __FUNC__);
 
-	if ((xml_fd = open(fn, O_RDONLY)) < 0)
-		return;
+	else if (!(store = X509_STORE_new()))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating store\n"
+		            , __FUNC__);
 
-	(void) snprintf( fn, sizeof(fn)
-	               , "%s/.getdns/root-anchors.p7s", getenv("HOME"));
+	else if (!X509_STORE_add_cert(store, x))
+		DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
+		            , __FUNC__);
 
-	if ((p7s_fd = open(fn, O_RDONLY)) < 0) {
-		close(xml_fd);
-		return;
-	}
-	if (!(xml = BIO_new_fd(xml_fd, 1))) {
-		close(xml_fd);
-		close(p7s_fd);
-		return;
-	}
-	if (!(p7s = BIO_new_fd(p7s_fd, 1))) {
-		BIO_free(xml);
-		close(p7s_fd);
-		return;
-	}
-	if (!(crt_str = strdup(get_builtin_cert())))
-		goto error_free_xml;
-	if (!(crt = BIO_new_mem_buf(crt_str, (int)strlen(crt_str))))
-		goto error_free_str;
-       	if (!(store = X509_STORE_new()))
-		goto error_free_crt;
-	if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
-		goto error_free_store;
-	if (!X509_STORE_add_cert(store, x))
-		goto error_free_store;
-	if (verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
+	else if (_getdns_verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
 		DEBUG_ANCHOR("Verifying trust-anchors SUCCEEDED, Yay!\n");
-		;
 	} else {
 		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
-		;
 	}
-error_free_store:
-	X509_STORE_free(store);
-error_free_crt:
-	BIO_free(crt);
-error_free_str:
-	free(crt_str);
-error_free_xml:
-	BIO_free(xml);
-	BIO_free(p7s);
+	if (store)	X509_STORE_free(store);
+	if (x)		X509_free(x);
+	if (crt)	BIO_free(crt);
+	if (xml)	BIO_free(xml);
+	if (p7s)	BIO_free(p7s);
+	if (xml_data && xml_data != xml_spc)
+		GETDNS_FREE(context->mf, xml_data);
+	if (p7s_data && p7s_data != p7s_spc)
+		GETDNS_FREE(context->mf, p7s_data);
 }
 
 /* anchor.c */
diff --git a/src/context.c b/src/context.c
index 4bfc8a24..3d6144b6 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4456,4 +4456,37 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict)
 	return r;
 }
 
+uint8_t *_getdns_context_get_priv_file(getdns_context *context,
+    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz)
+{
+	char path[FILENAME_MAX];
+	int n;
+	FILE *f;
+
+	n = snprintf(path, sizeof(path), "%s/.getdns/%s", getenv("HOME"), fn);
+	if (n < 0 || n > FILENAME_MAX)
+		return NULL;
+
+	if (!(f = fopen(path, "r")))
+		return NULL;
+
+	if ((*file_sz = fread(buf, 1, buf_len, f)) < buf_len && feof(f))
+		; /* pass */
+
+	else if (fseek(f, 0, SEEK_END) < 0)
+		buf = NULL;
+
+	else if ((buf = GETDNS_XMALLOC(
+	    context->mf, uint8_t, (buf_len = ftell(f) + 1)))) {
+
+		rewind(f);
+		if ((*file_sz = fread(buf, 1, buf_len, f)) >= buf_len || !feof(f)) {
+			GETDNS_FREE(context->mf, buf);
+			buf = NULL;
+		}
+	}
+	(void) fclose(f);
+	return buf;
+}
+
 /* context.c */
diff --git a/src/context.h b/src/context.h
index 21090da1..862460b5 100644
--- a/src/context.h
+++ b/src/context.h
@@ -455,4 +455,7 @@ void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
 
 void _getdns_upstream_shutdown(getdns_upstream *upstream);
 
+uint8_t *_getdns_context_get_priv_file(getdns_context *context,
+    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
+
 #endif /* _GETDNS_CONTEXT_H_ */
diff --git a/src/debug.h b/src/debug.h
index 7f1766af..647d712f 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -179,6 +179,9 @@ static inline void debug_req(const char *msg, getdns_network_req *netreq)
     (defined(MDNS_DEBUG)   && MDNS_DEBUG)   || \
     (defined(ANCHOR_DEBUG) && ANCHOR_DEBUG)
 #define DEBUGGING 1
+static inline int
+_getdns_ERR_print_errors_cb_f(const char *str, size_t len, void *u)
+{ DEBUG_ON("%.*s (u: %p)\n", (int)len, str, u); return 1; }
 #endif
 
 #endif

From a7ed88fbed70fd71e06f5cee8902c454cf0469d7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 20 Jun 2017 16:00:37 +0200
Subject: [PATCH 005/140] Add yxml as submodule

---
 .gitmodules     |  3 +++
 src/Makefile.in | 24 +++++++++++++++++-------
 src/yxml        |  1 +
 3 files changed, 21 insertions(+), 7 deletions(-)
 create mode 160000 src/yxml

diff --git a/.gitmodules b/.gitmodules
index a79d3846..dacb1c18 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,6 @@
 	path = src/jsmn
 	url = https://github.com/getdnsapi/jsmn.git
 	branch = getdns
+[submodule "src/yxml"]
+	path = src/yxml
+	url = git://g.blicky.net/yxml.git
diff --git a/src/Makefile.in b/src/Makefile.in
index b0a3b0eb..b8168487 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -82,6 +82,7 @@ COMPAT_OBJ=$(LIBOBJS:.o=.lo)
 UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
 
 JSMN_OBJ=jsmn.lo
+YXML_OBJ=yxml.lo
 
 EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
 
@@ -114,6 +115,9 @@ $(UTIL_OBJ):
 $(JSMN_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
 
+$(YXML_OBJ):
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -I$(srcdir)/yxml -DYXML_GETDNS -Wno-unused-parameter -c $(srcdir)/yxml/$(@:.lo=.c) -o $@
+
 $(EXTENSION_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
 
@@ -154,8 +158,8 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
 
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 test: default
 	cd test && $(MAKE) $@
@@ -191,13 +195,14 @@ Makefile: $(srcdir)/Makefile.in ../config.status
 
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
+	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iyxml -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yxml/*.c extension/*.c| \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's? gldns/? $$(srcdir)/gldns/?g' \
 		    -e 's? compat/? $$(srcdir)/compat/?g' \
 		    -e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
 		    -e 's? util/? $$(srcdir)/util/?g' \
 		    -e 's? jsmn/? $$(srcdir)/jsmn/?g' \
+		    -e 's? yxml/? $$(srcdir)/yxml/?g' \
 		    -e 's? extension/? $$(srcdir)/extension/?g' \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
@@ -216,12 +221,16 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-anchor.lo anchor.o: $(srcdir)/anchor.c config.h $(srcdir)/debug.h $(srcdir)/anchor.h getdns/getdns.h
+anchor.lo anchor.o: $(srcdir)/anchor.c config.h $(srcdir)/debug.h $(srcdir)/anchor.h getdns/getdns.h \
+ $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h
 const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/anchor.h getdns/getdns.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
  $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
  $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
@@ -363,6 +372,7 @@ val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
+yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
 libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
  getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h \
diff --git a/src/yxml b/src/yxml
new file mode 160000
index 00000000..10f968b0
--- /dev/null
+++ b/src/yxml
@@ -0,0 +1 @@
+Subproject commit 10f968b0e78b9aeee357d0de81a46b445c3fb27b

From 631bf3fffcc943387ee4c4c2f910a8ea60f2abaa Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 20 Jun 2017 16:07:25 +0200
Subject: [PATCH 006/140] Copy yxml in distributions too

---
 Makefile.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Makefile.in b/Makefile.in
index 22350b55..2ea9bdfc 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -190,13 +190,13 @@ $(distdir):
 	mkdir -p $(distdir)/src
 	mkdir -p $(distdir)/src/getdns
 	mkdir -p $(distdir)/src/test
-	mkdir -p $(distdir)/src/test/jsmn
 	mkdir -p $(distdir)/src/extension
 	mkdir -p $(distdir)/src/compat
 	mkdir -p $(distdir)/src/util
 	mkdir -p $(distdir)/src/gldns
 	mkdir -p $(distdir)/src/tools
 	mkdir -p $(distdir)/src/jsmn
+	mkdir -p $(distdir)/src/yxml
 	mkdir -p $(distdir)/doc
 	mkdir -p $(distdir)/systemd
 	mkdir -p $(distdir)/spec
@@ -250,6 +250,9 @@ $(distdir):
 	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
 	cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn
+	cp $(srcdir)/src/yxml/*.[ch] $(distdir)/src/yxml
+	cp $(srcdir)/src/yxml/COPYING $(distdir)/src/yxml
+	cp $(srcdir)/src/yxml/yxml.pod $(distdir)/src/yxml
 	rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
 
 distcheck: $(distdir).tar.gz

From a2cf568190deac2d4fb2aa5e4a94eaab39475f7f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 00:36:26 +0200
Subject: [PATCH 007/140] RFC7958 root-anchors.xml parsing

---
 configure.ac |   2 +-
 src/anchor.c | 398 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 393 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 434df5c7..0b5d2bc9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -114,7 +114,7 @@ AC_SUBST(WPEDANTICFLAG)
 AC_SUBST(WNOERRORFLAG)
 
 case "$host_os" in
-  linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"
+  linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE"
   ;;
   solaris* ) CFLAGS="$CFLAGS -D__EXTENSIONS__"  # for strdup() from <string.h>
   ;;
diff --git a/src/anchor.c b/src/anchor.c
index 9a2f76d1..1fff63fb 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -32,18 +32,21 @@
 #include "config.h"
 #include "debug.h"
 #include "anchor.h"
-#include <expat.h>
 #include <fcntl.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
+#include <strings.h>
+#include <time.h>
 #include "types-internal.h"
 #include "context.h"
+#include "yxml/yxml.h"
+#include "gldns/parseutil.h"
 
 #define P7SIGNER "dnssec@iana.org"
 
 /* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
-static const char* _getdns_builtin_cert = 
+static char* _getdns_builtin_cert = 
 "-----BEGIN CERTIFICATE-----\n"
 "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
 "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
@@ -201,10 +204,381 @@ _getdns_verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signe
 	return secure;
 }
 
+typedef struct ta_iter {
+	uint8_t yxml_buf[4096];
+	yxml_t x;
+
+	const char *start;
+	const char *ptr;
+	const char *end;
+
+	char  zone[1024];
+
+	time_t validFrom;
+	time_t validUntil;
+
+	char  keytag[6];
+	char  algorithm[4];
+	char  digesttype[4];
+	char  digest[2048];
+} ta_iter;
+
+/**
+ * XML convert DateTime element to time_t.
+ * [-]CCYY-MM-DDThh:mm:ss[Z|(+|-)hh:mm]
+ * (with optional .ssssss fractional seconds)
+ * @param str: the string
+ * @return a time_t representation or 0 on failure.
+ */
+static time_t
+xml_convertdate(const char* str)
+{
+	time_t t = 0;
+	struct tm tm;
+	const char* s;
+	/* for this application, ignore minus in front;
+	 * only positive dates are expected */
+	s = str;
+	if(s[0] == '-') s++;
+	memset(&tm, 0, sizeof(tm));
+	/* parse initial content of the string (lots of whitespace allowed) */
+	s = strptime(s, "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
+	if(!s) {
+		DEBUG_ANCHOR("xml_convertdate parse failure %s\n", str);
+		return 0;
+	}
+	/* parse remainder of date string */
+	if(*s == '.') {
+		/* optional '.' and fractional seconds */
+		int frac = 0, n = 0;
+		if(sscanf(s+1, "%d%n", &frac, &n) < 1) {
+			DEBUG_ANCHOR("xml_convertdate f failure %s\n", str);
+			return 0;
+		}
+		/* fraction is not used, time_t has second accuracy */
+		s++;
+		s+=n;
+	}
+	if(*s == 'Z' || *s == 'z') {
+		/* nothing to do for this */
+		s++;
+	} else if(*s == '+' || *s == '-') {
+		/* optional timezone spec: Z or +hh:mm or -hh:mm */
+		int hr = 0, mn = 0, n = 0;
+		if(sscanf(s+1, "%d:%d%n", &hr, &mn, &n) < 2) {
+			DEBUG_ANCHOR("xml_convertdate tz failure %s\n", str);
+			return 0;
+		}
+		if(*s == '+') {
+			tm.tm_hour += hr;
+			tm.tm_min += mn;
+		} else {
+			tm.tm_hour -= hr;
+			tm.tm_min -= mn;
+		}
+		s++;
+		s += n;
+	}
+	if(*s != 0) {
+		/* not ended properly */
+		/* but ignore, (lenient) */
+	}
+
+	t = gldns_mktime_from_utc(&tm);
+	if(t == (time_t)-1) {
+		DEBUG_ANCHOR("xml_convertdate mktime failure\n");
+		return 0;
+	}
+	return t;
+}
+
+
+static inline int ta_iter_done(ta_iter *ta)
+{ return *ta->ptr == 0 || ta->ptr >= ta->end; }
+
+static ta_iter *ta_iter_next(ta_iter *ta)
+{
+	yxml_ret_t r;
+	yxml_t ta_x;
+	const char *ta_start;
+	int level;
+	char value[2048];
+	char *cur, *tmp;
+	enum { VALIDFROM, VALIDUNTIL } attr_type;
+	enum { KEYTAG, ALGORITHM, DIGESTTYPE, DIGEST } elem_type;
+
+	cur = value;
+	value[0] = 0;
+
+	if (!ta->zone[0]) {
+		DEBUG_ANCHOR("Determine start of <TrustAnchor>\n");
+		/* Determine start of <TrustAnchor> */
+		while (!ta_iter_done(ta) &&
+		    (  yxml_parse(&ta->x, *ta->ptr) != YXML_ELEMSTART
+		    || strcasecmp(ta->x.elem, "trustanchor")))
+			ta->ptr++;
+		if (ta_iter_done(ta)) return NULL;
+		ta_start = ta->ptr;
+		ta_x = ta->x;
+
+		DEBUG_ANCHOR("Find <Zone>\n");
+		/* Find <Zone> */
+		level = 0;
+		while (!ta_iter_done(ta) && !ta->zone[0]) {
+			switch ((r = yxml_parse(&ta->x, *ta->ptr))) {
+			case YXML_ELEMSTART:
+				level += 1;
+				if (level == 1 &&
+				    strcasecmp(ta->x.elem, "zone") == 0) {
+					cur = value;
+					*cur = 0;
+				}
+				break;
+
+			case YXML_ELEMEND:
+				level -= 1;
+				if (level < 0)
+					/* End of <TrustAnchor> section,
+					 * try the next <TrustAnchor> section
+					 */
+					return ta_iter_next(ta);
+
+				else if (level == 0 && cur) {
+					/* <Zone> content ready */
+					(void) strncpy( ta->zone, value
+					              , sizeof(ta->zone));
+
+					/* Reset to start of <TrustAnchor> */
+					cur = NULL;
+					ta->ptr = ta_start;
+					ta->x = ta_x;
+				}
+				break;
+
+			case YXML_CONTENT:
+				if (!cur || level != 1)
+					break;
+				tmp = ta->x.data;
+				while (*tmp && cur < value + sizeof(value))
+					*cur++ = *tmp++;
+				if (cur >= value + sizeof(value))
+					cur = NULL;
+				else
+					*cur = 0;
+				break;
+			default:
+				break;
+			}
+			ta->ptr++;
+		}
+		if (ta_iter_done(ta))
+			return NULL;
+	}
+	assert(ta->zone[0]);
+
+	DEBUG_ANCHOR("Zone: %s, Find <KeyDigest>\n", ta->zone);
+	level = 0;
+	while (!ta_iter_done(ta)) {
+		r = yxml_parse(&ta->x, *ta->ptr);
+
+		if (r == YXML_ELEMSTART) {
+			level += 1;
+			DEBUG_ANCHOR("elem start: %s, level: %d\n", ta->x.elem, level);
+			if (level == 1 &&
+			    strcasecmp(ta->x.elem, "keydigest") == 0)
+				break;
+
+		} else if (r == YXML_ELEMEND) {
+			level -= 1;
+			if (level < 0) {
+				/* End of <TrustAnchor> section */
+				ta->zone[0] = 0;
+				return ta_iter_next(ta);
+			}
+		}
+		ta->ptr++;
+	}
+	if (ta_iter_done(ta))
+		return NULL;
+
+	DEBUG_ANCHOR("Found <KeyDigest>, Parse attributes\n");
+
+	ta->validFrom = ta->validUntil = 0;
+	*ta->keytag = *ta->algorithm = *ta->digesttype = *ta->digest = 0;
+
+	cur = NULL;
+	value[0] = 0;
+	attr_type = -1;
+
+	while (!ta_iter_done(ta)) {
+		switch ((r = yxml_parse(&ta->x, *ta->ptr))) {
+		case YXML_ELEMSTART:
+			break;
+
+		case YXML_ELEMEND:
+			/* End of <KeyDigest> section, try next */
+			return ta_iter_next(ta);
+
+		case YXML_ATTRSTART:
+			DEBUG_ANCHOR("attrstart: %s\n", ta->x.attr);
+			if (strcasecmp(ta->x.attr, "validfrom") == 0)
+				attr_type = VALIDFROM;
+
+			else if (strcasecmp(ta->x.attr, "validuntil") == 0)
+				attr_type = VALIDUNTIL;
+			else
+				break;
+
+			cur = value;
+			*cur = 0;
+			break;
+
+		case YXML_ATTREND:
+			if (!cur)
+				break;
+			cur = NULL;
+			DEBUG_ANCHOR("attrval: %s\n", value);
+			switch (attr_type) {
+			case VALIDFROM:
+				ta->validFrom = xml_convertdate(value);
+				break;
+			case VALIDUNTIL:
+				ta->validUntil = xml_convertdate(value);
+				break;
+			}
+			break;
+
+		case YXML_ATTRVAL:
+			if (!cur)
+				break;
+			tmp = ta->x.data;
+			while (*tmp && cur < value + sizeof(value))
+				*cur++ = *tmp++;
+			if (cur >= value + sizeof(value))
+				cur = NULL;
+			else
+				*cur = 0;
+			break;
+		case YXML_OK:
+		case YXML_CONTENT:
+			break;
+		default:
+			DEBUG_ANCHOR("r: %d\n", (int)r);
+			return NULL;
+			break;
+		}
+		if (r == YXML_ELEMSTART)
+			break;
+		ta->ptr++;
+	}
+	if (ta_iter_done(ta))
+		return NULL;
+
+	assert(r == YXML_ELEMSTART);
+	DEBUG_ANCHOR("Within <KeyDigest>, Parse child elements\n");
+
+	cur = NULL;
+	value[0] = 0;
+	elem_type = -1;
+
+	for (;;) {
+		switch (r) {
+		case YXML_ELEMSTART:
+			level += 1;
+			DEBUG_ANCHOR("elem start: %s, level: %d\n", ta->x.elem, level);
+			if (level != 2)
+				break;
+
+			else if (strcasecmp(ta->x.elem, "keytag") == 0)
+				elem_type = KEYTAG;
+
+			else if (strcasecmp(ta->x.elem, "algorithm") == 0)
+				elem_type = ALGORITHM;
+
+			else if (strcasecmp(ta->x.elem, "digesttype") == 0)
+				elem_type = DIGESTTYPE;
+
+			else if (strcasecmp(ta->x.elem, "digest") == 0)
+				elem_type = DIGEST;
+			else
+				break;
+
+			cur = value;
+			*cur = 0;
+			break;
+
+		case YXML_ELEMEND:
+			level -= 1;
+			if (level < 0) {
+				/* End of <TrustAnchor> section */
+				ta->zone[0] = 0;
+				return ta_iter_next(ta);
+
+			} else if (level != 1 || !cur)
+				break;
+
+			cur = NULL;
+			DEBUG_ANCHOR("elem end: %s\n", value);
+			switch (elem_type) {
+			case KEYTAG:
+				(void) strncpy( ta->keytag, value
+				              , sizeof(ta->keytag));
+				break;
+			case ALGORITHM:
+				(void) strncpy( ta->algorithm, value
+				              , sizeof(ta->algorithm));
+				break;
+			case DIGESTTYPE:
+				(void) strncpy( ta->digesttype, value
+				              , sizeof(ta->digesttype));
+				break;
+			case DIGEST:
+				(void) strncpy( ta->digest, value
+				              , sizeof(ta->digest));
+				break;
+			}
+			break;
+
+		case YXML_CONTENT:
+			if (!cur)
+				break;
+			tmp = ta->x.data;
+			while (*tmp && cur < value + sizeof(value))
+				*cur++ = *tmp++;
+			if (cur >= value + sizeof(value))
+				cur = NULL;
+			else
+				*cur = 0;
+			break;
+
+		default:
+			break;
+		}
+		if (level == 0)
+			break;
+		ta->ptr++;
+		if (ta_iter_done(ta))
+			return NULL;
+		r = yxml_parse(&ta->x, *ta->ptr);
+	}
+	return  ta->validFrom
+	    && *ta->keytag     && *ta->algorithm
+	    && *ta->digesttype && *ta->digest ? ta : ta_iter_next(ta);
+}
+
+static ta_iter *ta_iter_init(ta_iter *ta, const char *doc, size_t doc_len)
+{
+	ta->ptr = ta->start = doc;
+	ta->end = ta->start + doc_len;
+	yxml_init(&ta->x, ta->yxml_buf, sizeof(ta->yxml_buf));
+	ta->zone[0] = 0;
+	return ta_iter_next(ta);
+}
+
 void _getdns_context_equip_with_anchor(getdns_context *context)
 {
-	uint8_t xml_spc[16384], *xml_data = xml_spc;
-	uint8_t p7s_spc[16384], *p7s_data = p7s_spc;
+	uint8_t xml_spc[4096], *xml_data = xml_spc;
+	uint8_t p7s_spc[4096], *p7s_data = p7s_spc;
 	size_t xml_len, p7s_len;
 
 	BIO *xml = NULL, *p7s = NULL, *crt = NULL;
@@ -227,7 +601,7 @@ void _getdns_context_equip_with_anchor(getdns_context *context)
 		DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
 		            , __FUNC__);
 	
-	else if (!(crt = BIO_new_mem_buf(_getdns_builtin_cert, -1)))
+	else if (!(crt = BIO_new_mem_buf((void *)_getdns_builtin_cert, -1)))
 		DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
 		            , __FUNC__);
 
@@ -244,7 +618,19 @@ void _getdns_context_equip_with_anchor(getdns_context *context)
 		            , __FUNC__);
 
 	else if (_getdns_verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
-		DEBUG_ANCHOR("Verifying trust-anchors SUCCEEDED, Yay!\n");
+		ta_iter ta_spc, *ta;
+
+		for ( ta = ta_iter_init(&ta_spc, (char *)xml_data, xml_len)
+		    ; ta; ta = ta_iter_next(ta)) {
+
+			DEBUG_ANCHOR( "%s IN DS %s %s %s %s\n"
+			            , ta->zone
+				    , ta->keytag
+				    , ta->algorithm
+				    , ta->digesttype
+				    , ta->digest
+				    );
+		}
 	} else {
 		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
 	}

From 6b70160659cf1e1c276dc6d8530372429ac6fc0a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 10:30:13 +0200
Subject: [PATCH 008/140] getdnsify function names, even though they're static

---
 src/anchor.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 1fff63fb..c096f471 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -89,7 +89,7 @@ _getdns_get_usage_of_ex(X509* cert)
 
 /** get valid signers from the list of signers in the signature */
 static STACK_OF(X509)*
-get_valid_signers(PKCS7* p7, const char* p7signer)
+_getdns_get_valid_signers(PKCS7* p7, const char* p7signer)
 {
 	int i;
 	STACK_OF(X509)* validsigners = sk_X509_new_null();
@@ -184,7 +184,7 @@ _getdns_verify_p7sig(BIO* data, BIO* p7s, X509_STORE *store, const char* p7signe
 	}
 	/* check what is in the Subject name of the certificates,
 	 * and build a stack that contains only the right certificates */
-	validsigners = get_valid_signers(p7, p7signer);
+	validsigners = _getdns_get_valid_signers(p7, p7signer);
 	if(!validsigners) {
 		PKCS7_free(p7);
 		return 0;
@@ -231,7 +231,7 @@ typedef struct ta_iter {
  * @return a time_t representation or 0 on failure.
  */
 static time_t
-xml_convertdate(const char* str)
+_getdns_xml_convertdate(const char* str)
 {
 	time_t t = 0;
 	struct tm tm;
@@ -440,10 +440,10 @@ static ta_iter *ta_iter_next(ta_iter *ta)
 			DEBUG_ANCHOR("attrval: %s\n", value);
 			switch (attr_type) {
 			case VALIDFROM:
-				ta->validFrom = xml_convertdate(value);
+				ta->validFrom = _getdns_xml_convertdate(value);
 				break;
 			case VALIDUNTIL:
-				ta->validUntil = xml_convertdate(value);
+				ta->validUntil = _getdns_xml_convertdate(value);
 				break;
 			}
 			break;

From 7ea3beaa6a40c689010b19a29d2404522473c456 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 12:27:20 +0200
Subject: [PATCH 009/140] Equip context with xml read trust anchors

---
 configure.ac    |   2 +-
 src/Makefile.in |  11 ++--
 src/anchor.c    | 134 ++++++++++++++++++++++++++++++++++++++++++++----
 src/anchor.h    |   3 +-
 src/context.c   |  12 +++--
 src/context.h   |   7 +++
 6 files changed, 149 insertions(+), 20 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0b5d2bc9..434df5c7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -114,7 +114,7 @@ AC_SUBST(WPEDANTICFLAG)
 AC_SUBST(WNOERRORFLAG)
 
 case "$host_os" in
-  linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE"
+  linux* ) CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"
   ;;
   solaris* ) CFLAGS="$CFLAGS -D__EXTENSIONS__"  # for strdup() from <string.h>
   ;;
diff --git a/src/Makefile.in b/src/Makefile.in
index b8168487..bbe58805 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -67,7 +67,7 @@ C99COMPATFLAGS=@C99COMPATFLAGS@
 
 DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
 
-GETDNS_OBJ=anchor.lo const-info.lo convert.lo dict.lo dnssec.lo general.lo \
+GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
 	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
 	rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
 	mdns.lo
@@ -86,7 +86,7 @@ YXML_OBJ=yxml.lo
 
 EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
 
-NON_C99_OBJS=context.lo libuv.lo
+NON_C99_OBJS=libuv.lo context.lo anchor.lo
 
 .SUFFIXES: .c .o .a .lo .h
 
@@ -121,6 +121,9 @@ $(YXML_OBJ):
 $(EXTENSION_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
 
+anchor.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/anchor.c -o anchor.lo
+
 context.lo:
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
 
@@ -158,8 +161,8 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
 
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 test: default
 	cd test && $(MAKE) $@
diff --git a/src/anchor.c b/src/anchor.c
index c096f471..bb63c200 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -42,6 +42,9 @@
 #include "context.h"
 #include "yxml/yxml.h"
 #include "gldns/parseutil.h"
+#include "gldns/gbuffer.h"
+#include "gldns/str2wire.h"
+#include "gldns/pkthdr.h"
 
 #define P7SIGNER "dnssec@iana.org"
 
@@ -575,7 +578,94 @@ static ta_iter *ta_iter_init(ta_iter *ta, const char *doc, size_t doc_len)
 	return ta_iter_next(ta);
 }
 
-void _getdns_context_equip_with_anchor(getdns_context *context)
+uint16_t _getdns_parse_xml_trust_anchors_buf(
+    gldns_buffer *gbuf, time_t now, char *xml_data, size_t xml_len)
+{
+	ta_iter ta_spc, *ta;
+	uint16_t ta_count = 0;
+	size_t pkt_start = gldns_buffer_position(gbuf);
+
+	/* Empty header */
+	gldns_buffer_write_u32(gbuf, 0);
+	gldns_buffer_write_u32(gbuf, 0);
+	gldns_buffer_write_u32(gbuf, 0);
+
+	for ( ta = ta_iter_init(&ta_spc, (char *)xml_data, xml_len)
+	    ; ta; ta = ta_iter_next(ta)) {
+
+		if (now < ta->validFrom)
+			DEBUG_ANCHOR("Disregarding trust anchor "
+			    "%s for %s which is not yet valid",
+			    ta->keytag, ta->zone);
+
+		else if (ta->validUntil != 0 && now > ta->validUntil)
+			DEBUG_ANCHOR("Disregarding trust anchor "
+			    "%s for %s which is not valid anymore",
+			    ta->keytag, ta->zone);
+
+		else {
+			uint8_t zone[256];
+			size_t zone_len = sizeof(zone);
+			uint8_t digest[sizeof(ta->digest)/2];
+			size_t digest_len = sizeof(digest);
+			uint16_t keytag;
+			uint8_t algorithm;
+			uint8_t digesttype;
+			char *endptr;
+
+			DEBUG_ANCHOR( "Installing trust anchor: "
+			    "%s IN DS %s %s %s %s\n"
+			    , ta->zone
+			    , ta->keytag
+			    , ta->algorithm
+			    , ta->digesttype
+			    , ta->digest
+			    );
+			if (gldns_str2wire_dname_buf(ta->zone, zone, &zone_len)) {
+				DEBUG_ANCHOR("Not installing trust anchor because "
+				    "of unparsable zone: \"%s\"", ta->zone);
+				continue;
+			}
+			keytag = (uint16_t)strtol(ta->keytag, &endptr, 10);
+			if (endptr == ta->keytag || *endptr != 0) {
+				DEBUG_ANCHOR("Not installing trust anchor because "
+				    "of unparsable keytag: \"%s\"", ta->keytag);
+				continue;
+			}
+			algorithm = (uint16_t)strtol(ta->algorithm, &endptr, 10);
+			if (endptr == ta->algorithm || *endptr != 0) {
+				DEBUG_ANCHOR("Not installing trust anchor because "
+				    "of unparsable algorithm: \"%s\"", ta->algorithm);
+				continue;
+			}
+			digesttype = (uint16_t)strtol(ta->digesttype, &endptr, 10);
+			if (endptr == ta->digesttype || *endptr != 0) {
+				DEBUG_ANCHOR("Not installing trust anchor because "
+				    "of unparsable digesttype: \"%s\"", ta->digesttype);
+				continue;
+			}
+			if (gldns_str2wire_hex_buf(ta->digest, digest, &digest_len)) {
+				DEBUG_ANCHOR("Not installing trust anchor because "
+				    "of unparsable digest: \"%s\"", ta->digest);
+				continue;
+			}
+			gldns_buffer_write(gbuf, zone, zone_len);
+			gldns_buffer_write_u16(gbuf, GETDNS_RRTYPE_DS);
+			gldns_buffer_write_u16(gbuf, GETDNS_RRCLASS_IN);
+			gldns_buffer_write_u32(gbuf, 3600);
+			gldns_buffer_write_u16(gbuf, digest_len + 4); /* rdata_len */
+			gldns_buffer_write_u16(gbuf, keytag);
+			gldns_buffer_write_u8(gbuf, algorithm);
+			gldns_buffer_write_u8(gbuf, digesttype);
+			gldns_buffer_write(gbuf, digest, digest_len);
+			ta_count += 1;
+		}
+	}
+	gldns_buffer_write_u16_at(gbuf, pkt_start+GLDNS_ANCOUNT_OFF, ta_count);
+	return ta_count;
+}
+
+void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 {
 	uint8_t xml_spc[4096], *xml_data = xml_spc;
 	uint8_t p7s_spc[4096], *p7s_data = p7s_spc;
@@ -618,19 +708,41 @@ void _getdns_context_equip_with_anchor(getdns_context *context)
 		            , __FUNC__);
 
 	else if (_getdns_verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
-		ta_iter ta_spc, *ta;
+		uint8_t ta_spc[sizeof(context->trust_anchors_spc)];
+		size_t ta_len;
+		uint8_t *ta = NULL;
+		gldns_buffer gbuf;
 
-		for ( ta = ta_iter_init(&ta_spc, (char *)xml_data, xml_len)
-		    ; ta; ta = ta_iter_next(ta)) {
+		gldns_buffer_init_vfixed_frm_data(
+		    &gbuf, ta_spc, sizeof(ta_spc));
 
-			DEBUG_ANCHOR( "%s IN DS %s %s %s %s\n"
-			            , ta->zone
-				    , ta->keytag
-				    , ta->algorithm
-				    , ta->digesttype
-				    , ta->digest
-				    );
+		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now, 
+		    (char *)xml_data, xml_len))
+			DEBUG_ANCHOR("Failed to parse trust anchor XML data");
+		else if ((ta_len = gldns_buffer_position(&gbuf)) > sizeof(ta_spc)) {
+			if ((ta = GETDNS_XMALLOC(context->mf, uint8_t, ta_len))) {
+				gldns_buffer_init_frm_data(&gbuf, ta,
+				    gldns_buffer_position(&gbuf));
+				if (!_getdns_parse_xml_trust_anchors_buf(
+				    &gbuf, now, (char *)xml_data, xml_len)) {
+					DEBUG_ANCHOR("Failed to re-parse trust"
+					             " anchor XML data");
+					GETDNS_FREE(context->mf, ta);
+				} else {
+					context->trust_anchors = ta;
+					context->trust_anchors_len = ta_len;
+					context->trust_anchors_source = GETDNS_TASRC_XML;
+				}
+			} else
+				DEBUG_ANCHOR("Could not allocate space for XML file");
+		} else {
+			(void)memcpy(context->trust_anchors_spc, ta_spc, ta_len);
+			context->trust_anchors = context->trust_anchors_spc;
+			context->trust_anchors_len = ta_len;
+			context->trust_anchors_source = GETDNS_TASRC_XML;
 		}
+		DEBUG_ANCHOR("ta: %p, ta_len: %d\n", context->trust_anchors, (int)context->trust_anchors_len);
+		
 	} else {
 		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
 	}
diff --git a/src/anchor.h b/src/anchor.h
index db63a452..b619781c 100644
--- a/src/anchor.h
+++ b/src/anchor.h
@@ -35,8 +35,9 @@
 #define ANCHOR_H_
 
 #include "getdns/getdns.h"
+#include <time.h>
 
-void _getdns_context_equip_with_anchor(getdns_context *context);
+void _getdns_context_equip_with_anchor(getdns_context *context, time_t now);
 
 #endif
 /* anchor.h */
diff --git a/src/context.c b/src/context.c
index 3d6144b6..87f309de 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1406,6 +1406,7 @@ getdns_context_create_with_extended_memory_functions(
 	result->suffixes = no_suffixes;
 	result->suffixes_len = sizeof(no_suffixes);
 
+	result->trust_anchors_source = GETDNS_TASRC_NONE;
 	gldns_buffer_init_vfixed_frm_data(&gbuf, result->trust_anchors_spc
 	                                , sizeof(result->trust_anchors_spc));
 
@@ -1423,12 +1424,16 @@ getdns_context_create_with_extended_memory_functions(
 			                          , result->trust_anchors
 						  , result->trust_anchors_len);
 			if (!_getdns_parse_ta_file(NULL, &gbuf)) {
+				GETDNS_FREE(result->mf, result->trust_anchors);
 				result->trust_anchors = NULL;
 				result->trust_anchors_len = 0;
-			}
+			} else
+				result->trust_anchors_source = GETDNS_TASRC_ZONE;
 		}
-	} else
+	} else {
 		result->trust_anchors = result->trust_anchors_spc;
+		result->trust_anchors_source = GETDNS_TASRC_ZONE;
+	}
 
 	result->upstreams = NULL;
 
@@ -1514,7 +1519,8 @@ getdns_context_create_with_extended_memory_functions(
 #else
 	/* XXX implement Windows-style unlock here */
 #endif
-	_getdns_context_equip_with_anchor(result);
+	if (result->trust_anchors_source == GETDNS_TASRC_NONE)
+		_getdns_context_equip_with_anchor(result, time(NULL));
 
 #ifdef HAVE_LIBUNBOUND
 	result->unbound_ctx = NULL;
diff --git a/src/context.h b/src/context.h
index 862460b5..ae2315f1 100644
--- a/src/context.h
+++ b/src/context.h
@@ -92,6 +92,12 @@ typedef enum getdns_conn_state {
 	GETDNS_CONN_BACKOFF
 } getdns_conn_state_t;
 
+typedef enum getdns_tasrc {
+	GETDNS_TASRC_NONE,
+	GETDNS_TASRC_ZONE,
+	GETDNS_TASRC_XML
+} getdns_tasrc;
+
 typedef enum getdns_tsig_algo {
 	GETDNS_NO_TSIG     = 0, /* Do not use tsig */
 	GETDNS_HMAC_MD5    = 1, /* 128 bits */
@@ -272,6 +278,7 @@ struct getdns_context {
 	size_t               suffixes_len; 
 	uint8_t              *trust_anchors;
 	size_t                trust_anchors_len;
+	getdns_tasrc          trust_anchors_source;
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;

From 4a1008e02ca7b554625739ffdc94cb4e0463a45e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 12:28:07 +0200
Subject: [PATCH 010/140] New deps for anchor.lo

---
 src/Makefile.in | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index bbe58805..3ee8e1bd 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -228,7 +228,8 @@ anchor.lo anchor.o: $(srcdir)/anchor.c config.h $(srcdir)/debug.h $(srcdir)/anch
  $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
  config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h
 const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
  getdns/getdns.h $(srcdir)/const-info.h
 context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/anchor.h getdns/getdns.h $(srcdir)/debug.h \

From e2f1d3badb3eb31d7a8eaf34d8e295a94e6fadfe Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 12:41:01 +0200
Subject: [PATCH 011/140] Dependencies

---
 spec/example/Makefile.in |  24 ++-
 src/Makefile.in          | 451 +++++++++++++++++++++++++--------------
 src/test/Makefile.in     |  71 ++++--
 src/tools/Makefile.in    |   7 +-
 4 files changed, 358 insertions(+), 195 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 7bf5e016..8ff7f2d1 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,16 +149,24 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index 3ee8e1bd..fed842ed 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -224,176 +224,301 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-anchor.lo anchor.o: $(srcdir)/anchor.c config.h $(srcdir)/debug.h $(srcdir)/anchor.h getdns/getdns.h \
- $(srcdir)/types-internal.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
+anchor.lo anchor.o: $(srcdir)/anchor.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/anchor.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h
-const-info.lo const-info.o: $(srcdir)/const-info.c getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h $(srcdir)/anchor.h getdns/getdns.h $(srcdir)/debug.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h \
- $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c config.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h \
- $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h $(srcdir)/debug.h getdns/getdns.h $(srcdir)/context.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c config.h $(srcdir)/general.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util-internal.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c config.h $(srcdir)/debug.h $(srcdir)/context.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c config.h $(srcdir)/debug.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- config.h $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h config.h getdns/getdns.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h getdns/getdns_extra.h getdns/getdns.h \
+const-info.lo const-info.o: $(srcdir)/const-info.c \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/anchor.h \
+ getdns/getdns.h \
+ $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h config.h getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c config.h getdns/getdns_extra.h getdns/getdns.h \
- $(srcdir)/context.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h
-stub.lo stub.o: $(srcdir)/stub.c config.h $(srcdir)/debug.h $(srcdir)/stub.h getdns/getdns.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h config.h $(srcdir)/context.h getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns_extra.h $(srcdir)/types-internal.h \
- $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h config.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c config.h getdns/getdns.h $(srcdir)/dict.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h config.h $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns_extra.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-version.lo version.o: version.c
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c config.h $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c config.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c config.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c config.h $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c config.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c config.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c config.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c config.h $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c config.h
-getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c config.h
-locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c config.h $(srcdir)/util/auxiliary/util/storage/lookup3.h \
- $(srcdir)/util/lookup3.h $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c config.h $(srcdir)/util/auxiliary/util/storage/lruhash.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
+ $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c config.h $(srcdir)/util/auxiliary/log.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/fptr_wlist.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c config.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/parseutil.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
+ $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
+ $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
+ $(srcdir)/convert.h $(srcdir)/general.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
+ getdns/getdns_extra.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+stub.lo stub.o: $(srcdir)/stub.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/stub.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c \
+ getdns/getdns.h \
+ config.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
+ config.h \
+ $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c \
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
+ config.h \
+ $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
+ config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
+ config.h \
+ $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
+ config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
+ config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
+ config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
+ config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
+ config.h
+getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
+ config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
+ config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
+ config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
+ config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
+ config.h
+locks.lo locks.o: $(srcdir)/util/locks.c \
+ config.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
+ config.h \
+ $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
+ config.h \
  $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
  $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h config.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
 yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
-libev.lo libev.o: $(srcdir)/extension/libev.c config.h $(srcdir)/types-internal.h getdns/getdns.h \
- getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h \
- getdns/getdns_extra.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h \
- getdns/getdns_extra.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c config.h $(srcdir)/debug.h config.h $(srcdir)/types-internal.h \
- getdns/getdns.h getdns/getdns_extra.h getdns/getdns.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h \
- getdns/getdns_extra.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c config.h \
- $(srcdir)/extension/poll_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h config.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c config.h \
- $(srcdir)/extension/select_eventloop.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/debug.h config.h $(srcdir)/types-internal.h getdns/getdns.h getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+libev.lo libev.o: $(srcdir)/extension/libev.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
+ config.h \
+ $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
+ config.h \
+ $(srcdir)/extension/select_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 00211237..9d4dad00 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -231,10 +231,13 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
- $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
- $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
+ ../getdns/getdns.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
+ $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
+ $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -254,34 +257,58 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(sr
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
- ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
+ ../getdns/getdns.h \
+ ../config.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h \
+ ../config.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
+ ../config.h \
+ $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index e36bea08..7e291603 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -113,5 +113,8 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
+ ../config.h \
+ $(srcdir)/../debug.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h

From 69b3f6f55818254250c5e3be613d95297be09bc6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 12:43:33 +0200
Subject: [PATCH 012/140] Remove unnecessary initialization (scan-build)

---
 src/anchor.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index bb63c200..34597719 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -667,8 +667,8 @@ uint16_t _getdns_parse_xml_trust_anchors_buf(
 
 void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 {
-	uint8_t xml_spc[4096], *xml_data = xml_spc;
-	uint8_t p7s_spc[4096], *p7s_data = p7s_spc;
+	uint8_t xml_spc[4096], *xml_data;
+	uint8_t p7s_spc[4096], *p7s_data;
 	size_t xml_len, p7s_len;
 
 	BIO *xml = NULL, *p7s = NULL, *crt = NULL;

From 2962baa050a40a8f7443da3615ea7aaf165b330b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 12:48:22 +0200
Subject: [PATCH 013/140] Old (not so smart) compiler warns for uninitialized
 variable

---
 src/anchor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/anchor.c b/src/anchor.c
index 34597719..4ddbb142 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -301,7 +301,7 @@ static inline int ta_iter_done(ta_iter *ta)
 
 static ta_iter *ta_iter_next(ta_iter *ta)
 {
-	yxml_ret_t r;
+	yxml_ret_t r = YXML_OK;
 	yxml_t ta_x;
 	const char *ta_start;
 	int level;

From ff1ebbf6719fb5aad64ccf7e076704e2c592b08f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 22 Jun 2017 13:09:45 +0200
Subject: [PATCH 014/140] Hmmm... this time the warning does make sense

---
 src/anchor.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/anchor.c b/src/anchor.c
index 4ddbb142..bacd7334 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -668,7 +668,7 @@ uint16_t _getdns_parse_xml_trust_anchors_buf(
 void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 {
 	uint8_t xml_spc[4096], *xml_data;
-	uint8_t p7s_spc[4096], *p7s_data;
+	uint8_t p7s_spc[4096], *p7s_data = NULL;
 	size_t xml_len, p7s_len;
 
 	BIO *xml = NULL, *p7s = NULL, *crt = NULL;

From fb267938c3a42657d9e2b4e0c69bec3b58399e79 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 28 Jun 2017 20:35:30 +0200
Subject: [PATCH 015/140] Start with fetching root-anchors remotely

Also lays the foundation for looking up upstreams by name and DANE authentication of upstreams.
---
 src/context.c          |  7 ++++
 src/context.h          | 15 ++++++++-
 src/dnssec.c           | 72 ++++++++++++++++++++++++++++++++++++++++++
 src/request-internal.c |  2 ++
 src/types-internal.h   |  6 ++++
 5 files changed, 101 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 87f309de..a62020cd 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1467,6 +1467,9 @@ getdns_context_create_with_extended_memory_functions(
 	result->return_call_reporting = 0;
 	result->specify_class = GETDNS_RRCLASS_IN;
 
+	result->sys_ctxt  = NULL;
+	result->ta_notify = NULL;
+
 	/* state data used to detect changes to the system config files
 	 */
 	result->fchg_resolvconf = NULL;
@@ -1596,6 +1599,10 @@ getdns_context_destroy(struct getdns_context *context)
 		return;
 
 	context->destroying = 1;
+
+	if (context->sys_ctxt)
+		getdns_context_destroy(context->sys_ctxt);
+
 	/* cancel all outstanding requests */
 	cancel_outstanding_requests(context);
 
diff --git a/src/context.h b/src/context.h
index ae2315f1..fc95a21d 100644
--- a/src/context.h
+++ b/src/context.h
@@ -95,7 +95,8 @@ typedef enum getdns_conn_state {
 typedef enum getdns_tasrc {
 	GETDNS_TASRC_NONE,
 	GETDNS_TASRC_ZONE,
-	GETDNS_TASRC_XML
+	GETDNS_TASRC_XML,
+	GETDNS_TASRC_FAILED
 } getdns_tasrc;
 
 typedef enum getdns_tsig_algo {
@@ -371,6 +372,18 @@ struct getdns_context {
 	unsigned return_call_reporting               : 1;
 	uint16_t specify_class;
 
+	/*
+	 * Context for doing system queries.
+	 * For example to resolve data.iana.org or to resolver the addresses
+	 * of upstreams without specified addresses.
+	 */
+	getdns_context *sys_ctxt;
+
+	/* List of dnsreqs that want to be notified when we have fetched a
+	 * trust anchor from data.iana.org.
+	 */
+	getdns_dns_req *ta_notify;
+
 	/*
 	 * state data used to detect changes to the system config files
 	 */
diff --git a/src/dnssec.c b/src/dnssec.c
index fbbc966d..4b60fbc5 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2980,6 +2980,14 @@ static void append_empty_ds2val_chain_list(
 		getdns_dict_destroy(rr_dict);
 }
 
+static void data_iana_org_a(getdns_dns_req *dnsreq)
+{
+	getdns_dns_req *orig_dnsreq = (getdns_dns_req *)dnsreq->user_pointer;
+	DEBUG_SEC("Address for data.iana.org. found\n");
+	_getdns_context_cancel_request(dnsreq);
+	check_chain_complete(orig_dnsreq->chain);
+}
+
 static void check_chain_complete(chain_head *chain)
 {
 	getdns_dns_req *dnsreq;
@@ -2999,6 +3007,70 @@ static void check_chain_complete(chain_head *chain)
 	dnsreq = chain->netreq->owner;
 	context = dnsreq->context;
 
+	if (dnsreq->waiting_for_ta) {
+		getdns_dns_req **d;
+
+		for (d = &context->ta_notify; *d; d = &(*d)->ta_notify) {
+			if (*d == dnsreq) {
+				*d = dnsreq->ta_notify;
+				dnsreq->ta_notify = NULL;
+				dnsreq->waiting_for_ta = 0;
+				break;
+			}
+		}
+
+	} else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+		DEBUG_SEC("Need to fetch a trust anchor\n");
+
+		dnsreq->waiting_for_ta = 1;
+		dnsreq->ta_notify = context->ta_notify;
+		context->ta_notify = dnsreq;
+
+		if (dnsreq->ta_notify)
+			return; /* Wait for the notify callback */
+
+		else if (!context->sys_ctxt) {
+			if (getdns_context_create_with_extended_memory_functions(
+			    &context->sys_ctxt, 1,
+			    context->mf.mf_arg,
+			    context->mf.mf.ext.malloc,
+			    context->mf.mf.ext.realloc,
+			    context->mf.mf.ext.free)) {
+				DEBUG_SEC("TA fetch: Error creating system context\n");
+
+			} else if (getdns_context_set_eventloop(
+			    context->sys_ctxt, context->extension) ||
+			    getdns_context_set_resolution_type(
+			    context->sys_ctxt, GETDNS_RESOLUTION_STUB)
+					) {
+				DEBUG_SEC("TA fetch: Error configuring system context\n");
+
+				getdns_context_destroy(context->sys_ctxt);
+				context->sys_ctxt = NULL;
+			}
+		}
+		if (context->sys_ctxt) {
+			DEBUG_SEC("Start of fetching of root-anchors.xml\n");
+	    		if (!_getdns_general_loop(context->sys_ctxt,
+			    dnsreq->loop, "data.iana.org.", GETDNS_RRTYPE_A,
+			    NULL, dnsreq, NULL, NULL, data_iana_org_a)
+#if 0
+			    || !_getdns_general_loop(context->sys_ctxt,
+			    dnsreq->loop, "data.iana.org.", GETDNS_RRTYPE_AAAA,
+			    NULL, context, NULL, data_iana_org_aaaa)
+#endif
+			    )
+				return;
+
+			DEBUG_SEC("Scheduling of lookup for \"data.iana.org.\" failed\n");
+
+			getdns_context_destroy(context->sys_ctxt);
+			context->sys_ctxt = NULL;
+		}
+		dnsreq->waiting_for_ta = 0;
+		context->ta_notify = dnsreq->ta_notify;
+		dnsreq->ta_notify = NULL;
+	}
 #ifdef STUB_NATIVE_DNSSEC
 	/* Perform validation only on GETDNS_RESOLUTION_STUB (unbound_id == -1)
 	 * Or when asked for the validation chain (to identify the RRSIGs that
diff --git a/src/request-internal.c b/src/request-internal.c
index 15f97179..32f6611a 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -940,8 +940,10 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		result->upstreams->referenced++;
 
 	result->finished_next = NULL;
+	result->ta_notify = NULL;
 	result->freed = NULL;
 	result->validating = 0;
+	result->waiting_for_ta = 0;
 	result->is_dns_request = 1;
 	result->request_timed_out = 0;
 	result->chain = NULL;
diff --git a/src/types-internal.h b/src/types-internal.h
index 7834fc32..9b50fc91 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -324,6 +324,7 @@ typedef struct getdns_dns_req {
 	 * freed      is touched by _getdns_submit_netreq only
 	 */
 	unsigned validating				: 1;
+	unsigned waiting_for_ta                         : 1;
 	int *freed;
 
 	/* Validation chain to be canceled when this request is canceled */
@@ -365,6 +366,11 @@ typedef struct getdns_dns_req {
 	 */
 	struct getdns_dns_req *finished_next;
 
+	/* Linked list pointer for dns requests, which need to validate DNSSEC
+	 * and are waiting for the root trust-anchors fetch.
+	 */
+	struct getdns_dns_req *ta_notify;
+
 	/* network requests for this dns request.
 	 * The array is terminated with NULL.
 	 *

From 3e6c5775ff6de173600b7cacc2c231abc4e57814 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 10:18:07 +0200
Subject: [PATCH 016/140] Fetch and equip context with trust-anchors

---
 src/anchor.c         | 563 ++++++++++++++++++++++++++++++++++++++++++-
 src/anchor.h         |   3 +
 src/context.c        |   4 +
 src/context.h        |  33 +++
 src/dnssec.c         |  89 +++----
 src/dnssec.h         |   1 +
 src/general.c        |   5 +
 src/stub.c           |  12 -
 src/types-internal.h |   2 +-
 src/util-internal.h  |  13 +
 10 files changed, 654 insertions(+), 71 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index bacd7334..8ce1cead 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -40,16 +40,20 @@
 #include <time.h>
 #include "types-internal.h"
 #include "context.h"
+#include "dnssec.h"
 #include "yxml/yxml.h"
 #include "gldns/parseutil.h"
 #include "gldns/gbuffer.h"
 #include "gldns/str2wire.h"
 #include "gldns/pkthdr.h"
+#include "general.h"
+#include "rr-iter.h"
+#include "util-internal.h"
 
 #define P7SIGNER "dnssec@iana.org"
 
 /* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
-static char* _getdns_builtin_cert = 
+static char _getdns_builtin_cert[] = 
 "-----BEGIN CERTIFICATE-----\n"
 "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
 "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
@@ -72,6 +76,9 @@ static char* _getdns_builtin_cert =
 "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
 "-----END CERTIFICATE-----\n";
 
+static getdns_bindata _getdns_builtin_cert_bd =
+    { sizeof(_getdns_builtin_cert) - 1, (void *)_getdns_builtin_cert};
+
 /* get key usage out of its extension, returns 0 if no key_usage extension */
 static unsigned long
 _getdns_get_usage_of_ex(X509* cert)
@@ -665,6 +672,79 @@ uint16_t _getdns_parse_xml_trust_anchors_buf(
 	return ta_count;
 }
 
+static uint8_t *tas_validate(struct mem_funcs *mf,
+    const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
+    const getdns_bindata *crt_bd, const char *p7signer,
+    time_t now, uint8_t *tas, size_t *tas_len)
+{
+	BIO *xml = NULL, *p7s = NULL, *crt = NULL;
+	X509 *x = NULL;
+	X509_STORE *store = NULL;
+	uint8_t *success = NULL;
+
+	if (!(xml = BIO_new_mem_buf(xml_bd->data, xml_bd->size)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
+		            , __FUNC__);
+
+	else if (!(p7s = BIO_new_mem_buf(p7s_bd->data, p7s_bd->size)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
+		            , __FUNC__);
+	
+	else if (!(crt = BIO_new_mem_buf(crt_bd->data, crt_bd->size)))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
+		            , __FUNC__);
+
+	else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
+		DEBUG_ANCHOR("ERROR %s(): Parsing builtin certificate\n"
+		            , __FUNC__);
+
+	else if (!(store = X509_STORE_new()))
+		DEBUG_ANCHOR("ERROR %s(): Failed allocating store\n"
+		            , __FUNC__);
+
+	else if (!X509_STORE_add_cert(store, x))
+		DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
+		            , __FUNC__);
+
+	else if (_getdns_verify_p7sig(xml, p7s, store, p7signer)) {
+		gldns_buffer gbuf;
+
+		gldns_buffer_init_vfixed_frm_data(&gbuf, tas, *tas_len);
+
+		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now, 
+		    (char *)xml_bd->data, xml_bd->size))
+			DEBUG_ANCHOR("Failed to parse trust anchor XML data");
+
+		else if (gldns_buffer_position(&gbuf) > *tas_len) {
+			*tas_len = gldns_buffer_position(&gbuf);
+			if ((success = GETDNS_XMALLOC(*mf, uint8_t, *tas_len))) {
+				gldns_buffer_init_frm_data(&gbuf, success, *tas_len);
+				if (!_getdns_parse_xml_trust_anchors_buf(&gbuf,
+				    now, (char *)xml_bd->data, xml_bd->size)) {
+
+					DEBUG_ANCHOR("Failed to re-parse trust"
+					             " anchor XML data\n");
+					GETDNS_FREE(*mf, success);
+					success = NULL;
+				}
+			} else
+				DEBUG_ANCHOR("Could not allocate space for "
+				             "trust anchors\n");
+		} else {
+			success = tas;
+			*tas_len = gldns_buffer_position(&gbuf);
+		}
+	} else {
+		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
+	}
+	if (store)	X509_STORE_free(store);
+	if (x)		X509_free(x);
+	if (crt)	BIO_free(crt);
+	if (xml)	BIO_free(xml);
+	if (p7s)	BIO_free(p7s);
+	return success;
+}
+
 void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 {
 	uint8_t xml_spc[4096], *xml_data;
@@ -757,4 +837,485 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		GETDNS_FREE(context->mf, p7s_data);
 }
 
+static const uint8_t tas_write_xml_buf[] =
+"GET /root-anchors/root-anchors.xml HTTP/1.1\r\n"
+"Host: data.iana.org\r\n"
+"\r\n";
+
+static const uint8_t tas_write_p7s_buf[] =
+"GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
+"Host: data.iana.org\r\n"
+"\r\n";
+
+static const uint8_t tas_write_xml_p7s_buf[] =
+"GET /root-anchors/root-anchors.xml HTTP/1.1\r\n"
+"Host: data.iana.org\r\n"
+"\r\n"
+"GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
+"Host: data.iana.org\r\n"
+"\r\n";
+
+
+static inline const char * rt_str(uint16_t rt)
+{ return rt == GETDNS_RRTYPE_A ? "A" : rt == GETDNS_RRTYPE_AAAA ? "AAAA" : "?"; }
+
+static int tas_busy(tas_connection *a)
+{
+	return a->req != NULL;
+}
+
+static void tas_cleanup(getdns_context *context, tas_connection *a)
+{
+	if (a->req)
+		_getdns_context_cancel_request(a->req->owner);
+	if (a->event.ev)
+		GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	if (a->fd >= 0)
+		close(a->fd);
+	if (a->xml.data)
+		GETDNS_FREE(context->mf, a->xml.data);
+	if (a->tcp.read_buf && a->tcp.read_buf != context->tas_hdr_spc)
+		GETDNS_FREE(context->mf, a->tcp.read_buf);
+	(void) memset(a, 0, sizeof(*a));
+}
+
+static void tas_success(getdns_context *context, tas_connection *a)
+{
+	tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
+
+	tas_cleanup(context, a);
+	tas_cleanup(context, other);
+
+	DEBUG_ANCHOR("Successfully fetched new trust anchors\n");
+	context->trust_anchors_source = GETDNS_TASRC_XML;
+	_getdns_ta_notify_dnsreqs(context);
+}
+
+static void tas_fail(getdns_context *context, tas_connection *a)
+{
+	tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
+	uint16_t rt = &context->a == a ? GETDNS_RRTYPE_A : GETDNS_RRTYPE_AAAA;
+	uint16_t ort = rt == GETDNS_RRTYPE_A ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A;
+	tas_cleanup(context, a);
+
+	if (!tas_busy(other)) {
+		DEBUG_ANCHOR("Fatal error fetching trust anchor: "
+		             "%s connection failed too\n", rt_str(rt));
+		context->trust_anchors_source = GETDNS_TASRC_FAILED;
+		_getdns_ta_notify_dnsreqs(context);
+	} else
+		DEBUG_ANCHOR("%s connection failed, waiting for %s\n"
+		            , rt_str(rt), rt_str(ort));
+}
+
+static void tas_connect(getdns_context *context, tas_connection *a);
+static void tas_next(getdns_context *context, tas_connection *a)
+{
+	DEBUG_ANCHOR("Try next address\n");
+	if (!(a->rr = _getdns_rrtype_iter_next(a->rr)))
+		tas_fail(context, a);
+	else	tas_connect(context, a);
+}
+
+static void tas_timeout_cb(void *userarg)
+{
+	getdns_dns_req *dnsreq = (getdns_dns_req *)userarg;
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+	tas_connection *a;
+
+	if (dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A)
+		a = &context->a;
+	else	a = &context->aaaa;
+
+	DEBUG_ANCHOR("Trust anchor fetch timeout\n");
+	GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	tas_next(context, a);
+}
+
+static void tas_read_cb(void *userarg);
+static void tas_write_cb(void *userarg);
+static void tas_doc_read(getdns_context *context, tas_connection *a)
+{
+	DEBUG_ANCHOR("doc (size: %d): \"%.*s\"\n",
+	    (int)a->tcp.read_buf_len,
+	    (int)a->tcp.read_buf_len, (char *)a->tcp.read_buf);
+	if (a->state == TAS_READ_XML_DOC) {
+		if (a->xml.data)
+			GETDNS_FREE(context->mf, a->xml.data);
+		a->xml.data = a->tcp.read_buf;
+		a->xml.size = a->tcp.read_buf_len;
+	}
+	a->state += 1;
+	GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	if (a->state == TAS_DONE) {
+		getdns_bindata p7s_bd;
+		uint8_t *tas = context->trust_anchors_spc;
+		size_t tas_len = sizeof(context->trust_anchors_spc);
+
+		p7s_bd.data = a->tcp.read_buf;
+		p7s_bd.size = a->tcp.read_buf_len;
+	       	tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
+		    &_getdns_builtin_cert_bd, "dnssec@iana.org",
+		    time(NULL), tas, &tas_len);
+
+		if (tas) {
+			context->trust_anchors = tas;
+			context->trust_anchors_len = tas_len;
+			/* TODO: Try to write xml & p7s */
+			tas_success(context, a);
+		} else
+			tas_fail(context, a);
+		return;
+	}
+	assert(a->state == TAS_WRITE_GET_PS7);
+	a->tcp.write_buf = tas_write_p7s_buf;
+	a->tcp.write_buf_len = sizeof(tas_write_p7s_buf) - 1;
+	a->tcp.written = 0;
+
+	/* First try to read signatures immediately */
+	a->state += 1;
+	assert(a->state == TAS_READ_PS7_HDR);
+	a->tcp.read_buf = context->tas_hdr_spc;
+	a->tcp.read_buf_len = sizeof(context->tas_hdr_spc);
+	a->tcp.read_pos = a->tcp.read_buf;
+	a->tcp.to_read = sizeof(context->tas_hdr_spc);
+
+	GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 50,
+	    getdns_eventloop_event_init(&a->event, a->req->owner,
+	    tas_read_cb, NULL, tas_timeout_cb));
+#if 0
+	GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
+	    getdns_eventloop_event_init(&a->event, a->req->owner,
+	    NULL, tas_write_cb, tas_timeout_cb));
+#endif
+	return;
+}
+
+static void tas_read_cb(void *userarg)
+{
+	getdns_dns_req *dnsreq = (getdns_dns_req *)userarg;
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+	tas_connection *a;
+	ssize_t n, i;
+
+	if (dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A)
+		a = &context->a;
+	else	a = &context->aaaa;
+
+	DEBUG_ANCHOR( "state: %d, to_read: %d\n"
+	            , (int)a->state, (int)a->tcp.to_read);
+
+	n = read(a->fd, a->tcp.read_pos, a->tcp.to_read);
+	if (n >= 0 && (  a->state == TAS_READ_XML_DOC
+	              || a->state == TAS_READ_PS7_DOC)) {
+
+		assert(n <= (ssize_t)a->tcp.to_read);
+
+		DEBUG_ANCHOR("read: %d bytes at %p, for doc %p of size %d\n",
+		    (int)n, a->tcp.read_pos, a->tcp.read_buf, (int)a->tcp.read_buf_len);
+		a->tcp.read_pos += n;
+		a->tcp.to_read -= n;
+		if (a->tcp.to_read == 0)
+			tas_doc_read(context, a);
+		return;
+
+	} else if (n >= 0) {
+		ssize_t p = 0;
+		int doc_len = -1;
+		int len;
+		char *ln;
+		char *endptr;
+
+		n += a->tcp.read_pos - a->tcp.read_buf;
+		for (i = 0; i < (n - 1); i++) {
+			if (a->tcp.read_buf[i] != '\r' ||
+			    a->tcp.read_buf[i+1] != '\n')
+				continue;
+
+			len = (int)(i - p);
+			ln = (char *)&a->tcp.read_buf[p];
+
+			DEBUG_ANCHOR("line: \"%.*s\"\n", len, ln);
+			if (len >= 16 &&
+			    !strncasecmp(ln, "Content-Length: ", 16)) {
+				ln[len] = 0;
+				doc_len = (int)strtol(ln + 16, &endptr , 10);
+				if (endptr == ln || *endptr != 0)
+					doc_len = -1;
+			}
+			if (i - p == 0) {
+				i += 2;
+				break;
+			}
+			p = i + 2;
+			i++;
+		}
+		if (doc_len > 0) {
+			uint8_t *doc = GETDNS_XMALLOC(
+			    context->mf, uint8_t, doc_len);
+
+			DEBUG_ANCHOR("i: %d, n: %d, doc_len: %d\n"
+			            , (int)i, (int)n, doc_len);
+			if (!doc)
+				DEBUG_ANCHOR("Memory error");
+			else {
+				a->state += 1;
+				/* TODO: With pipelined read, the buffer might
+				 * contain the full document, plus a piece
+				 * of the headers of the next document!
+				 * Currently context->tas_hdr_spc is kept
+				 * small enough to anticipate this.
+				 */
+				if (n - i > 0) {
+					if ((n - i) > doc_len)
+						n -= (doc_len - i);
+					(void) memcpy(
+					    doc, a->tcp.read_buf + i, (n - i));
+					a->tcp.read_pos = doc + (n - i);
+					a->tcp.to_read = doc_len - (n - i);
+				} else {
+					a->tcp.read_pos = doc;
+					a->tcp.to_read = doc_len;
+				}
+				a->tcp.read_buf = doc;
+				a->tcp.read_buf_len = doc_len;
+
+				if (a->tcp.to_read == 0)
+					tas_doc_read(context, a);
+				return;
+			}
+		}
+	} else if (_getdns_EWOULDBLOCK)
+		return;
+
+	DEBUG_ANCHOR("Read error: %s\n", strerror(errno));
+	GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	tas_next(context, a);
+}
+
+static void tas_write_cb(void *userarg)
+{
+	getdns_dns_req *dnsreq = (getdns_dns_req *)userarg;
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+	tas_connection *a;
+	ssize_t written;
+
+	if (dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A)
+		a = &context->a;
+	else	a = &context->aaaa;
+
+	DEBUG_ANCHOR( "state: %d, to_write: %d\n"
+	            , (int)a->state, (int)a->tcp.write_buf_len);
+
+	written = write(a->fd, a->tcp.write_buf, a->tcp.write_buf_len);
+	if (written >= 0) {
+		assert(written <= (ssize_t)a->tcp.write_buf_len);
+
+		a->tcp.write_buf += written;
+		a->tcp.write_buf_len -= written;
+		if (a->tcp.write_buf_len > 0)
+			/* Write remainder */
+			return;
+
+		a->state += 1;
+		a->tcp.read_buf = context->tas_hdr_spc;
+		a->tcp.read_buf_len = sizeof(context->tas_hdr_spc);
+		a->tcp.read_pos = a->tcp.read_buf;
+		a->tcp.to_read = sizeof(context->tas_hdr_spc);
+		GETDNS_CLEAR_EVENT(a->loop, &a->event);
+		DEBUG_ANCHOR("All written, schedule read\n");
+		GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
+		    getdns_eventloop_event_init(&a->event, a->req->owner,
+		    tas_read_cb, NULL, tas_timeout_cb));
+		return;
+
+	} else if (_getdns_EWOULDBLOCK)
+		return;
+
+	DEBUG_ANCHOR("Write error: %s\n", strerror(errno));
+	GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	tas_next(context, a);
+}
+
+static void tas_connect(getdns_context *context, tas_connection *a)
+{
+	char a_buf[40];
+	int r;
+
+#ifdef HAVE_FCNTL
+	int flag;
+#elif defined(HAVE_IOCTLSOCKET)
+	unsigned long on = 1;
+#endif
+
+	if (a->rr->rr_i.nxt - (a->rr->rr_i.rr_type + 10) !=
+	    ( a->req->request_type == GETDNS_RRTYPE_A    ?  4
+	    : a->req->request_type == GETDNS_RRTYPE_AAAA ? 16 : -1)) {
+
+		tas_next(context, a);
+		return;
+	}
+	DEBUG_ANCHOR("Initiating connection to %s\n"
+		    , inet_ntop(( a->req->request_type == GETDNS_RRTYPE_A
+				? AF_INET : AF_INET6)
+	            , a->rr->rr_i.rr_type + 10, a_buf, sizeof(a_buf)));
+
+	if ((a->fd = socket(( a->req->request_type == GETDNS_RRTYPE_A
+	    ? AF_INET : AF_INET6), SOCK_STREAM, IPPROTO_TCP)) == -1) {
+		DEBUG_ANCHOR("Error creating socket: %s\n", strerror(errno));
+		tas_next(context, a);
+		return;
+	}
+#ifdef HAVE_FCNTL
+	if((flag = fcntl(a->fd, F_GETFL)) != -1) {
+		flag |= O_NONBLOCK;
+		if(fcntl(a->fd, F_SETFL, flag) == -1) {
+			/* ignore error, continue blockingly */
+		}
+	}
+#elif defined(HAVE_IOCTLSOCKET)
+	if(ioctlsocket(a->fd, FIONBIO, &on) != 0) {
+		/* ignore error, continue blockingly */
+	}
+#endif
+	if (a->req->request_type == GETDNS_RRTYPE_A) {
+		struct sockaddr_in addr;
+
+		addr.sin_family = AF_INET;
+		addr.sin_port = htons(80);
+		(void) memcpy(&addr.sin_addr, a->rr->rr_i.rr_type + 10, 4);
+		r = connect(a->fd, (struct sockaddr *)&addr, sizeof(addr));
+	} else {
+		struct sockaddr_in6 addr;
+
+		addr.sin6_family = AF_INET6;
+		addr.sin6_port = htons(80);
+		addr.sin6_flowinfo = 0;
+		(void) memcpy(&addr.sin6_addr, a->rr->rr_i.rr_type + 10, 16);
+		addr.sin6_scope_id = 0;
+		r = connect(a->fd, (struct sockaddr *)&addr, sizeof(addr));
+	}
+	if (r == 0 || (r == -1 && (_getdns_EINPROGRESS ||
+				   _getdns_EWOULDBLOCK))) {
+
+		a->state += 1;
+		a->tcp.write_buf = tas_write_xml_p7s_buf;
+		a->tcp.write_buf_len = sizeof(tas_write_xml_p7s_buf) - 1;
+		a->tcp.written = 0;
+
+		GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
+		    getdns_eventloop_event_init(&a->event, a->req->owner,
+		    NULL, tas_write_cb, tas_timeout_cb));
+		DEBUG_ANCHOR("Scheduled write\n");
+		return;
+	} else
+		DEBUG_ANCHOR("Connect error: %s\n", strerror(errno));
+
+	tas_next(context, a);
+}
+
+static void data_iana_org(getdns_dns_req *dnsreq)
+{
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+	tas_connection *a;
+       
+	if (dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A)
+		a = &context->a;
+	else	a = &context->aaaa;
+
+	a->rrset = _getdns_rrset_answer(
+	    &a->rrset_spc, a->req->response, a->req->response_len);
+
+	if (!a->rrset)
+		DEBUG_ANCHOR("%s lookup for data.iana.org. returned no "
+		             "response\n", rt_str(a->req->request_type));
+
+	else if (a->req->response_len < dnsreq->name_len + 12 ||
+	    !_getdns_dname_equal(a->req->response + 12, dnsreq->name) ||
+	    a->rrset->rr_type != a->req->request_type)
+		DEBUG_ANCHOR("%s lookup for data.iana.org. returned wrong "
+		             "response\n", rt_str(a->req->request_type));
+	else  if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset)))
+		DEBUG_ANCHOR("%s lookup for data.iana.org. returned no "
+		             "addresses\n", rt_str(a->req->request_type));
+	else {
+		a->loop = dnsreq->loop;
+		tas_connect(context, a);
+		return;
+	}
+	tas_fail(context, a);
+}
+
+void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
+{
+	getdns_return_t r;
+	size_t scheduled;
+
+	DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__,
+	             loop == &context->sync_eventloop.loop ? "" : "a");
+
+	while (!context->sys_ctxt) {
+		if ((r = getdns_context_create_with_extended_memory_functions(
+		    &context->sys_ctxt, 1, context->mf.mf_arg,
+		    context->mf.mf.ext.malloc, context->mf.mf.ext.realloc,
+		    context->mf.mf.ext.free)))
+			DEBUG_ANCHOR("Could not create system context: %s\n"
+			            , getdns_get_errorstr_by_id(r));
+
+		else if ((r = getdns_context_set_eventloop(
+		    context->sys_ctxt, loop)))
+			DEBUG_ANCHOR("Could not configure %ssynchronous loop "
+			             "with system context: %s\n"
+			            , ( loop == &context->sync_eventloop.loop
+			              ? "" : "a" )
+			            , getdns_get_errorstr_by_id(r));
+
+		else if ((r = getdns_context_set_resolution_type(
+		    context->sys_ctxt, GETDNS_RESOLUTION_STUB)))
+			DEBUG_ANCHOR("Could not configure system context for "
+			             "stub resolver: %s\n"
+			            , getdns_get_errorstr_by_id(r));
+		else
+			break;
+
+		getdns_context_destroy(context->sys_ctxt);
+		context->sys_ctxt = NULL;
+		DEBUG_ANCHOR("Fatal error fetching trust anchor: "
+		             "missing system context\n");
+		context->trust_anchors_source = GETDNS_TASRC_FAILED;
+		_getdns_ta_notify_dnsreqs(context);
+		return;
+	}
+	scheduled = 0;
+#if 1
+	context->a.state = TAS_LOOKUP_ADDRESSES;
+	if ((r = _getdns_general_loop(context->sys_ctxt, loop,
+	    "data.iana.org.", GETDNS_RRTYPE_A, NULL, context,
+	    &context->a.req, NULL, data_iana_org))) {
+		DEBUG_ANCHOR("Error scheduling A lookup for data.iana.org: "
+		             "%s\n", getdns_get_errorstr_by_id(r));
+	} else
+		scheduled += 1;
+#endif
+
+#if 0
+	context->aaaa.state = TAS_LOOKUP_ADDRESSES;
+	if ((r = _getdns_general_loop(context->sys_ctxt, loop,
+	    "data.iana.org.", GETDNS_RRTYPE_AAAA, NULL, context,
+	    &context->aaaa.req, NULL, data_iana_org))) {
+		DEBUG_ANCHOR("Error scheduling AAAA lookup for data.iana.org: "
+		             "%s\n", getdns_get_errorstr_by_id(r));
+	} else
+		scheduled += 1;
+#endif
+
+	if (!scheduled) {
+		DEBUG_ANCHOR("Fatal error fetching trust anchor: Unable to "
+		             "schedule address requests for data.iana.org\n");
+		context->trust_anchors_source = GETDNS_TASRC_FAILED;
+		_getdns_ta_notify_dnsreqs(context);
+	} else
+		context->trust_anchors_source = GETDNS_TASRC_FETCHING;
+}
+
 /* anchor.c */
diff --git a/src/anchor.h b/src/anchor.h
index b619781c..56a6cbfe 100644
--- a/src/anchor.h
+++ b/src/anchor.h
@@ -35,9 +35,12 @@
 #define ANCHOR_H_
 
 #include "getdns/getdns.h"
+#include "getdns/getdns_extra.h"
 #include <time.h>
 
 void _getdns_context_equip_with_anchor(getdns_context *context, time_t now);
 
+void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop);
+
 #endif
 /* anchor.h */
diff --git a/src/context.c b/src/context.c
index bf17436b..cbc51a8a 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1426,6 +1426,10 @@ getdns_context_create_with_extended_memory_functions(
 	result->suffixes_len = sizeof(no_suffixes);
 
 	result->trust_anchors_source = GETDNS_TASRC_NONE;
+
+	(void) memset(&result->a, 0, sizeof(result->a));
+	(void) memset(&result->aaaa, 0, sizeof(result->aaaa));
+
 	gldns_buffer_init_vfixed_frm_data(&gbuf, result->trust_anchors_spc
 	                                , sizeof(result->trust_anchors_spc));
 
diff --git a/src/context.h b/src/context.h
index 252bcd61..bdb9afa6 100644
--- a/src/context.h
+++ b/src/context.h
@@ -48,6 +48,7 @@
 #ifdef HAVE_MDNS_SUPPORT
 #include "util/lruhash.h"
 #endif
+#include "rr-iter.h"
 
 struct getdns_dns_req;
 struct ub_ctx;
@@ -95,6 +96,7 @@ typedef enum getdns_conn_state {
 typedef enum getdns_tasrc {
 	GETDNS_TASRC_NONE,
 	GETDNS_TASRC_ZONE,
+	GETDNS_TASRC_FETCHING,
 	GETDNS_TASRC_XML,
 	GETDNS_TASRC_FAILED
 } getdns_tasrc;
@@ -262,6 +264,31 @@ typedef struct getdns_upstreams {
 	getdns_upstream upstreams[];
 } getdns_upstreams;
 
+typedef enum tas_state {
+	TAS_LOOKUP_ADDRESSES = 0,
+	TAS_WRITE_GET_XML,
+	TAS_READ_XML_HDR,
+	TAS_READ_XML_DOC,
+	TAS_WRITE_GET_PS7,
+	TAS_READ_PS7_HDR,
+	TAS_READ_PS7_DOC,
+	TAS_DONE
+} tas_state;
+
+typedef struct tas_connection {
+	getdns_eventloop       *loop;
+	getdns_network_req     *req;
+	_getdns_rrset_spc       rrset_spc;
+	_getdns_rrset          *rrset;
+	_getdns_rrtype_iter     rr_spc;
+	_getdns_rrtype_iter    *rr;
+	int                    fd;
+	getdns_eventloop_event event;
+	tas_state              state;
+	getdns_tcp_state       tcp;
+	getdns_bindata         xml;
+} tas_connection;
+
 struct getdns_context {
 	/* Context values */
 	getdns_resolution_t  resolution_type;
@@ -283,9 +310,15 @@ struct getdns_context {
 	const uint8_t        *suffixes;
 	/* Length of all suffixes in the suffix buffer */
 	size_t               suffixes_len; 
+
 	uint8_t              *trust_anchors;
 	size_t                trust_anchors_len;
 	getdns_tasrc          trust_anchors_source;
+
+	tas_connection        a;
+	tas_connection        aaaa;
+	uint8_t               tas_hdr_spc[512];
+
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
diff --git a/src/dnssec.c b/src/dnssec.c
index 4b60fbc5..9cbde394 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -209,6 +209,7 @@
 #include "dict.h"
 #include "list.h"
 #include "util/val_secalgo.h"
+#include "anchor.h"
 
 #define SIGNATURE_VERIFIED         0x10000
 #define NSEC3_ITERATION_COUNT_HIGH 0x20000
@@ -2980,14 +2981,6 @@ static void append_empty_ds2val_chain_list(
 		getdns_dict_destroy(rr_dict);
 }
 
-static void data_iana_org_a(getdns_dns_req *dnsreq)
-{
-	getdns_dns_req *orig_dnsreq = (getdns_dns_req *)dnsreq->user_pointer;
-	DEBUG_SEC("Address for data.iana.org. found\n");
-	_getdns_context_cancel_request(dnsreq);
-	check_chain_complete(orig_dnsreq->chain);
-}
-
 static void check_chain_complete(chain_head *chain)
 {
 	getdns_dns_req *dnsreq;
@@ -3019,57 +3012,16 @@ static void check_chain_complete(chain_head *chain)
 			}
 		}
 
-	} else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
-		DEBUG_SEC("Need to fetch a trust anchor\n");
+	} else {
+		if (context->trust_anchors_source == GETDNS_TASRC_NONE)
+			_getdns_start_fetching_ta(context, dnsreq->loop);
 
-		dnsreq->waiting_for_ta = 1;
-		dnsreq->ta_notify = context->ta_notify;
-		context->ta_notify = dnsreq;
-
-		if (dnsreq->ta_notify)
-			return; /* Wait for the notify callback */
-
-		else if (!context->sys_ctxt) {
-			if (getdns_context_create_with_extended_memory_functions(
-			    &context->sys_ctxt, 1,
-			    context->mf.mf_arg,
-			    context->mf.mf.ext.malloc,
-			    context->mf.mf.ext.realloc,
-			    context->mf.mf.ext.free)) {
-				DEBUG_SEC("TA fetch: Error creating system context\n");
-
-			} else if (getdns_context_set_eventloop(
-			    context->sys_ctxt, context->extension) ||
-			    getdns_context_set_resolution_type(
-			    context->sys_ctxt, GETDNS_RESOLUTION_STUB)
-					) {
-				DEBUG_SEC("TA fetch: Error configuring system context\n");
-
-				getdns_context_destroy(context->sys_ctxt);
-				context->sys_ctxt = NULL;
-			}
+		if (context->trust_anchors_source == GETDNS_TASRC_FETCHING) {
+			dnsreq->waiting_for_ta = 1;
+			dnsreq->ta_notify = context->ta_notify;
+			context->ta_notify = dnsreq;
+			return;
 		}
-		if (context->sys_ctxt) {
-			DEBUG_SEC("Start of fetching of root-anchors.xml\n");
-	    		if (!_getdns_general_loop(context->sys_ctxt,
-			    dnsreq->loop, "data.iana.org.", GETDNS_RRTYPE_A,
-			    NULL, dnsreq, NULL, NULL, data_iana_org_a)
-#if 0
-			    || !_getdns_general_loop(context->sys_ctxt,
-			    dnsreq->loop, "data.iana.org.", GETDNS_RRTYPE_AAAA,
-			    NULL, context, NULL, data_iana_org_aaaa)
-#endif
-			    )
-				return;
-
-			DEBUG_SEC("Scheduling of lookup for \"data.iana.org.\" failed\n");
-
-			getdns_context_destroy(context->sys_ctxt);
-			context->sys_ctxt = NULL;
-		}
-		dnsreq->waiting_for_ta = 0;
-		context->ta_notify = dnsreq->ta_notify;
-		dnsreq->ta_notify = NULL;
 	}
 #ifdef STUB_NATIVE_DNSSEC
 	/* Perform validation only on GETDNS_RESOLUTION_STUB (unbound_id == -1)
@@ -3184,6 +3136,29 @@ static void check_chain_complete(chain_head *chain)
 	_getdns_call_user_callback(dnsreq, response_dict);
 }
 
+void _getdns_ta_notify_dnsreqs(getdns_context *context)
+{
+	getdns_dns_req **dnsreq_p, *dnsreq = NULL;
+
+	assert(context);
+
+	if (context->trust_anchors_source == GETDNS_TASRC_NONE ||
+	    context->trust_anchors_source == GETDNS_TASRC_FETCHING)
+		return;
+
+	dnsreq_p = &context->ta_notify;
+	while ((dnsreq = *dnsreq_p)) {
+
+		assert(dnsreq->waiting_for_ta && dnsreq->chain);
+
+		check_chain_complete(dnsreq->chain);
+
+		assert(*dnsreq_p != dnsreq);
+		/* if (*dnsreq_p == dnsreq)
+			dnsreq_p = &dnsreq->ta_notify; */
+	}
+}
+
 void _getdns_validation_chain_timeout(getdns_dns_req *dnsreq)
 {
 	chain_head *head = dnsreq->chain, *next;
diff --git a/src/dnssec.h b/src/dnssec.h
index b0334d52..3ffa96ee 100644
--- a/src/dnssec.h
+++ b/src/dnssec.h
@@ -48,6 +48,7 @@
 void _getdns_get_validation_chain(getdns_dns_req *dns_req);
 void _getdns_cancel_validation_chain(getdns_dns_req *dns_req);
 void _getdns_validation_chain_timeout(getdns_dns_req *dns_req);
+void _getdns_ta_notify_dnsreqs(getdns_context *context);
 
 uint16_t _getdns_parse_ta_file(time_t *ta_mtime, gldns_buffer *gbuf);
 
diff --git a/src/general.c b/src/general.c
index 280df08d..4374350e 100644
--- a/src/general.c
+++ b/src/general.c
@@ -54,6 +54,7 @@
 #include "dict.h"
 #include "mdns.h"
 #include "debug.h"
+#include "anchor.h"
 
 void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 {
@@ -578,6 +579,10 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	req->internal_cb = internal_cb;
 	req->is_sync_request = loop == &context->sync_eventloop.loop;
 
+	if (req->dnssec_return_status &&
+	    context->trust_anchors_source == GETDNS_TASRC_NONE)
+		_getdns_start_fetching_ta(context, loop);
+
 	if (return_netreq_p)
 		*return_netreq_p = req->netreqs[0];
 
diff --git a/src/stub.c b/src/stub.c
index c6f25c79..df2465ca 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -66,18 +66,6 @@
 #include "general.h"
 #include "pubkey-pinning.h"
 
-#ifdef USE_WINSOCK
-typedef u_short sa_family_t;
-#define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
-                             WSAGetLastError() == WSAEWOULDBLOCK)
-#define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
-#define _getdns_EMFILE      (WSAGetLastError() == WSAEMFILE)
-#else
-#define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
-#define _getdns_EINPROGRESS (errno == EINPROGRESS)
-#define _getdns_EMFILE      (errno == EMFILE)
-#endif
-
 /* WSA TODO: 
  * STUB_TCP_WOULDBLOCK added to deal with edge triggered event loops (versus
  * level triggered).  See also lines containing WSA TODO below...
diff --git a/src/types-internal.h b/src/types-internal.h
index 9b50fc91..a827456a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -171,7 +171,7 @@ typedef enum network_req_state_enum
 /* State for async tcp stub resolving */
 typedef struct getdns_tcp_state {
 
-	uint8_t *write_buf;
+	const uint8_t *write_buf;
 	size_t   write_buf_len;
 	size_t   written;
 
diff --git a/src/util-internal.h b/src/util-internal.h
index 6f8de235..3f4b9959 100644
--- a/src/util-internal.h
+++ b/src/util-internal.h
@@ -218,5 +218,18 @@ INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
 	return *now_ms >= expires ? 0 : expires - *now_ms;
 }
 
+
+#ifdef USE_WINSOCK
+typedef u_short sa_family_t;
+#define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
+		                             WSAGetLastError() == WSAEWOULDBLOCK)
+#define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
+#define _getdns_EMFILE      (WSAGetLastError() == WSAEMFILE)
+#else
+#define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
+#define _getdns_EINPROGRESS (errno == EINPROGRESS)
+#define _getdns_EMFILE      (errno == EMFILE)
+#endif
+
 #endif
 /* util-internal.h */

From 61561dd52700128e721098a331de2a3895fc93aa Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 10:45:51 +0200
Subject: [PATCH 017/140] Fix warnings & dependencies

---
 src/Makefile.in | 41 +++++++++++++++++++++--------------------
 src/anchor.c    |  6 ++++++
 2 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index fed842ed..02a93a0d 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -228,14 +228,14 @@ anchor.lo anchor.o: $(srcdir)/anchor.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/anchor.h \
  getdns/getdns.h \
- $(srcdir)/types-internal.h \
  getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/general.h $(srcdir)/util-internal.h
 const-info.lo const-info.o: $(srcdir)/const-info.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -244,14 +244,14 @@ context.lo context.o: $(srcdir)/context.c \
  config.h \
  $(srcdir)/anchor.h \
  getdns/getdns.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
  getdns/getdns_extra.h \
+ $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
  $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
 convert.lo convert.o: $(srcdir)/convert.c \
  config.h \
@@ -287,11 +287,11 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
  $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h
+ $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/anchor.h
 general.lo general.o: $(srcdir)/general.c \
  config.h \
  $(srcdir)/general.h \
@@ -302,9 +302,9 @@ general.lo general.o: $(srcdir)/general.c \
  $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
+ $(srcdir)/mdns.h $(srcdir)/anchor.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -324,8 +324,8 @@ mdns.lo mdns.o: $(srcdir)/mdns.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
  $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
  $(srcdir)/util/orig-headers/lookup3.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
@@ -338,8 +338,8 @@ pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
  config.h \
  $(srcdir)/types-internal.h \
@@ -374,7 +374,8 @@ server.lo server.o: $(srcdir)/server.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h
 stub.lo stub.o: $(srcdir)/stub.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/stub.h \
@@ -397,8 +398,8 @@ sync.lo sync.o: $(srcdir)/sync.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
  $(srcdir)/gldns/wire2str.h
 ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
  config.h \
diff --git a/src/anchor.c b/src/anchor.c
index 8ce1cead..08ff3aa1 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -837,10 +837,12 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		GETDNS_FREE(context->mf, p7s_data);
 }
 
+#if 0
 static const uint8_t tas_write_xml_buf[] =
 "GET /root-anchors/root-anchors.xml HTTP/1.1\r\n"
 "Host: data.iana.org\r\n"
 "\r\n";
+#endif
 
 static const uint8_t tas_write_p7s_buf[] =
 "GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
@@ -894,8 +896,10 @@ static void tas_success(getdns_context *context, tas_connection *a)
 static void tas_fail(getdns_context *context, tas_connection *a)
 {
 	tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
 	uint16_t rt = &context->a == a ? GETDNS_RRTYPE_A : GETDNS_RRTYPE_AAAA;
 	uint16_t ort = rt == GETDNS_RRTYPE_A ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A;
+#endif
 	tas_cleanup(context, a);
 
 	if (!tas_busy(other)) {
@@ -1139,7 +1143,9 @@ static void tas_write_cb(void *userarg)
 
 static void tas_connect(getdns_context *context, tas_connection *a)
 {
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
 	char a_buf[40];
+#endif
 	int r;
 
 #ifdef HAVE_FCNTL

From 77d13f885e96609501eda7d3eba282f294119fe4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 11:08:20 +0200
Subject: [PATCH 018/140] unused function warning

---
 src/anchor.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/anchor.c b/src/anchor.c
index 08ff3aa1..bc39c65d 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -858,8 +858,10 @@ static const uint8_t tas_write_xml_p7s_buf[] =
 "\r\n";
 
 
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
 static inline const char * rt_str(uint16_t rt)
 { return rt == GETDNS_RRTYPE_A ? "A" : rt == GETDNS_RRTYPE_AAAA ? "AAAA" : "?"; }
+#endif
 
 static int tas_busy(tas_connection *a)
 {

From 4a5f03ebbe10634a33816253247a734c01508362 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 21:14:02 +0200
Subject: [PATCH 019/140] Anticipate surplus reads

---
 src/anchor.c  | 55 +++++++++++++++++++++++++++++++++++++++------------
 src/context.c |  2 ++
 2 files changed, 44 insertions(+), 13 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index bc39c65d..a0ef411d 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -881,6 +881,7 @@ static void tas_cleanup(getdns_context *context, tas_connection *a)
 	if (a->tcp.read_buf && a->tcp.read_buf != context->tas_hdr_spc)
 		GETDNS_FREE(context->mf, a->tcp.read_buf);
 	(void) memset(a, 0, sizeof(*a));
+	a->fd = -1;
 }
 
 static void tas_success(getdns_context *context, tas_connection *a)
@@ -945,12 +946,17 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 	DEBUG_ANCHOR("doc (size: %d): \"%.*s\"\n",
 	    (int)a->tcp.read_buf_len,
 	    (int)a->tcp.read_buf_len, (char *)a->tcp.read_buf);
+
+	assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
+
 	if (a->state == TAS_READ_XML_DOC) {
 		if (a->xml.data)
 			GETDNS_FREE(context->mf, a->xml.data);
 		a->xml.data = a->tcp.read_buf;
 		a->xml.size = a->tcp.read_buf_len;
-	}
+	} else
+		assert(a->state == TAS_READ_PS7_DOC);
+
 	a->state += 1;
 	GETDNS_CLEAR_EVENT(a->loop, &a->event);
 	if (a->state == TAS_DONE) {
@@ -983,9 +989,16 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 	assert(a->state == TAS_READ_PS7_HDR);
 	a->tcp.read_buf = context->tas_hdr_spc;
 	a->tcp.read_buf_len = sizeof(context->tas_hdr_spc);
-	a->tcp.read_pos = a->tcp.read_buf;
-	a->tcp.to_read = sizeof(context->tas_hdr_spc);
 
+	/* Check for surplus read bytes, for the P7S headers */
+	if (a->tcp.to_read > 0) {
+		a->tcp.read_pos = a->tcp.read_buf + a->tcp.to_read;
+		a->tcp.to_read  = sizeof(context->tas_hdr_spc)
+		                                  - a->tcp.to_read;
+	} else {
+		a->tcp.read_pos = a->tcp.read_buf;
+		a->tcp.to_read = sizeof(context->tas_hdr_spc);
+	}
 	GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 50,
 	    getdns_eventloop_event_init(&a->event, a->req->owner,
 	    tas_read_cb, NULL, tas_timeout_cb));
@@ -1065,28 +1078,44 @@ static void tas_read_cb(void *userarg)
 			if (!doc)
 				DEBUG_ANCHOR("Memory error");
 			else {
+				ssize_t surplus = n - i;
+
 				a->state += 1;
-				/* TODO: With pipelined read, the buffer might
+				/* With pipelined read, the buffer might
 				 * contain the full document, plus a piece
 				 * of the headers of the next document!
 				 * Currently context->tas_hdr_spc is kept
 				 * small enough to anticipate this.
 				 */
-				if (n - i > 0) {
-					if ((n - i) > doc_len)
-						n -= (doc_len - i);
-					(void) memcpy(
-					    doc, a->tcp.read_buf + i, (n - i));
-					a->tcp.read_pos = doc + (n - i);
-					a->tcp.to_read = doc_len - (n - i);
-				} else {
+				if (surplus <= 0) {
 					a->tcp.read_pos = doc;
 					a->tcp.to_read = doc_len;
+				} else if (surplus > doc_len) {
+					(void) memcpy(
+					    doc, a->tcp.read_buf + i, doc_len);
+					a->tcp.read_pos = doc + doc_len;
+
+					/* Special value to indicate a begin
+					 * of the next reply is already
+					 * present.  Detectable by:
+					 * (read_pos == read_buf + read_buf_len)
+					 * && to_read > 0;
+					 */
+					a->tcp.to_read = surplus - doc_len;
+					(void) memmove(a->tcp.read_buf,
+					    a->tcp.read_buf + i + doc_len,
+					    surplus - doc_len);
+				} else {
+					assert(surplus <= doc_len);
+					(void) memcpy(
+					    doc, a->tcp.read_buf + i, surplus);
+					a->tcp.read_pos = doc + surplus;
+					a->tcp.to_read = doc_len - surplus;
 				}
 				a->tcp.read_buf = doc;
 				a->tcp.read_buf_len = doc_len;
 
-				if (a->tcp.to_read == 0)
+				if (a->tcp.read_pos == doc + doc_len)
 					tas_doc_read(context, a);
 				return;
 			}
diff --git a/src/context.c b/src/context.c
index cbc51a8a..67977d63 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1429,6 +1429,8 @@ getdns_context_create_with_extended_memory_functions(
 
 	(void) memset(&result->a, 0, sizeof(result->a));
 	(void) memset(&result->aaaa, 0, sizeof(result->aaaa));
+	result->a.fd = -1;
+	result->aaaa.fd = -1;
 
 	gldns_buffer_init_vfixed_frm_data(&gbuf, result->trust_anchors_spc
 	                                , sizeof(result->trust_anchors_spc));

From f9bdedbf84e718116821fd3e08b6cd4f22c77b8b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 22:00:14 +0200
Subject: [PATCH 020/140] Reconnect on pipelining failure

---
 src/anchor.c  | 76 +++++++++++++++++++++++++++++++++------------------
 src/context.h |  7 ++++-
 2 files changed, 56 insertions(+), 27 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index a0ef411d..538bd49f 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -837,13 +837,6 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		GETDNS_FREE(context->mf, p7s_data);
 }
 
-#if 0
-static const uint8_t tas_write_xml_buf[] =
-"GET /root-anchors/root-anchors.xml HTTP/1.1\r\n"
-"Host: data.iana.org\r\n"
-"\r\n";
-#endif
-
 static const uint8_t tas_write_p7s_buf[] =
 "GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
 "Host: data.iana.org\r\n"
@@ -939,6 +932,28 @@ static void tas_timeout_cb(void *userarg)
 	tas_next(context, a);
 }
 
+
+static void tas_reconnect_cb(void *userarg)
+{
+	getdns_dns_req *dnsreq = (getdns_dns_req *)userarg;
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+	tas_connection *a;
+
+	if (dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A)
+		a = &context->a;
+	else	a = &context->aaaa;
+
+	DEBUG_ANCHOR("Waiting for second document timeout. Reconnecting...\n");
+	GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	close(a->fd);
+	a->fd = -1;
+	if (a->state == TAS_READ_PS7_HDR) {
+		a->state = TAS_RETRY;
+		tas_connect(context, a);
+	} else
+		tas_next(context, a);
+}
+
 static void tas_read_cb(void *userarg);
 static void tas_write_cb(void *userarg);
 static void tas_doc_read(getdns_context *context, tas_connection *a)
@@ -955,11 +970,12 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		a->xml.data = a->tcp.read_buf;
 		a->xml.size = a->tcp.read_buf_len;
 	} else
-		assert(a->state == TAS_READ_PS7_DOC);
+		assert(a->state == TAS_READ_PS7_DOC ||
+		       a->state == TAS_RETRY_PS7_DOC);
 
 	a->state += 1;
 	GETDNS_CLEAR_EVENT(a->loop, &a->event);
-	if (a->state == TAS_DONE) {
+	if (a->state == TAS_DONE || a->state == TAS_RETRY_DONE) {
 		getdns_bindata p7s_bd;
 		uint8_t *tas = context->trust_anchors_spc;
 		size_t tas_len = sizeof(context->trust_anchors_spc);
@@ -979,11 +995,6 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 			tas_fail(context, a);
 		return;
 	}
-	assert(a->state == TAS_WRITE_GET_PS7);
-	a->tcp.write_buf = tas_write_p7s_buf;
-	a->tcp.write_buf_len = sizeof(tas_write_p7s_buf) - 1;
-	a->tcp.written = 0;
-
 	/* First try to read signatures immediately */
 	a->state += 1;
 	assert(a->state == TAS_READ_PS7_HDR);
@@ -1001,12 +1012,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 	}
 	GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 50,
 	    getdns_eventloop_event_init(&a->event, a->req->owner,
-	    tas_read_cb, NULL, tas_timeout_cb));
-#if 0
-	GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
-	    getdns_eventloop_event_init(&a->event, a->req->owner,
-	    NULL, tas_write_cb, tas_timeout_cb));
-#endif
+	    tas_read_cb, NULL, tas_reconnect_cb));
 	return;
 }
 
@@ -1025,8 +1031,21 @@ static void tas_read_cb(void *userarg)
 	            , (int)a->state, (int)a->tcp.to_read);
 
 	n = read(a->fd, a->tcp.read_pos, a->tcp.to_read);
-	if (n >= 0 && (  a->state == TAS_READ_XML_DOC
-	              || a->state == TAS_READ_PS7_DOC)) {
+	if (n == 0) {
+		DEBUG_ANCHOR("Connection closed\n");
+		GETDNS_CLEAR_EVENT(a->loop, &a->event);
+		close(a->fd);
+		a->fd = -1;
+		if (a->state == TAS_READ_PS7_HDR) {
+			a->state = TAS_RETRY;
+			tas_connect(context, a);
+		} else
+			tas_next(context, a);
+		return;
+
+	} else if (n > 0 && (  a->state == TAS_READ_XML_DOC
+	              || a->state == TAS_READ_PS7_DOC
+		      || a->state == TAS_RETRY_PS7_DOC)) {
 
 		assert(n <= (ssize_t)a->tcp.to_read);
 
@@ -1038,7 +1057,7 @@ static void tas_read_cb(void *userarg)
 			tas_doc_read(context, a);
 		return;
 
-	} else if (n >= 0) {
+	} else if (n > 0) {
 		ssize_t p = 0;
 		int doc_len = -1;
 		int len;
@@ -1123,7 +1142,7 @@ static void tas_read_cb(void *userarg)
 	} else if (_getdns_EWOULDBLOCK)
 		return;
 
-	DEBUG_ANCHOR("Read error: %s\n", strerror(errno));
+	DEBUG_ANCHOR("Read error: %d %s\n", (int)n, strerror(errno));
 	GETDNS_CLEAR_EVENT(a->loop, &a->event);
 	tas_next(context, a);
 }
@@ -1236,8 +1255,13 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 				   _getdns_EWOULDBLOCK))) {
 
 		a->state += 1;
-		a->tcp.write_buf = tas_write_xml_p7s_buf;
-		a->tcp.write_buf_len = sizeof(tas_write_xml_p7s_buf) - 1;
+		if (a->state == TAS_RETRY_GET_PS7) {
+			a->tcp.write_buf = tas_write_p7s_buf;
+			a->tcp.write_buf_len = sizeof(tas_write_p7s_buf) - 1;
+		} else {
+			a->tcp.write_buf = tas_write_xml_p7s_buf;
+			a->tcp.write_buf_len = sizeof(tas_write_xml_p7s_buf) - 1;
+		}
 		a->tcp.written = 0;
 
 		GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
diff --git a/src/context.h b/src/context.h
index bdb9afa6..9d70282f 100644
--- a/src/context.h
+++ b/src/context.h
@@ -272,7 +272,12 @@ typedef enum tas_state {
 	TAS_WRITE_GET_PS7,
 	TAS_READ_PS7_HDR,
 	TAS_READ_PS7_DOC,
-	TAS_DONE
+	TAS_DONE,
+	TAS_RETRY,
+	TAS_RETRY_GET_PS7,
+	TAS_RETRY_PS7_HDR,
+	TAS_RETRY_PS7_DOC,
+	TAS_RETRY_DONE
 } tas_state;
 
 typedef struct tas_connection {

From 8ec1f8eae927f665d3eac6234dddbba51399f20d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 30 Jun 2017 22:51:03 +0200
Subject: [PATCH 021/140] Happy Eyeballs

---
 src/anchor.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 64 insertions(+), 8 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 538bd49f..53696935 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -861,18 +861,33 @@ static int tas_busy(tas_connection *a)
 	return a->req != NULL;
 }
 
-static void tas_cleanup(getdns_context *context, tas_connection *a)
+static int tas_fetching(tas_connection *a)
+{
+	return a->fd >= 0;
+}
+
+static void tas_rinse(getdns_context *context, tas_connection *a)
 {
-	if (a->req)
-		_getdns_context_cancel_request(a->req->owner);
 	if (a->event.ev)
 		GETDNS_CLEAR_EVENT(a->loop, &a->event);
+	a->event.ev = NULL;
 	if (a->fd >= 0)
 		close(a->fd);
+	a->fd = -1;
 	if (a->xml.data)
 		GETDNS_FREE(context->mf, a->xml.data);
+	a->xml.data = NULL;
+	a->xml.size = 0;
 	if (a->tcp.read_buf && a->tcp.read_buf != context->tas_hdr_spc)
 		GETDNS_FREE(context->mf, a->tcp.read_buf);
+	a->tcp.read_buf = NULL;
+}
+
+static void tas_cleanup(getdns_context *context, tas_connection *a)
+{
+	tas_rinse(context, a);
+	if (a->req)
+		_getdns_context_cancel_request(a->req->owner);
 	(void) memset(a, 0, sizeof(*a));
 	a->fd = -1;
 }
@@ -911,10 +926,20 @@ static void tas_fail(getdns_context *context, tas_connection *a)
 static void tas_connect(getdns_context *context, tas_connection *a);
 static void tas_next(getdns_context *context, tas_connection *a)
 {
+	tas_connection *other = a == &context->a ? &context->aaaa : &context->a;
+
 	DEBUG_ANCHOR("Try next address\n");
-	if (!(a->rr = _getdns_rrtype_iter_next(a->rr)))
-		tas_fail(context, a);
-	else	tas_connect(context, a);
+
+	if (a->rr) {
+		if (!(a->rr = _getdns_rrtype_iter_next(a->rr)))
+			tas_fail(context, a);
+		else	tas_rinse(context, a);
+	}
+	if (other->rr)
+		tas_connect(context, other);
+
+	else if (a->rr)
+		tas_connect(context, a);
 }
 
 static void tas_timeout_cb(void *userarg)
@@ -1275,6 +1300,18 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 	tas_next(context, a);
 }
 
+static void tas_happy_eyeballs_cb(void *userarg)
+{
+	getdns_dns_req *dnsreq = (getdns_dns_req *)userarg;
+	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
+
+	assert(dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A);
+	if (tas_fetching(&context->aaaa))
+		return;
+	else
+		tas_connect(context, &context->a);
+}
+
 static void data_iana_org(getdns_dns_req *dnsreq)
 {
 	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
@@ -1300,8 +1337,27 @@ static void data_iana_org(getdns_dns_req *dnsreq)
 		DEBUG_ANCHOR("%s lookup for data.iana.org. returned no "
 		             "addresses\n", rt_str(a->req->request_type));
 	else {
+		tas_connection *other = a == &context->a ? &context->aaaa
+		                                         : &context->a;
 		a->loop = dnsreq->loop;
-		tas_connect(context, a);
+
+		if (tas_fetching(other))
+			; /* pass */
+
+		else if (a == &context->a && tas_busy(other)) {
+			DEBUG_ANCHOR("Postponing connection initiation: "
+			             "Happy Eyeballs\n");
+			GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 25,
+			    getdns_eventloop_event_init(&a->event,
+			    a->req->owner, NULL, NULL, tas_happy_eyeballs_cb));
+		} else {
+			if (other->event.ev &&
+			    other->event.timeout_cb == tas_happy_eyeballs_cb) {
+				DEBUG_ANCHOR("Clearing Happy Eyeballs timer\n");
+				GETDNS_CLEAR_EVENT(other->loop, &other->event);
+			}
+			tas_connect(context, a);
+		}
 		return;
 	}
 	tas_fail(context, a);
@@ -1359,7 +1415,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		scheduled += 1;
 #endif
 
-#if 0
+#if 1
 	context->aaaa.state = TAS_LOOKUP_ADDRESSES;
 	if ((r = _getdns_general_loop(context->sys_ctxt, loop,
 	    "data.iana.org.", GETDNS_RRTYPE_AAAA, NULL, context,

From 2b20f35e0ec8b1f3f0e7803f33ff0e6ef340d310 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 1 Jul 2017 00:05:20 +0200
Subject: [PATCH 022/140] Write fetched trust anchor

---
 src/anchor.c  |  5 ++++-
 src/context.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++--
 src/context.h |  3 +++
 3 files changed, 53 insertions(+), 3 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 53696935..17a17138 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -1014,7 +1014,10 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		if (tas) {
 			context->trust_anchors = tas;
 			context->trust_anchors_len = tas_len;
-			/* TODO: Try to write xml & p7s */
+			_getdns_context_write_priv_file(
+			    context, "root-anchors.xml", &a->xml);
+			_getdns_context_write_priv_file(
+			    context, "root-anchors.p7s", &p7s_bd);
 			tas_success(context, a);
 		} else
 			tas_fail(context, a);
diff --git a/src/context.c b/src/context.c
index 67977d63..668cf6b5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4528,12 +4528,12 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict)
 uint8_t *_getdns_context_get_priv_file(getdns_context *context,
     const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz)
 {
-	char path[FILENAME_MAX];
+	char path[PATH_MAX];
 	int n;
 	FILE *f;
 
 	n = snprintf(path, sizeof(path), "%s/.getdns/%s", getenv("HOME"), fn);
-	if (n < 0 || n > FILENAME_MAX)
+	if (n < 0 || n > PATH_MAX)
 		return NULL;
 
 	if (!(f = fopen(path, "r")))
@@ -4558,4 +4558,48 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 	return buf;
 }
 
+void _getdns_context_write_priv_file(getdns_context *context,
+    const char *fn, getdns_bindata *content)
+{
+	char path[PATH_MAX], tmpfn[PATH_MAX];
+	int n, fd;
+	FILE *f;
+
+	(void)context;
+
+	DEBUG_ANCHOR("%s\n", __FUNC__);
+
+	n = snprintf( path, sizeof( path), "%s/.getdns/%s"  , getenv("HOME"), fn);
+	if (n < 0 || n > PATH_MAX) {
+		DEBUG_ANCHOR("Could not create filename for writing\n");
+		return;
+	}
+
+	n = snprintf(tmpfn, sizeof(tmpfn), "%s/.getdns/XXXXXX", getenv("HOME"));
+	if (n < 0 || n > PATH_MAX) {
+		DEBUG_ANCHOR("Could not create tmpfn for writing\n");
+		return;
+	}
+
+	if ((fd = mkstemp(tmpfn)) < 0) {
+		DEBUG_ANCHOR("Could not create temporary file from \"%s\": %s\n",
+		    tmpfn, strerror(errno));
+		return;
+	}
+
+	if (!(f = fdopen(fd, "w"))) {
+		close(fd);
+		return;
+	}
+	if (fwrite(content->data, 1, content->size, f) != content->size)
+		fclose(f);
+	else {
+		fclose(f);
+		if (rename(tmpfn, path) == -1)
+			DEBUG_ANCHOR("Could not mv \"%s\" \"%s\": %s\n",
+			    tmpfn, path, strerror(errno));
+	}
+}
+
+
 /* context.c */
diff --git a/src/context.h b/src/context.h
index 9d70282f..165dd2a4 100644
--- a/src/context.h
+++ b/src/context.h
@@ -531,4 +531,7 @@ void _getdns_upstream_shutdown(getdns_upstream *upstream);
 uint8_t *_getdns_context_get_priv_file(getdns_context *context,
     const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
 
+void _getdns_context_write_priv_file(getdns_context *context,
+    const char *fn, getdns_bindata *content);
+
 #endif /* _GETDNS_CONTEXT_H_ */

From 59ff5e8178974c2f280c5ab56500ac1f622644f4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 1 Jul 2017 00:45:09 +0200
Subject: [PATCH 023/140] 0 terminate xml files

---
 src/anchor.c                                   | 3 ++-
 src/context.c                                  | 5 +++--
 src/test/tpkg/100-compile.tpkg/100-compile.pre | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 17a17138..1a9b640a 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -1118,7 +1118,8 @@ static void tas_read_cb(void *userarg)
 		}
 		if (doc_len > 0) {
 			uint8_t *doc = GETDNS_XMALLOC(
-			    context->mf, uint8_t, doc_len);
+			    context->mf, uint8_t, doc_len + 1);
+			doc[doc_len] = 0;
 
 			DEBUG_ANCHOR("i: %d, n: %d, doc_len: %d\n"
 			            , (int)i, (int)n, doc_len);
diff --git a/src/context.c b/src/context.c
index 668cf6b5..4c78368b 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4539,8 +4539,8 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 	if (!(f = fopen(path, "r")))
 		return NULL;
 
-	if ((*file_sz = fread(buf, 1, buf_len, f)) < buf_len && feof(f))
-		; /* pass */
+	if ((*file_sz = fread(buf, 1, buf_len, f)) < (buf_len  - 1) && feof(f))
+		buf[*file_sz] = 0;
 
 	else if (fseek(f, 0, SEEK_END) < 0)
 		buf = NULL;
@@ -4553,6 +4553,7 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 			GETDNS_FREE(context->mf, buf);
 			buf = NULL;
 		}
+		buf[*file_sz] = 0;
 	}
 	(void) fclose(f);
 	return buf;
diff --git a/src/test/tpkg/100-compile.tpkg/100-compile.pre b/src/test/tpkg/100-compile.tpkg/100-compile.pre
index 6b76edba..ea1cacee 100644
--- a/src/test/tpkg/100-compile.tpkg/100-compile.pre
+++ b/src/test/tpkg/100-compile.tpkg/100-compile.pre
@@ -25,4 +25,4 @@ done
 rm -fr "${BUILDDIR}/build"
 mkdir  "${BUILDDIR}/build"
 cd "${BUILDDIR}/build"
-"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install"
+"${SRCROOT}/configure" $* --prefix "${BUILDDIR}/install" --enable-debug-anchor

From 11138ff6788a42c42cba38e780dc2f10ce139237 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 1 Jul 2017 01:00:40 +0200
Subject: [PATCH 024/140] Also register application set trust anchors

---
 src/context.c | 2 ++
 src/context.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/src/context.c b/src/context.c
index 4c78368b..efe30bed 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2637,9 +2637,11 @@ getdns_context_set_dnssec_trust_anchors(
 		context->trust_anchors = _getdns_list2wire(value,
 		    context->trust_anchors_spc, &context->trust_anchors_len,
 		    &context->mf);
+		context->trust_anchors_source = GETDNS_TASRC_APP;
 	} else {
 		context->trust_anchors = NULL;
 		context->trust_anchors_len = 0;
+		context->trust_anchors_source = GETDNS_TASRC_NONE;
 	}
 	dispatch_updated(context, GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS);
 	return GETDNS_RETURN_GOOD;
diff --git a/src/context.h b/src/context.h
index 165dd2a4..b31c079d 100644
--- a/src/context.h
+++ b/src/context.h
@@ -96,6 +96,7 @@ typedef enum getdns_conn_state {
 typedef enum getdns_tasrc {
 	GETDNS_TASRC_NONE,
 	GETDNS_TASRC_ZONE,
+	GETDNS_TASRC_APP,
 	GETDNS_TASRC_FETCHING,
 	GETDNS_TASRC_XML,
 	GETDNS_TASRC_FAILED

From 7151e6fd4485d55e28ce2cbea67f15544c4dc783 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 1 Jul 2017 01:01:17 +0200
Subject: [PATCH 025/140] Deal with leaking timeouts (between sync and async
 loop)

---
 src/extension/poll_eventloop.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index e796de10..b4f204b1 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -296,7 +296,8 @@ poll_read_cb(int fd, getdns_eventloop_event *event)
 	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
-	event->read_cb(event->userarg);
+	if (event && event->read_cb)
+		event->read_cb(event->userarg);
 }
 
 static void
@@ -306,14 +307,16 @@ poll_write_cb(int fd, getdns_eventloop_event *event)
 	(void)fd;
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
-	event->write_cb(event->userarg);
+	if (event && event->write_cb)
+		event->write_cb(event->userarg);
 }
 
 static void
 poll_timeout_cb(getdns_eventloop_event *event)
 {
 	DEBUG_SCHED( "%s(event: %p)\n", __FUNC__, (void *)event);
-	event->timeout_cb(event->userarg);
+	if (event && event->timeout_cb)
+		event->timeout_cb(event->userarg);
 }
 
 static void

From 44065bead8303b5c058104adad033f0866209bf0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 6 Jul 2017 00:26:21 +0200
Subject: [PATCH 026/140] Initial windows work

---
 configure.ac                     |  37 +++-
 src/compat/strptime.c            | 345 +++++++++++++++++++++++++++++++
 src/extension/select_eventloop.h |   1 +
 src/util/val_secalgo.h           |   2 +
 4 files changed, 384 insertions(+), 1 deletion(-)
 create mode 100644 src/compat/strptime.c

diff --git a/configure.ac b/configure.ac
index c39bec81..3efbe5f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -288,6 +288,33 @@ case "$enable_native_stub_dnssec" in
 		;;
 esac
 
+# check wether strptime also works
+AC_DEFUN([AC_CHECK_STRPTIME_WORKS],
+[AC_REQUIRE([AC_PROG_CC])
+AC_MSG_CHECKING(whether strptime works)
+if test c${cross_compiling} = cno; then
+AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#define _XOPEN_SOURCE 600
+#include <time.h>
+int main(void) { struct tm tm; char *res;
+res = strptime("2010-07-15T00:00:00+00:00", "%t%Y%t-%t%m%t-%t%d%tT%t%H%t:%t%M%t:%t%S%t", &tm);
+if (!res) return 2;
+res = strptime("20070207111842", "%Y%m%d%H%M%S", &tm);
+if (!res) return 1; return 0; }
+]])] , [eval "ac_cv_c_strptime_works=yes"], [eval "ac_cv_c_strptime_works=no"])
+else
+eval "ac_cv_c_strptime_works=maybe"
+fi
+AC_MSG_RESULT($ac_cv_c_strptime_works)
+if test $ac_cv_c_strptime_works = no; then
+AC_LIBOBJ(strptime)
+else
+AC_DEFINE_UNQUOTED([STRPTIME_WORKS], 1, [use default strptime.])
+fi
+])dnl
+
+AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
+
 # search to set include and library paths right
 # find libidn (no libidn on windows though)
 AC_CHECK_HEADERS([windows.h winsock.h stdio.h winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
@@ -1294,9 +1321,11 @@ const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
 
 #ifdef USE_WINSOCK
+# ifndef vsnprintf
 static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
 { int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
-# define vsnprintf _gldns_custom_vsnprintf
+#  define vsnprintf _gldns_custom_vsnprintf
+# endif
 #endif
 
 #ifdef __cplusplus
@@ -1371,6 +1400,12 @@ static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *fo
 # endif
 #endif
 
+#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
+#define strptime unbound_strptime
+struct tm;
+char *strptime(const char *s, const char *format, struct tm *tm);
+#endif
+
 #ifdef HAVE_LIBUNBOUND
 # include <unbound.h>
 # ifdef HAVE_UNBOUND_EVENT_H
diff --git a/src/compat/strptime.c b/src/compat/strptime.c
new file mode 100644
index 00000000..10ec3157
--- /dev/null
+++ b/src/compat/strptime.c
@@ -0,0 +1,345 @@
+/** strptime workaround (for oa macos leopard)
+  * This strptime follows the man strptime (2001-11-12)
+  *		conforming to SUSv2, POSIX.1-2001
+  *
+  * This very simple version of strptime has no:
+  * - E alternatives
+  * - O alternatives
+  * - Glibc additions
+  * - Does not process week numbers
+  * - Does not properly processes year day
+  *
+  * LICENSE
+  * Copyright (c) 2008, NLnet Labs, Matthijs Mekking
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions are met:
+  * * Redistributions of source code must retain the above copyright notice,
+  *     this list of conditions and the following disclaimer.
+  * * Redistributions in binary form must reproduce the above copyright
+  *   notice, this list of conditions and the following disclaimer in the
+  *   documentation and/or other materials provided with the distribution.
+  * * Neither the name of NLnetLabs nor the names of its
+  *   contributors may be used to endorse or promote products derived from this
+  *   software without specific prior written permission.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+  * POSSIBILITY OF SUCH DAMAGE.
+ **/
+
+#include "config.h"
+
+#ifndef HAVE_CONFIG_H
+#include <time.h>
+#endif
+
+#ifndef STRPTIME_WORKS
+
+#define TM_YEAR_BASE 1900
+
+#include <ctype.h>
+#include <string.h>
+
+static const char *abb_weekdays[] = {
+	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
+};
+static const char *full_weekdays[] = {
+	"Sunday", "Monday", "Tuesday", "Wednesday",
+	"Thursday", "Friday", "Saturday", NULL
+};
+static const char *abb_months[] = {
+	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL
+};
+static const char *full_months[] = {
+	"January", "February", "March", "April", "May", "June",
+	"July", "August", "September", "October", "November", "December", NULL
+};
+static const char *ampm[] = {
+    "am", "pm", NULL
+};
+
+static int
+match_string(const char **buf, const char **strs)
+{
+	int i = 0;
+
+	for (i = 0; strs[i] != NULL; i++) {
+		int len = strlen(strs[i]);
+		if (strncasecmp (*buf, strs[i], len) == 0) {
+			*buf += len;
+			return i;
+		}
+	}
+	return -1;
+}
+
+static int
+str2int(const char **buf, int max)
+{
+	int ret=0, count=0;
+
+	while (*buf[0] != '\0' && isdigit((unsigned char)*buf[0]) && count<max) {
+		ret = ret*10 + (*buf[0] - '0');
+		(*buf)++;
+		count++;
+	}
+
+	if (!count)
+		return -1;
+	return ret;
+}
+
+/** Converts the character string s to values which are stored in tm
+  * using the format specified by format
+ **/
+char *
+unbound_strptime(const char *s, const char *format, struct tm *tm)
+{
+	int c, ret;
+	int split_year = 0;
+
+	while ((c = *format) != '\0') {
+		/* whitespace, literal or format */
+		if (isspace((unsigned char)c)) { /* whitespace */
+			/** whitespace matches zero or more whitespace characters in the
+			  * input string.
+			 **/
+			while (isspace((unsigned char)*s))
+				s++;
+		}
+		else if (c == '%') { /* format */
+			format++;
+			c = *format;
+			switch (c) {
+				case '%': /* %% is converted to % */
+					if (*s != c) {
+						return NULL;
+					}
+					s++;
+					break;
+				case 'a': /* weekday name, abbreviated or full */
+				case 'A':
+					ret = match_string(&s, full_weekdays);
+					if (ret < 0)
+						ret = match_string(&s, abb_weekdays);
+					if (ret < 0) {
+						return NULL;
+					}
+					tm->tm_wday = ret;
+					break;
+				case 'b': /* month name, abbreviated or full */
+				case 'B':
+				case 'h':
+					ret = match_string(&s, full_months);
+					if (ret < 0)
+						ret = match_string(&s, abb_months);
+					if (ret < 0) {
+						return NULL;
+					}
+					tm->tm_mon = ret;
+					break;
+				case 'c': /* date and time representation */
+					if (!(s = unbound_strptime(s, "%x %X", tm))) {
+						return NULL;
+					}
+					break;
+				case 'C': /* century number */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 99) { /* must be in [00,99] */
+						return NULL;
+					}
+
+					if (split_year)	{
+						tm->tm_year = ret*100 + (tm->tm_year%100);
+					}
+					else {
+						tm->tm_year = ret*100 - TM_YEAR_BASE;
+						split_year = 1;
+					}
+					break;
+				case 'd': /* day of month */
+				case 'e':
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 31) { /* must be in [01,31] */
+						return NULL;
+					}
+					tm->tm_mday = ret;
+					break;
+				case 'D': /* equivalent to %m/%d/%y */
+					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
+						return NULL;
+					}
+					break;
+				case 'H': /* hour */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 23) { /* must be in [00,23] */
+						return NULL;
+					}
+					tm->tm_hour = ret;
+					break;
+				case 'I': /* 12hr clock hour */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 12) { /* must be in [01,12] */
+						return NULL;
+					}
+					if (ret == 12) /* actually [0,11] */
+						ret = 0;
+					tm->tm_hour = ret;
+					break;
+				case 'j': /* day of year */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 366) { /* must be in [001,366] */
+						return NULL;
+					}
+					tm->tm_yday = ret;
+					break;
+				case 'm': /* month */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 12) { /* must be in [01,12] */
+						return NULL;
+					}
+					/* months go from 0-11 */
+					tm->tm_mon = (ret-1);
+					break;
+				case 'M': /* minute */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 59) { /* must be in [00,59] */
+						return NULL;
+					}
+					tm->tm_min = ret;
+					break;
+				case 'n': /* arbitrary whitespace */
+				case 't':
+					while (isspace((unsigned char)*s))
+						s++;
+					break;
+				case 'p': /* am pm */
+					ret = match_string(&s, ampm);
+					if (ret < 0) {
+						return NULL;
+					}
+					if (tm->tm_hour < 0 || tm->tm_hour > 11) { /* %I */
+						return NULL;
+					}
+
+					if (ret == 1) /* pm */
+						tm->tm_hour += 12;
+					break;
+				case 'r': /* equivalent of %I:%M:%S %p */
+					if (!(s = unbound_strptime(s, "%I:%M:%S %p", tm))) {
+						return NULL;
+					}
+					break;
+				case 'R': /* equivalent of %H:%M */
+					if (!(s = unbound_strptime(s, "%H:%M", tm))) {
+						return NULL;
+					}
+					break;
+				case 'S': /* seconds */
+					ret = str2int(&s, 2);
+					/* 60 may occur for leap seconds */
+					/* earlier 61 was also allowed */
+					if (ret < 0 || ret > 60) { /* must be in [00,60] */
+						return NULL;
+					}
+					tm->tm_sec = ret;
+					break;
+				case 'T': /* equivalent of %H:%M:%S */
+					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
+						return NULL;
+					}
+					break;
+				case 'U': /* week number, with the first Sun of Jan being w1 */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 53) { /* must be in [00,53] */
+						return NULL;
+					}
+					/** it is hard (and not necessary for nsd) to determine time
+					  * data from week number.
+					 **/
+					break;
+				case 'w': /* day of week */
+					ret = str2int(&s, 1);
+					if (ret < 0 || ret > 6) { /* must be in [0,6] */
+						return NULL;
+					}
+					tm->tm_wday = ret;
+					break;
+				case 'W': /* week number, with the first Mon of Jan being w1 */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 53) { /* must be in [00,53] */
+						return NULL;
+					}
+					/** it is hard (and not necessary for nsd) to determine time
+					  * data from week number.
+					 **/
+					break;
+				case 'x': /* date format */
+					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
+						return NULL;
+					}
+					break;
+				case 'X': /* time format */
+					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
+						return NULL;
+					}
+					break;
+				case 'y': /* last two digits of a year */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 99) { /* must be in [00,99] */
+						return NULL;
+					}
+					if (split_year) {
+						tm->tm_year = ((tm->tm_year/100) * 100) + ret;
+					}
+					else {
+						split_year = 1;
+
+						/** currently:
+						  * if in [0,68] we are in 21th century,
+						  * if in [69,99] we are in 20th century.
+						 **/
+						if (ret < 69) /* 2000 */
+							ret += 100;
+						tm->tm_year = ret;
+					}
+					break;
+				case 'Y': /* year */
+					ret = str2int(&s, 4);
+					if (ret < 0 || ret > 9999) {
+						return NULL;
+					}
+					tm->tm_year = ret - TM_YEAR_BASE;
+					break;
+				case '\0':
+				default: /* unsupported, cannot match format */
+					return NULL;
+					break;
+			}
+		}
+		else { /* literal */
+			/* if input cannot match format, return NULL */
+			if (*s != c)
+				return NULL;
+			s++;
+		}
+
+		format++;
+	}
+
+	/* return pointer to remainder of s */
+	return (char*) s;
+}
+
+#endif /* STRPTIME_WORKS */
diff --git a/src/extension/select_eventloop.h b/src/extension/select_eventloop.h
index e830a2ac..88f82a14 100644
--- a/src/extension/select_eventloop.h
+++ b/src/extension/select_eventloop.h
@@ -34,6 +34,7 @@
 #include "config.h"
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
+#include "types-internal.h"
 
 /* No more than select's capability queries can be outstanding,
  * The number of outstanding timeouts should be less or equal then
diff --git a/src/util/val_secalgo.h b/src/util/val_secalgo.h
index 55bf423e..08f40e83 100644
--- a/src/util/val_secalgo.h
+++ b/src/util/val_secalgo.h
@@ -45,6 +45,8 @@
 #define sec_status_insecure		_getdns_sec_status_insecure
 #define sec_status_unchecked		_getdns_sec_status_unchecked
 #define sec_status_bogus		_getdns_sec_status_bogus
+#define fake_sha1			_getdns_fake_sha1
+#define fake_dsa			_getdns_fake_dsa
 
 enum sec_status { sec_status_bogus     = 0
                 , sec_status_unchecked = 0

From 2e4e3873e4279365199177c67ea2019e8df49090 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 6 Jul 2017 07:43:31 +0200
Subject: [PATCH 027/140] First pass at fixing problems when connections to
 servers are lost. Need to reset connection state if connections fail at setup
 and on read/write if there are no more messages queued. This means we will
 back-off servers that fail, so we should think about using a shorter backoff
 default in stubby because otherwise temporarily loss of the network
 connection will mean having to restart stubby. Also some minor changes to
 logging.

---
 src/context.c            | 98 +++++++++++++++++++++++-----------------
 src/context.h            |  2 +
 src/stub.c               | 13 +++++-
 src/tools/getdns_query.c |  1 +
 4 files changed, 70 insertions(+), 44 deletions(-)

diff --git a/src/context.c b/src/context.c
index 76ee766a..47a04829 100644
--- a/src/context.c
+++ b/src/context.c
@@ -735,63 +735,44 @@ void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
 }
 
 void
-_getdns_upstream_shutdown(getdns_upstream *upstream)
-{
-	/*Set condition to tear down asap to stop any further scheduling*/
-	upstream->conn_state = GETDNS_CONN_TEARDOWN;
-	/* Update total stats for the upstream.*/
-	upstream->total_responses+=upstream->responses_received;
-	upstream->total_timeouts+=upstream->responses_timeouts;
-	/* Need the last auth state when using session resumption*/
-	upstream->last_tls_auth_state = upstream->tls_auth_state;
-	/* Keep track of the best auth state this upstream has had*/
-	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
-		upstream->best_tls_auth_state = upstream->tls_auth_state;
+upstream_backoff(getdns_upstream *upstream) {
+	upstream->conn_state = GETDNS_CONN_BACKOFF;
+	upstream->conn_retry_time = time(NULL) + upstream->upstreams->tls_backoff_time;
+	upstream->total_responses = 0;
+	upstream->total_timeouts = 0;
+	upstream->conn_completed = 0;
+	upstream->conn_setup_failed = 0;
+	upstream->conn_shutdowns = 0;
+	upstream->conn_backoffs++;
 	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-	    "%-40s : Conn closed   : Transport=%s - Resp=%d,Timeouts=%d,Auth=%s,Keepalive(ms)=%d\n",
-	             upstream->addr_str,
-	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
-	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
-	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
-	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-	    "%-40s : Upstream stats: Transport=%s - Resp=%d,Timeouts=%d,Best_auth=%s\n",
-	             upstream->addr_str,
-	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
-	             (int)upstream->total_responses, (int)upstream->total_timeouts,
-	             _getdns_auth_str(upstream->best_tls_auth_state));
-	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-	    "%-40s : Upstream stats: Transport=%s - Conns=%d,Conn_fails=%d,Conn_shutdowns=%d,Backoffs=%d\n",
-	             upstream->addr_str,
-	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
-	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
-	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
+	    "%-40s : !Backing off this upstream    - Will retry as new upstream at %s",
+	            upstream->addr_str,
+	            asctime(gmtime(&upstream->conn_retry_time)));
+}
 
+void
+_getdns_upstream_reset(getdns_upstream *upstream)
+{
 	/* Back off connections that never got up service at all (probably no
 	   TCP service or incompatible TLS version/cipher). 
 	   Leave choice between working upstreams to the stub. 
 	   This back-off should be time based for TLS according to RFC7858. For now,
 	   use the same basis if we simply can't get TCP service either.*/
-	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
+
+	/*This is the configured number of retries to attempt*/
+	uint16_t conn_retries = upstream->upstreams->tls_connection_retries;
+
 	if (upstream->conn_setup_failed >= conn_retries
+
 	    || ((int)upstream->conn_shutdowns >= conn_retries*GETDNS_TRANSPORT_FAIL_MULT
 	     && upstream->total_responses == 0)
+
 	    || (upstream->conn_completed >= conn_retries &&
 	     upstream->total_responses == 0 && 
 	     upstream->total_timeouts > GETDNS_TRANSPORT_FAIL_MULT)) {
-		upstream->conn_state = GETDNS_CONN_BACKOFF;
-		upstream->conn_retry_time = time(NULL) + upstream->upstreams->tls_backoff_time;
-		upstream->total_responses = 0;
-		upstream->total_timeouts = 0;
-		upstream->conn_completed = 0;
-		upstream->conn_setup_failed = 0;
-		upstream->conn_shutdowns = 0;
-		upstream->conn_backoffs++;
 
-		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-		    "%-40s : !Backing off this upstream    - Will retry as new upstream at %s",
-		            upstream->addr_str,
-		            asctime(gmtime(&upstream->conn_retry_time)));
+		upstream_backoff(upstream);
 	}
 	// Reset per connection counters
 	upstream->queries_sent = 0;
@@ -820,6 +801,39 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 		upstream->conn_state = GETDNS_CONN_CLOSED;
 }
 
+void
+_getdns_upstream_shutdown(getdns_upstream *upstream)
+{
+	/* Update total stats for the upstream.*/
+	upstream->total_responses+=upstream->responses_received;
+	upstream->total_timeouts+=upstream->responses_timeouts;
+	/* Need the last auth state when using session resumption*/
+	upstream->last_tls_auth_state = upstream->tls_auth_state;
+	/* Keep track of the best auth state this upstream has had*/
+	if (upstream->tls_auth_state > upstream->best_tls_auth_state)
+		upstream->best_tls_auth_state = upstream->tls_auth_state;
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Conn closed: %s - Resps=%6d, Timeouts  =%6d, Curr_auth =%7s, Keepalive(ms)=%6d\n",
+	             upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
+	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
+	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Upstream   : %s - Resps=%6d, Timeouts  =%6d, Best_auth =%7s\n",
+	             upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
+	             (int)upstream->total_responses, (int)upstream->total_timeouts,
+	             _getdns_auth_str(upstream->best_tls_auth_state));
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	    "%-40s : Upstream   : %s - Conns=%6d, Conn_fails=%6d, Conn_shuts=%7d, Backoffs     =%6d\n",
+	             upstream->addr_str,
+	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
+	             (int)upstream->conn_completed, (int)upstream->conn_setup_failed,
+	             (int)upstream->conn_shutdowns, (int)upstream->conn_backoffs);
+
+	_getdns_upstream_reset(upstream);
+}
+
 static int
 tls_is_in_transports_list(getdns_context *context)
 {
diff --git a/src/context.h b/src/context.h
index 03164522..f94f9347 100644
--- a/src/context.h
+++ b/src/context.h
@@ -470,4 +470,6 @@ void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
 
 void _getdns_upstream_shutdown(getdns_upstream *upstream);
 
+void _getdns_upstream_reset(getdns_upstream *upstream);
+
 #endif /* _GETDNS_CONTEXT_H_ */
diff --git a/src/stub.c b/src/stub.c
index dd084164..d1299b02 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -676,6 +676,7 @@ upstream_setup_timeout_cb(void *userarg)
 		while (upstream->write_queue)
 			upstream_write_cb(upstream);
 	}
+	_getdns_upstream_reset(upstream);
 }
 
 
@@ -1598,6 +1599,8 @@ upstream_read_cb(void *userarg)
 	case STUB_SETUP_ERROR:  /* Can happen for TLS HS*/
 	case STUB_TCP_ERROR:
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1) );
+		if (!upstream->write_queue)
+			_getdns_upstream_shutdown(upstream);
 		return;
 
 	default:
@@ -1700,7 +1703,9 @@ upstream_write_cb(void *userarg)
 	            __FUNC__, (void*)netreq);
 
 	/* Health checks on current connection */
-	if (upstream->conn_state == GETDNS_CONN_TEARDOWN)
+	if (upstream->conn_state == GETDNS_CONN_TEARDOWN ||
+	    upstream->conn_state == GETDNS_CONN_CLOSED ||  
+	    upstream->fd == -1)
 		q = STUB_CONN_GONE;
 	else if (!upstream_working_ok(upstream))
 		q = STUB_TCP_ERROR;
@@ -1741,6 +1746,8 @@ upstream_write_cb(void *userarg)
 			_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 			_getdns_check_dns_req_complete(netreq->owner);
 		}
+		if (!upstream->write_queue)
+			_getdns_upstream_shutdown(upstream);
 		return;
 
 	default:
@@ -2001,6 +2008,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		fd = tcp_connect(upstream, transport);
 		if (fd == -1) {
 			upstream_failed(upstream, 1);
+			_getdns_upstream_reset(upstream);
 			return -1;
 		}
 		upstream->loop = dnsreq->loop;
@@ -2010,6 +2018,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 			upstream->tls_obj = tls_create_object(dnsreq, fd, upstream);
 			if (upstream->tls_obj == NULL) {
 				upstream_failed(upstream, 1);
+				_getdns_upstream_reset(upstream);
 #ifdef USE_WINSOCK
 				closesocket(fd);
 #else
@@ -2021,7 +2030,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		}
 		upstream->conn_state = GETDNS_CONN_SETUP;
 		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-		    "%-40s : Conn init     : Transport=%s - Profile=%s\n", 
+		    "%-40s : Conn opened: %s - %s Profile\n", 
 		    upstream->addr_str, transport == GETDNS_TRANSPORT_TLS ? "TLS":"TCP",
 		dnsreq->context->tls_auth_min == GETDNS_AUTHENTICATION_NONE ? "Opportunistic":"Strict");
 		break;
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 582f2c0c..d8337ffd 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1769,6 +1769,7 @@ main(int argc, char **argv)
 		loop->vmt->run(loop);
 	}
 	else if (listen_count) {
+		fprintf(stderr, "Starting Stubby DAEMON....\n");
 		assert(loop);
 #ifndef GETDNS_ON_WINDOWS
 		if (i_am_stubby && !run_in_foreground) {

From 42945cfc08bb49775505bf9975184990c72b3ad7 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 8 Sep 2017 17:28:37 +0100
Subject: [PATCH 028/140] Make the backoff time incrementally increase until
 the upstream starts working again

---
 src/context.c | 23 +++++++++++++++++++++--
 src/context.h |  1 +
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index 47a04829..3e670442 100644
--- a/src/context.c
+++ b/src/context.c
@@ -737,7 +737,17 @@ void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
 void
 upstream_backoff(getdns_upstream *upstream) {
 	upstream->conn_state = GETDNS_CONN_BACKOFF;
-	upstream->conn_retry_time = time(NULL) + upstream->upstreams->tls_backoff_time;
+	/* Increase the backoff interval incrementally up to the tls_backoff_time*/
+	if (upstream->conn_backoff_interval < upstream->upstreams->tls_backoff_time) {
+		if (upstream->conn_backoff_interval < (UINT16_MAX-1)/2)
+			upstream->conn_backoff_interval *= 2;
+		else
+			upstream->conn_backoff_interval = upstream->upstreams->tls_backoff_time
+	}
+	if (upstream->conn_backoff_interval < upstream->upstreams->tls_backoff_time)
+		upstream->conn_retry_time = time(NULL) + upstream->conn_backoff_interval;
+	else
+		upstream->conn_retry_time = time(NULL) + upstream->upstreams->tls_backoff_time;
 	upstream->total_responses = 0;
 	upstream->total_timeouts = 0;
 	upstream->conn_completed = 0;
@@ -745,7 +755,7 @@ upstream_backoff(getdns_upstream *upstream) {
 	upstream->conn_shutdowns = 0;
 	upstream->conn_backoffs++;
 	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
-	    "%-40s : !Backing off this upstream    - Will retry as new upstream at %s",
+	    "%-40s : !Backing off this upstream    - Will retry again at %s",
 	            upstream->addr_str,
 	            asctime(gmtime(&upstream->conn_retry_time)));
 }
@@ -774,6 +784,14 @@ _getdns_upstream_reset(getdns_upstream *upstream)
 
 		upstream_backoff(upstream);
 	}
+
+	/* If we didn't backoff it would be nice to reset the conn_backoff_interval
+	   if the upstream is working well again otherwise it would get stuck at the 
+	   tls_backoff_time forever... How about */
+	if (upstream->conn_state != GETDNS_CONN_BACKOFF && 
+	    upstream->responses_received > 1)
+		upstream->conn_backoff_interval = 1;
+
 	// Reset per connection counters
 	upstream->queries_sent = 0;
 	upstream->responses_received = 0;
@@ -958,6 +976,7 @@ upstream_init(getdns_upstream *upstream,
 	upstream->conn_shutdowns = 0;
 	upstream->conn_setup_failed = 0;
 	upstream->conn_retry_time = 0;
+	upstream->conn_backoff_interval = 1;
 	upstream->conn_backoffs = 0;
 	upstream->total_responses = 0;
 	upstream->total_timeouts = 0;
diff --git a/src/context.h b/src/context.h
index f94f9347..8690bba7 100644
--- a/src/context.h
+++ b/src/context.h
@@ -170,6 +170,7 @@ typedef struct getdns_upstream {
 	size_t                   conn_shutdowns;
 	size_t                   conn_setup_failed;
 	time_t                   conn_retry_time;
+	uint16_t                 conn_backoff_interval;
 	size_t                   conn_backoffs;
 	size_t                   total_responses;
 	size_t                   total_timeouts;

From 729af1d1590bbba1c3ee17b381829483c59e7cbb Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Tue, 12 Sep 2017 13:47:56 +0100
Subject: [PATCH 029/140] Allow backed-off upstreams to be re-instated if all
 our upstreams are unusable (e.g. if the network is down). But limit re-tries
 for a given netreq to the total number of upstreams before failing. This
 should (roughly) allow 2 retries per upstream of the correct transport before
 bailing out. Otherwise we are stuck in a loop retrying forever!

---
 src/context.c |  2 +-
 src/stub.c    | 64 ++++++++++++++++++++++++++++++++++++++++++---------
 2 files changed, 54 insertions(+), 12 deletions(-)

diff --git a/src/context.c b/src/context.c
index 3e670442..f8bd1493 100644
--- a/src/context.c
+++ b/src/context.c
@@ -742,7 +742,7 @@ upstream_backoff(getdns_upstream *upstream) {
 		if (upstream->conn_backoff_interval < (UINT16_MAX-1)/2)
 			upstream->conn_backoff_interval *= 2;
 		else
-			upstream->conn_backoff_interval = upstream->upstreams->tls_backoff_time
+			upstream->conn_backoff_interval = upstream->upstreams->tls_backoff_time;
 	}
 	if (upstream->conn_backoff_interval < upstream->upstreams->tls_backoff_time)
 		upstream->conn_retry_time = time(NULL) + upstream->conn_backoff_interval;
diff --git a/src/stub.c b/src/stub.c
index d1299b02..6dd58da2 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1813,13 +1813,16 @@ upstream_active(getdns_upstream *upstream)
 }
 
 static int
-upstream_usable(getdns_upstream *upstream) 
+upstream_usable(getdns_upstream *upstream, int backoff_ok) 
 {
 	if ((upstream->conn_state == GETDNS_CONN_CLOSED || 
 	     upstream->conn_state == GETDNS_CONN_SETUP || 
 	     upstream->conn_state == GETDNS_CONN_OPEN) &&
 	     upstream->keepalive_shutdown == 0)
 		return 1;
+	if (backoff_ok == 1 &&
+	    upstream->conn_state == GETDNS_CONN_BACKOFF)
+		return 1;
 	return 0;
 }
 
@@ -1835,15 +1838,17 @@ upstream_stats(getdns_upstream *upstream)
 {
 	/* [TLS1]TODO: This arbitrary logic at the moment - review and improve!*/
 	return (upstream->total_responses - upstream->total_timeouts
-	        - upstream->conn_shutdowns*GETDNS_TRANSPORT_FAIL_MULT);
+	        - upstream->conn_shutdowns*GETDNS_TRANSPORT_FAIL_MULT
+	        - upstream->conn_setup_failed);
 }
 
 static int
 upstream_valid(getdns_upstream *upstream,
                           getdns_transport_list_t transport,
-                          getdns_network_req *netreq)
+                          getdns_network_req *netreq,
+                          int backoff_ok)
 {
-	if (!(upstream->transport == transport && upstream_usable(upstream)))
+	if (!(upstream->transport == transport && upstream_usable(upstream, backoff_ok)))
 		return 0;
 	if (transport == GETDNS_TRANSPORT_TCP)
 		return 1;
@@ -1894,6 +1899,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
+			upstreams->upstreams[i].conn_backoff_interval = 1;
 			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
 			    "%-40s : Re-instating upstream\n",
 		            upstreams->upstreams[i].addr_str);
@@ -1910,13 +1916,12 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 
 	/* OK - Find the next one to use. First check we have at least one valid
 	   upstream because we completely back off failed 
-	   upstreams we may have no valid upstream at all (in contrast to UDP). This
-	   will be better communicated to the user when we have better error codes*/
+	   upstreams we may have no valid upstream at all (in contrast to UDP).*/
 	i = upstreams->current_stateful;
 	do {
 		DEBUG_STUB("%s %-35s: Testing upstreams  %d %d\n", STUB_DEBUG_SETUP, 
 	           __FUNC__, (int)i, (int)upstreams->upstreams[i].conn_state);
-		if (upstream_valid(&upstreams->upstreams[i], transport, netreq)) {
+		if (upstream_valid(&upstreams->upstreams[i], transport, netreq, 0)) {
 			upstream = &upstreams->upstreams[i];
 			break;
 		}
@@ -1924,14 +1929,46 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		if (i >= upstreams->count)
 			i = 0;
 	} while (i != upstreams->current_stateful);
-	if (!upstream)
-		return NULL;
+	if (!upstream) {
+		/* Oh, oh. We have no valid upstreams. Try to find one that might work.
+		   Don't worry about the policy, just use the one with the least bad
+		   stats that still fits the bill (right transport, right authentication)
+		   to try to avoid total failure due to network outages. */
+		do {
+			if (upstream_valid(&upstreams->upstreams[i], transport, netreq, 1)) {
+				upstream = &upstreams->upstreams[i];
+				break;
+			}
+			i++;
+			if (i >= upstreams->count)
+				i = 0;
+		} while (i != upstreams->current_stateful);
+		if (!upstream) {
+			/* We _really_ have nothing that authenticates well enough right now...
+			   leave to regular backoff logic. */
+			return NULL;
+		}
+		do {
+			i++;
+			if (i >= upstreams->count)
+				i = 0;
+			if (upstream_valid(&upstreams->upstreams[i], transport, netreq, 1) &&
+			    upstream_stats(&upstreams->upstreams[i]) > upstream_stats(upstream))
+				upstream = &upstreams->upstreams[i];
+		} while (i != upstreams->current_stateful);
+		upstream->conn_state = GETDNS_CONN_CLOSED;
+		upstream->conn_backoff_interval = 1;
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		    "%-40s : No valid upstreams... promoting backed-off upstream %s for re-try...\n",
+	            upstreams->upstreams[i].addr_str);
+		return upstream;
+	}
 
 	/* Now select the specific upstream */
 	if (netreq->owner->context->round_robin_upstreams == 0) {
 		/* Base the decision on the stats, noting we will have started from 0*/
 		for (i++; i < upstreams->count; i++) {
-			if (upstream_valid(&upstreams->upstreams[i], transport, netreq) &&
+			if (upstream_valid(&upstreams->upstreams[i], transport, netreq, 0) &&
 			    upstream_stats(&upstreams->upstreams[i]) > upstream_stats(upstream))
 				upstream = &upstreams->upstreams[i];
 		}
@@ -2057,12 +2094,17 @@ upstream_find_for_transport(getdns_network_req *netreq,
 	}
 	else {
 		/* For stateful transport we should keep trying until all our transports
-		   are exhausted/backed-off (no upstream)*/
+		   are exhausted/backed-off (no upstream) and until we have tried each
+		   upstream at least once for this netreq in a total backoff scenario */
+		size_t i = 0;
 		do {
 			upstream = upstream_select_stateful(netreq, transport);
 			if (!upstream)
 				return NULL;
 			*fd = upstream_connect(upstream, transport, netreq->owner);
+			if (i >= upstream->upstreams->count)
+				return NULL;
+			i++;
 		} while (*fd == -1);
 		DEBUG_STUB("%s %-35s: FD:  %d Connecting to upstream: %p   No: %d\n", 
 	           STUB_DEBUG_SETUP, __FUNC__, *fd, (void*)upstream,

From b760a2ced20faede982420bf1c239f8479908f05 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Tue, 12 Sep 2017 15:01:02 +0100
Subject: [PATCH 030/140] Refine the logging levels to match the errors given
 when backing off, etc.

---
 src/context.c                |  6 +++---
 src/getdns/getdns_extra.h.in |  2 +-
 src/stub.c                   | 14 +++++++-------
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/src/context.c b/src/context.c
index f8bd1493..707016dc 100644
--- a/src/context.c
+++ b/src/context.c
@@ -754,7 +754,7 @@ upstream_backoff(getdns_upstream *upstream) {
 	upstream->conn_setup_failed = 0;
 	upstream->conn_shutdowns = 0;
 	upstream->conn_backoffs++;
-	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
 	    "%-40s : !Backing off this upstream    - Will retry again at %s",
 	            upstream->addr_str,
 	            asctime(gmtime(&upstream->conn_retry_time)));
@@ -836,13 +836,13 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->responses_received, (int)upstream->responses_timeouts,
 	             _getdns_auth_str(upstream->tls_auth_state), (int)upstream->keepalive_timeout);
-	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
 	    "%-40s : Upstream   : %s - Resps=%6d, Timeouts  =%6d, Best_auth =%7s\n",
 	             upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
 	             (int)upstream->total_responses, (int)upstream->total_timeouts,
 	             _getdns_auth_str(upstream->best_tls_auth_state));
-	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
 	    "%-40s : Upstream   : %s - Conns=%6d, Conn_fails=%6d, Conn_shuts=%7d, Backoffs     =%6d\n",
 	             upstream->addr_str,
 	             (upstream->transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP"),
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index dbb8eab4..c32a5c14 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -520,7 +520,7 @@ typedef enum getdns_loglevel_type {
 #define GETDNS_LOG_CRIT_TEXT    "Critical conditions"
 #define GETDNS_LOG_ERR_TEXT     "Error conditions"
 #define GETDNS_LOG_WARNING_TEXT "Warning conditions"
-#define GETDNS_LOG_NOTICE_TEXT  "normal, but significant, condition"
+#define GETDNS_LOG_NOTICE_TEXT  "Normal, but significant, condition"
 #define GETDNS_LOG_INFO_TEXT    "Informational message"
 #define GETDNS_LOG_DEBUG_TEXT   "Debug-level message"
 
diff --git a/src/stub.c b/src/stub.c
index 6dd58da2..eac26fcf 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -609,7 +609,7 @@ stub_timeout_cb(void *userarg)
 		netreq->fd = -1;
 		netreq->upstream->udp_timeouts++;
 		if (netreq->upstream->udp_timeouts % 100 == 0)
-			_getdns_upstream_log(netreq->upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			_getdns_upstream_log(netreq->upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
 			    "%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
 			             netreq->upstream->addr_str,
 			             (int)netreq->upstream->udp_responses, (int)netreq->upstream->udp_timeouts);
@@ -910,7 +910,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 	            X509_verify_cert_error_string(err));
 #endif
 	if (!preverify_ok && !upstream->tls_fallback_ok)
-		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR,
 		    "%-40s : Verify failed : Transport=TLS - *Failure* -  (%d) \"%s\"\n",
 		    upstream->addr_str, err,
 		    X509_verify_cert_error_string(err));
@@ -946,7 +946,7 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
 			DEBUG_STUB("%s %-35s: FD:  %d, WARNING: Proceeding even though pinset validation failed!\n",
 			            STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->fd);
 		else
-			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR,
 			    "%-40s : Conn failed   : Transport=TLS - *Failure* - Pinset validation failure\n",
 			    upstream->addr_str);
 	} else {
@@ -1475,7 +1475,7 @@ stub_udp_read_cb(void *userarg)
 	upstream->udp_responses++;
 	if (upstream->udp_responses == 1 || 
 	    upstream->udp_responses % 100 == 0)
-		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_INFO,
 		    "%-40s : Upstream stats: Transport=UDP - Resp=%d,Timeouts=%d\n",
 		    upstream->addr_str,
 		    (int)upstream->udp_responses, (int)upstream->udp_timeouts);
@@ -1900,7 +1900,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
 			upstreams->upstreams[i].conn_backoff_interval = 1;
-			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
 			    "%-40s : Re-instating upstream\n",
 		            upstreams->upstreams[i].addr_str);
 		}
@@ -1958,7 +1958,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		} while (i != upstreams->current_stateful);
 		upstream->conn_state = GETDNS_CONN_CLOSED;
 		upstream->conn_backoff_interval = 1;
-		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
 		    "%-40s : No valid upstreams... promoting backed-off upstream %s for re-try...\n",
 	            upstreams->upstreams[i].addr_str);
 		return upstream;
@@ -2142,7 +2142,7 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 	}
 	/* Handle better, will give generic error*/
 	DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq);
-	_getdns_context_log(netreq->owner->context, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG,
+	_getdns_context_log(netreq->owner->context, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR,
 	    "*FAILURE* no valid transports or upstreams available!\n");
 	return -1;
 }

From 6c95f4177d3fd430b6ca1e3ac1adfd80c9b73950 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Tue, 12 Sep 2017 16:47:57 +0100
Subject: [PATCH 031/140] Add YAML configuration option.

Add new extra functions getdns_yaml2(dict|list|bindata|value)(). These are like their getdns_str2() counterparts, but take YAML input rather than JSON.

YAML introduces a new dependency, on libyaml. YAML can be disabled at configuration time, in which case the dependency is removed.

Modify getdns_query such that if a configuration file name includes ".yaml" it will be processed as a YAML configuration, not a JSON configuration.

Internally, getdns_yaml2*() work by passing the YAML string through a simple translation to JSON. At present, this translation assumes that configuration is the only use case, and so will error if the outer layer of the YAML input is not a map. This in effect means that at present all getdns_yaml2*() functions apart from getdns_yaml2dict() will give an error on the YAML translation to JSON.
---
 configure.ac                    |  45 +++
 src/Makefile.in                 |  12 +-
 src/convert.c                   |  97 ++++++
 src/getdns/getdns_extra.h.in    |  48 +++
 src/libgetdns.symbols           |   4 +
 src/tools/getdns_query.c        |  23 +-
 src/yaml/convert_yaml_to_json.c | 542 ++++++++++++++++++++++++++++++++
 src/yaml/convert_yaml_to_json.h |  51 +++
 8 files changed, 812 insertions(+), 10 deletions(-)
 create mode 100644 src/yaml/convert_yaml_to_json.c
 create mode 100644 src/yaml/convert_yaml_to_json.h

diff --git a/configure.ac b/configure.ac
index 4eea1694..90c6f4dc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -577,6 +577,17 @@ case "$enable_stub_only" in
 		;;
 esac
 
+my_with_yaml=1
+AC_ARG_ENABLE(yaml-config, AC_HELP_STRING([--disable-yaml-config], [Remove support for YAML configuration.  Removes the libyaml dependency.]))
+case "$enable_yaml_config" in
+	no)
+		my_with_yaml=0
+		;;
+	yes|*)
+		AC_DEFINE_UNQUOTED([USE_YAML_CONFIG], [1], [Define this to enable YAML config support.])
+		;;
+esac
+
 if test "$USE_WINSOCK" = 1; then
 	AC_MSG_NOTICE([ Building on Windows ... YES! ])
 	AC_DEFINE_UNQUOTED([GETDNS_ON_WINDOWS], [1], [Define this to enable Windows build.])
@@ -618,6 +629,30 @@ else
 	fi
 fi
 
+if test $my_with_yaml = 1
+then
+	AC_ARG_WITH(libyaml, AS_HELP_STRING([--with-libyaml=pathname],
+		[path to libyaml (default: search /usr/local ..)]),
+		[], [withval="yes"])
+	if test x_$withval = x_yes; then
+		for dir in /usr/local /opt/local /usr/pkg /usr/sfw; do
+			if test -f "$dir/include/yaml.h"; then
+				CFLAGS="$CFLAGS -I$dir/include"
+				LDFLAGS="$LDFLAGS -L$dir/lib"
+				AC_MSG_NOTICE([Found libyaml in $dir])
+				break
+			fi
+		done
+	else
+		if test x_$withval != x_no; then
+			CFLAGS="$CFLAGS -I$withval/include"
+			LDFLAGS="$LDFLAGS -L$withval/lib"
+		else
+			my_with_yaml=0
+		fi
+	fi
+fi
+
 if test $my_with_libunbound = 1
 then
 	# find libunbound
@@ -658,6 +693,16 @@ then
 	])
 fi
 
+if test $my_with_yaml = 1
+then
+	AC_MSG_NOTICE([Checking for dependency libyaml])
+	AC_CHECK_LIB([yaml], [yaml_parser_parse], [], [
+		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libyaml"
+		MISSING_SEP=", "
+		found_all_libs=0
+	])
+fi
+
 AC_ARG_ENABLE(unbound-event-api, AC_HELP_STRING([--disable-unbound-event-api], [Disable usage of libunbounds event API]))
 case "$enable_unbound_event_api" in
 	no)
diff --git a/src/Makefile.in b/src/Makefile.in
index 22056063..d38f78f0 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -92,6 +92,8 @@ UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
 
 JSMN_OBJ=jsmn.lo
 
+YAML_OBJ=convert_yaml_to_json.lo
+
 EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
 
 NON_C99_OBJS=context.lo libuv.lo
@@ -123,6 +125,9 @@ $(UTIL_OBJ):
 $(JSMN_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
 
+$(YAML_OBJ):
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/yaml/$(@:.lo=.c) -o $@
+
 $(EXTENSION_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
 
@@ -173,8 +178,8 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
 
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YAML_OBJ)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YAML_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 test: default
 	cd test && $(MAKE) $@
@@ -226,13 +231,14 @@ Makefile: $(srcdir)/Makefile.in ../config.status
 
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
+	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yaml/*.c extension/*.c| \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's? gldns/? $$(srcdir)/gldns/?g' \
 		    -e 's? compat/? $$(srcdir)/compat/?g' \
 		    -e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
 		    -e 's? util/? $$(srcdir)/util/?g' \
 		    -e 's? jsmn/? $$(srcdir)/jsmn/?g' \
+		    -e 's? yaml/? $$(srcdir)/yaml/?g' \
 		    -e 's? extension/? $$(srcdir)/extension/?g' \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
diff --git a/src/convert.c b/src/convert.c
index 180db8f5..a5692b77 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -54,6 +54,7 @@
 #include "dict.h"
 #include "list.h"
 #include "jsmn/jsmn.h"
+#include "yaml/convert_yaml_to_json.h"
 #include "convert.h"
 #include "debug.h"
 
@@ -1802,3 +1803,99 @@ getdns_str2int(const char *str, uint32_t *value)
 	return GETDNS_RETURN_GOOD;
 }
 
+getdns_return_t
+getdns_yaml2dict(const char *str, getdns_dict **dict)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !dict)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2dict(jsonstr, dict);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	str = str;
+	dict = dict;
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
+getdns_return_t
+getdns_yaml2list(const char *str, getdns_list **list)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !list)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2list(jsonstr, list);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	str = str;
+	list = list;
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
+getdns_return_t
+getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !bindata)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2bindata(jsonstr, bindata);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	str = str;
+	bindata = bindata;
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
+getdns_return_t
+getdns_yaml2int(const char *str, uint32_t *value)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !value)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2int(jsonstr, value);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	str = str;
+	value = value;
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index dbb8eab4..526cfa2f 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1685,6 +1685,54 @@ getdns_str2bindata(const char *str, getdns_bindata **bindata);
 getdns_return_t
 getdns_str2int(const char *str, uint32_t *value);
 
+/** @}
+ */
+
+/**
+ * \defgroup Uyaml2getdns_data Converting YAML input to getdns data structures
+ *  @{
+ */
+
+/**
+ * Convert YAML text to a getdns_dict.
+ *
+ * @param  str   A textual representation of a getdns_dict.
+ * @param  dict The returned getdns_dict.
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ */
+getdns_return_t
+getdns_yaml2dict(const char *str, getdns_dict **dict);
+
+/**
+ * Convert YAML text to a getdns_list.
+ *
+ * @param  str   A textual representation of a getdns_list.
+ * @param  list The returned getdns_list.
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ */
+getdns_return_t
+getdns_yaml2list(const char *str, getdns_list **list);
+
+/**
+ * Convert string text to a getdns_bindata.
+ *
+ * @param  str   A textual representation of a getdns_bindata
+ * @param  bindata The returned getdns_bindata.
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ */
+getdns_return_t
+getdns_yaml2bindata(const char *str, getdns_bindata **bindata);
+
+/**
+ * Convert string text to a getdns 32 bits unsigned integer.
+ *
+ * @param  str   A textual representation of the integer.
+ * @param  value The returned integer.
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ */
+getdns_return_t
+getdns_yaml2int(const char *str, uint32_t *value);
+
 /** @}
  */
 
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 00b26848..36262fce 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -159,5 +159,9 @@ getdns_wire2msg_dict_scan
 getdns_wire2rr_dict
 getdns_wire2rr_dict_buf
 getdns_wire2rr_dict_scan
+getdns_yaml2bindata
+getdns_yaml2dict
+getdns_yaml2int
+getdns_yaml2list
 plain_mem_funcs_user_arg
 priv_getdns_context_mf
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index d8337ffd..c69958bd 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -215,7 +215,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-C\t<filename>\n");
 	fprintf(out, "\t\tRead settings from config file <filename>\n");
 	fprintf(out, "\t\tThe getdns context will be configured with these settings\n");
-	fprintf(out, "\t\tThe file must be in json dict format.\n");
+	fprintf(out, "\t\tThe file must be in JSON or YAML dict format.\n");
 	if (i_am_stubby) {
 		fprintf(out, "\t\tBy default, configuration is first read from");
 		fprintf(out, "\n\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"\n");
@@ -472,16 +472,25 @@ done:
 	return r;
 }
 
-static void parse_config(const char *config_str)
+static void parse_config(const char *config_str, int yaml_config)
 {
 	getdns_dict *config_dict;
 	getdns_list *list;
 	getdns_return_t r;
 
-	if ((r = getdns_str2dict(config_str, &config_dict)))
+	if (yaml_config) {
+#ifdef USE_YAML_CONFIG		
+		r = getdns_yaml2dict(config_str, &config_dict);
+#else
+		fprintf(stderr, "Support for YAML configuration files not available.\n");
+		return;
+#endif		
+	} else {
+		r = getdns_str2dict(config_str, &config_dict);
+	}
+	if (r)
 		fprintf(stderr, "Could not parse config file: %s\n",
 		    getdns_get_errorstr_by_id(r));
-
 	else {
 		if (!(r = getdns_dict_get_list(
 		    config_dict, "listen_addresses", &list))) {
@@ -561,7 +570,7 @@ int parse_config_file(const char *fn, int report_open_failure)
 	}
 	config_file[config_file_sz] = 0;
 	fclose(fh);
-	parse_config(config_file);
+	parse_config(config_file, strstr(fn, ".yaml") != NULL);
 	free(config_file);
 	return GETDNS_RETURN_GOOD;
 }
@@ -650,7 +659,7 @@ getdns_return_t parse_args(int argc, char **argv)
 			}
 			continue;
 		} else if (arg[0] == '{') {
-			parse_config(arg);
+			parse_config(arg, 0);
 			continue;
 
 		} else if (arg[0] != '-') {
@@ -1719,7 +1728,7 @@ main(int argc, char **argv)
 		                      , "%s/.stubby.conf"
 		                      , getenv("HOME")
 		                      );
-		(void) parse_config(default_stubby_config);
+		(void) parse_config(default_stubby_config, 0);
 		(void) parse_config_file("/etc/stubby.conf", 0);
 		if (n_chars > 0 && n_chars < (int)sizeof(home_stubby_conf_fn)){
 			(void) parse_config_file(home_stubby_conf_fn, 0);
diff --git a/src/yaml/convert_yaml_to_json.c b/src/yaml/convert_yaml_to_json.c
new file mode 100644
index 00000000..f5117355
--- /dev/null
+++ b/src/yaml/convert_yaml_to_json.c
@@ -0,0 +1,542 @@
+/*
+ * Copyright (c) 2017, NLNet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include "config.h"
+
+#ifdef USE_YAML_CONFIG
+
+#include <yaml.h>
+
+#include "../gldns/gbuffer.h"
+#include "convert_yaml_to_json.h"
+
+static int process_yaml_stream(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
+
+static int process_yaml_document(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
+
+static int process_yaml_mapping(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
+
+static int process_yaml_sequence(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
+
+static int process_yaml_value(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
+
+static int output_scalar(yaml_event_t *, gldns_buffer *);
+
+static void report_parser_error(yaml_parser_t *);
+
+static char* event_type_string(yaml_event_type_t);
+
+/* public functions */
+
+char *
+yaml_string_to_json_string(const char *instr)
+{
+	assert(instr);
+
+	gldns_buffer *buf;
+	char* json = NULL;
+
+	buf = gldns_buffer_new(8192);
+	if (!buf) {
+		fprintf(stderr, "Could not assign buffer for json output");
+		return NULL;
+	}
+	
+	yaml_parser_t parser;
+	yaml_event_t event;
+
+	memset(&parser, 0, sizeof(parser));
+	memset(&event, 0, sizeof(event));
+
+	if (!yaml_parser_initialize(&parser)) {
+		fprintf(stderr, "Could not initialize the parser object\n");
+		goto return_error;
+	}
+
+	/* Set the parser parameters. */
+	yaml_parser_set_input_string(&parser, (const unsigned char *) instr, strlen(instr));
+
+	/* Get the first event. */
+	if (!yaml_parser_parse(&parser, &event)) {
+		report_parser_error(&parser);
+		goto return_error;
+	}
+
+	/* First event should be stream start. */
+	if (event.type != YAML_STREAM_START_EVENT) {
+		fprintf(stderr, "Event error: wrong type of event: %d\n", event.type);
+		goto return_error;
+	}
+
+	if (process_yaml_stream(&parser, &event, buf) != 0) {
+		goto return_error;
+	}
+
+	yaml_event_delete(&event);
+	yaml_parser_delete(&parser);
+	
+	/*
+	 * gldns_buffer_export() returns a pointer to the data and
+	 * sets a flag to prevent it from being deleted by
+	 * gldns_buffer_free()
+	 */
+	json = (char *) gldns_buffer_export(buf);
+	gldns_buffer_free(buf);
+
+	return json;
+
+return_error:
+
+	yaml_event_delete(&event);
+	yaml_parser_delete(&parser);
+	gldns_buffer_free(buf);
+
+	return NULL;
+}
+
+/* local functions */
+
+int
+process_yaml_stream(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
+{
+	assert(parser);
+	assert(event);
+	assert(buf);
+
+	int done = 0;
+
+	while (!done)
+	{
+		/* Delete the event that brought us here */
+		yaml_event_delete(event);
+
+		/* Get the next event. */
+		if (!yaml_parser_parse(parser, event)) {
+			report_parser_error(parser);
+			return -1;
+		}
+
+		switch (event->type) {
+		case YAML_STREAM_END_EVENT:
+
+			done = 1;
+			break;
+
+		case YAML_DOCUMENT_START_EVENT:
+
+			if (process_yaml_document(parser, event, buf) != 0) {
+				return -1;   
+			}
+			break;
+
+		case YAML_STREAM_START_EVENT:
+		case YAML_DOCUMENT_END_EVENT:
+		case YAML_ALIAS_EVENT:
+		case YAML_SCALAR_EVENT:
+		case YAML_SEQUENCE_START_EVENT:
+		case YAML_SEQUENCE_END_EVENT:
+		case YAML_MAPPING_START_EVENT:
+		case YAML_MAPPING_END_EVENT:
+
+			fprintf(stderr,
+				"Event error: %s. Expected YAML_DOCUMENT_START_EVENT or YAML_STREAM_END_EVENT.\n",
+				event_type_string(event->type));
+			return -1;
+
+		default:
+			/* NOTREACHED */
+			break;
+		}
+	}
+	return 0;
+}
+
+int
+process_yaml_document(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
+{
+	assert(parser);
+	assert(event);
+	assert(buf);
+
+	int done = 0;
+
+	while (!done)
+	{
+		/* Delete the event that brought us here */
+		yaml_event_delete(event);
+
+		/* Get the next event. */
+		if (!yaml_parser_parse(parser, event)) {
+			report_parser_error(parser);
+			return -1;
+		}
+
+		switch (event->type) {
+		case YAML_DOCUMENT_END_EVENT:
+
+			done = 1;
+			break;
+
+		case YAML_MAPPING_START_EVENT:
+
+			/*
+			 * getdns config data is a dictionary (ie yaml mapping)
+			 * so the document must start with a mapping; scalar
+			 * or sequence would be wrong.
+			 */
+			if (process_yaml_mapping(parser, event, buf) != 0) {
+				return -1;
+			}
+			break;
+
+		case YAML_STREAM_START_EVENT:
+		case YAML_STREAM_END_EVENT:
+		case YAML_DOCUMENT_START_EVENT:
+		case YAML_ALIAS_EVENT:
+		case YAML_SCALAR_EVENT:
+		case YAML_SEQUENCE_START_EVENT:
+		case YAML_SEQUENCE_END_EVENT:
+		case YAML_MAPPING_END_EVENT:
+
+			fprintf(stderr,
+				"Event error: %s. Expected YAML_MAPPING_START_EVENT or YAML_DOCUMENT_END_EVENT.\n",
+				event_type_string(event->type));
+			return -1;
+
+		default:
+			/* NOTREACHED */
+			break;
+		}
+	}
+	return 0;
+}
+
+int
+process_yaml_mapping(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
+{
+	assert(parser);
+	assert(event);
+	assert(buf);
+	
+	int done = 0;
+	int members = 0;
+
+	if ( gldns_buffer_printf(buf, "{ ") == -1 )
+		return -1;
+	
+	while (!done)
+	{
+		/* Delete the event that brought us here */
+		yaml_event_delete(event);
+		
+		/* Get the next event. */
+		if (!yaml_parser_parse(parser, event)) {
+			report_parser_error(parser);
+			return -1;
+		}
+
+		if (event->type == YAML_SCALAR_EVENT) {
+			if (members)
+				if (gldns_buffer_printf(buf, ", ") == -1)
+					return -1;
+			
+			if (output_scalar(event, buf) != 0) {
+				fprintf(stderr, "Mapping error: Error outputting key\n");
+				return -1;
+			}
+			if (gldns_buffer_printf(buf, ": ") == -1)
+				return -1;
+			
+			members = 1;
+		} else if (event->type == YAML_MAPPING_END_EVENT) {
+			if (gldns_buffer_printf(buf, " }") == -1)
+				return -1;
+			done = 1;
+			continue;
+		} else {
+			fprintf(stderr,
+				"Event error: %s. Expected YAML_SCALAR_EVENT or YAML_MAPPING_END_EVENT.\n",
+				event_type_string(event->type));
+			return -1;
+		}
+		
+		/* Delete the event that brought us here */
+		yaml_event_delete(event);
+
+		/* Get the next event. */
+		if (!yaml_parser_parse(parser, event)) {
+			report_parser_error(parser);
+			return -1;
+		}
+
+		switch (event->type) {
+		case YAML_SCALAR_EVENT:
+		case YAML_SEQUENCE_START_EVENT:
+		case YAML_MAPPING_START_EVENT:
+			if (process_yaml_value(parser, event, buf) != 0) {
+				return -1;   
+			}
+			break;
+
+		case YAML_STREAM_START_EVENT:
+		case YAML_STREAM_END_EVENT:
+		case YAML_DOCUMENT_START_EVENT:
+		case YAML_DOCUMENT_END_EVENT:
+		case YAML_ALIAS_EVENT:
+		case YAML_SEQUENCE_END_EVENT:
+		case YAML_MAPPING_END_EVENT:
+			fprintf(stderr,
+				"Event error: %s. Expected YAML_MAPPING_START_EVENT, YAML_SEQUENCE_START_EVENT or YAML_SCALAR_EVENT.\n",
+				event_type_string(event->type));
+			return -1;
+
+		default:
+			/* NOTREACHED */
+			break;
+		}
+	}
+	return 0;
+}
+
+int
+process_yaml_sequence(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
+{	
+	assert(parser);
+	assert(event);
+	assert(buf);
+	
+	int done = 0;
+	int elements = 0;
+
+	if ( gldns_buffer_printf(buf, "[ ") == -1 )
+		return -1;
+   
+	while (!done)
+	{
+		/* Delete the event that brought us here */
+		yaml_event_delete(event);
+		
+		/* Get the next event. */
+		if (!yaml_parser_parse(parser, event)) {
+			report_parser_error(parser);
+			return -1;
+		}
+
+		switch (event->type) {
+		case YAML_SCALAR_EVENT:
+		case YAML_SEQUENCE_START_EVENT:
+		case YAML_MAPPING_START_EVENT:
+
+			if (elements)
+				if (gldns_buffer_printf(buf, ", ") == -1)
+					return -1;
+
+			if (process_yaml_value(parser, event, buf) != 0)
+				return -1;   
+
+			elements = 1;
+			break;
+
+		case YAML_SEQUENCE_END_EVENT:
+			if (gldns_buffer_printf(buf, " ]") == -1)
+				return -1;
+			done = 1;
+			break;
+
+		case YAML_STREAM_START_EVENT:
+		case YAML_STREAM_END_EVENT:
+		case YAML_DOCUMENT_START_EVENT:
+		case YAML_DOCUMENT_END_EVENT:
+		case YAML_ALIAS_EVENT:
+		case YAML_MAPPING_END_EVENT:
+			fprintf(stderr,
+				"Event error: %s. Expected YAML_MAPPING_START_EVENT, YAML_SEQUENCE_START_EVENT, YAML_SCALAR_EVENT or YAML_SEQUENCE_END_EVENT.\n",
+				event_type_string(event->type));
+			return -1;
+
+		default:
+			/* NOTREACHED */
+			break;
+		}
+	}
+	return 0;
+}
+
+int
+process_yaml_value(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
+{	
+	assert(parser);
+	assert(event);
+	assert(buf);
+	
+	switch (event->type) {
+	case YAML_SCALAR_EVENT:
+		if (output_scalar(event, buf) != 0) {
+			fprintf(stderr, "Value error: Error outputting scalar\n");
+			return -1;
+		}
+		break;
+
+	case YAML_SEQUENCE_START_EVENT:
+		if (process_yaml_sequence(parser, event, buf) != 0) {
+			return -1;   
+		}
+		break;
+
+	case YAML_MAPPING_START_EVENT:
+		if (process_yaml_mapping(parser, event, buf) != 0) {
+			return -1;   
+		}
+		break;
+		
+	default:
+		fprintf(stderr, "Bug: calling process_yaml_value() in the wrong context");
+		return -1;
+	}
+	return 0;
+}
+
+int
+output_scalar(yaml_event_t *event, gldns_buffer *buf)
+{
+	const char *fmt = "%s";
+	
+	assert(event);
+	assert(buf);
+	assert(event->data.scalar.length > 0);
+	
+	if (event->data.scalar.style != YAML_PLAIN_SCALAR_STYLE)
+		fmt = "\"%s\"";
+
+	if ( gldns_buffer_printf(buf, fmt, event->data.scalar.value) == -1 )
+		return -1;
+	return 0;
+}
+
+void report_parser_error(yaml_parser_t *parser)
+{
+	assert(parser);
+
+	/* Display a parser error message. */
+	switch (parser->error) {
+	case YAML_MEMORY_ERROR:
+		fprintf(stderr, "Memory error: Not enough memory for parsing\n");
+		break;
+
+	case YAML_READER_ERROR:
+		if (parser->problem_value != -1) {
+			fprintf(stderr, "Reader error: %s: #%X at %zu\n", parser->problem,
+					parser->problem_value, parser->problem_offset);
+		} else {
+			fprintf(stderr, "Reader error: %s at %zu\n", parser->problem,
+					parser->problem_offset);
+		}
+		break;
+
+	case YAML_SCANNER_ERROR:
+		if (parser->context) {
+			fprintf(stderr, "Scanner error: %s at line %lu, column %lu\n"
+					"%s at line %lu, column %lu\n", parser->context,
+					parser->context_mark.line+1, parser->context_mark.column+1,
+					parser->problem, parser->problem_mark.line+1,
+					parser->problem_mark.column+1);
+		} else {
+			fprintf(stderr, "Scanner error: %s at line %lu, column %lu\n",
+					parser->problem, parser->problem_mark.line+1,
+					parser->problem_mark.column+1);
+		}
+		break;
+
+	case YAML_PARSER_ERROR:
+		if (parser->context) {
+			fprintf(stderr, "Parser error: %s at line %lu, column %lu\n"
+					"%s at line %lu, column %lu\n", parser->context,
+					parser->context_mark.line+1, parser->context_mark.column+1,
+					parser->problem, parser->problem_mark.line+1,
+					parser->problem_mark.column+1);
+		} else {
+			fprintf(stderr, "Parser error: %s at line %lu, column %lu\n",
+					parser->problem, parser->problem_mark.line+1,
+					parser->problem_mark.column+1);
+		}
+		break;
+
+	default:
+		/* Couldn't happen. */
+		fprintf(stderr, "Internal error\n");
+		break;
+	}
+	return;
+}
+
+/* TODO - improve this */
+char*
+event_type_string(yaml_event_type_t type)
+{	
+	switch (type) {
+	case YAML_STREAM_START_EVENT:
+		return "YAML_STREAM_START_EVENT";
+		
+	case YAML_STREAM_END_EVENT:
+		return "YAML_STREAM_END_EVENT";
+		
+	case YAML_DOCUMENT_START_EVENT:
+		return "YAML_DOCUMENT_START_EVENT";
+
+	case YAML_DOCUMENT_END_EVENT:
+		return "YAML_DOCUMENT_END_EVENT";
+
+	case YAML_ALIAS_EVENT:
+		return "YAML_ALIAS_EVENT";
+
+	case YAML_SCALAR_EVENT:
+		return "YAML_SCALAR_EVENT";
+
+	case YAML_SEQUENCE_START_EVENT:
+		return "YAML_SEQUENCE_START_EVENT";
+
+	case YAML_SEQUENCE_END_EVENT:
+		return "YAML_SEQUENCE_END_EVENT";
+
+	case YAML_MAPPING_START_EVENT:
+		return "YAML_MAPPING_START_EVENT";
+
+	case YAML_MAPPING_END_EVENT:
+		return "YAML_MAPPING_END_EVENT";
+
+	default:
+		/* NOTREACHED */
+		return NULL;
+	}
+	return NULL;
+}
+
+#endif /* USE_YAML_CONFIG */
diff --git a/src/yaml/convert_yaml_to_json.h b/src/yaml/convert_yaml_to_json.h
new file mode 100644
index 00000000..75b652f6
--- /dev/null
+++ b/src/yaml/convert_yaml_to_json.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2017, NLNet Labs, Verisign, Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _CONVERT_YAML_TO_JSON_H
+#define _CONVERT_YAML_TO_JSON_H
+
+#include <stdio.h>
+
+/**
+ * read yaml-syntax data from the string and convert to json-syntax
+ * yaml syntax resitrictions imposed for getdns:
+ *    the outer-most data structure must be a yaml mapping
+ *    mapping keys must be yaml scalars
+ *    plain scalars are output to the json string unchanged
+ *    non-plain scalars (quoted, double-quoted, wrapped) are output double-quoted
+ * TODO Test on yaml data containing yaml tags (these are ignored at present)
+ *      The code has only been tested on yaml data using indentation style, so it
+ *        should be tested on other styles as well.
+ * @param instr the string carrying data in yaml syntax
+ * @return a string of data in json syntax on success
+ * @return NULL if there is a yaml syntax violation
+ *                 the outer-most structure in not a mapping
+ *                 a mapping key is complex (a mapping or sequence)
+ */
+char * yaml_string_to_json_string(const char *instr);
+
+#endif //_CONVERT_YAML_TO_JSON_H

From f53e5645d9f6bcba9d59eba3372743284b55f282 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 13 Sep 2017 10:00:56 +0100
Subject: [PATCH 032/140] Improve the comments about the new backoff handling.
 Remove unnecessary log.

---
 src/stub.c               | 17 ++++++++++++++---
 src/tools/getdns_query.c |  1 -
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index eac26fcf..8ca9a6dc 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1815,11 +1815,15 @@ upstream_active(getdns_upstream *upstream)
 static int
 upstream_usable(getdns_upstream *upstream, int backoff_ok) 
 {
+	/* If backoff_ok is not true then only use upstreams that are in a healthy
+	   state. */
 	if ((upstream->conn_state == GETDNS_CONN_CLOSED || 
 	     upstream->conn_state == GETDNS_CONN_SETUP || 
 	     upstream->conn_state == GETDNS_CONN_OPEN) &&
 	     upstream->keepalive_shutdown == 0)
 		return 1;
+	/* Otherwise, allow upstreams that are backed off to be used because that
+	   is better that having no upstream at all. */
 	if (backoff_ok == 1 &&
 	    upstream->conn_state == GETDNS_CONN_BACKOFF)
 		return 1;
@@ -1848,6 +1852,11 @@ upstream_valid(getdns_upstream *upstream,
                           getdns_network_req *netreq,
                           int backoff_ok)
 {
+	/* Checking upstreams with backoff_ok true will aslo return upstreams
+	   that are in a backoff state. Otherwise only use upstreams that have
+	   a 'good' connection state. backoff_ok is usefull when no upstreams at all
+	   are valid, for example when the network connection is down and need to 
+	   keep trying to connect before failing completely. */
 	if (!(upstream->transport == transport && upstream_usable(upstream, backoff_ok)))
 		return 0;
 	if (transport == GETDNS_TRANSPORT_TCP)
@@ -1915,7 +1924,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 	}
 
 	/* OK - Find the next one to use. First check we have at least one valid
-	   upstream because we completely back off failed 
+	   upstream (not backed-off) because we completely back off failed 
 	   upstreams we may have no valid upstream at all (in contrast to UDP).*/
 	i = upstreams->current_stateful;
 	do {
@@ -1930,7 +1939,8 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 			i = 0;
 	} while (i != upstreams->current_stateful);
 	if (!upstream) {
-		/* Oh, oh. We have no valid upstreams. Try to find one that might work.
+		/* Oh, oh. We have no valid upstreams. Try to find one that might work so
+		   allow backed off upstreams to be considered valid.
 		   Don't worry about the policy, just use the one with the least bad
 		   stats that still fits the bill (right transport, right authentication)
 		   to try to avoid total failure due to network outages. */
@@ -1966,7 +1976,8 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 
 	/* Now select the specific upstream */
 	if (netreq->owner->context->round_robin_upstreams == 0) {
-		/* Base the decision on the stats, noting we will have started from 0*/
+		/* Base the decision on the stats and being not backed-off, 
+		   noting we will have started from 0*/
 		for (i++; i < upstreams->count; i++) {
 			if (upstream_valid(&upstreams->upstreams[i], transport, netreq, 0) &&
 			    upstream_stats(&upstreams->upstreams[i]) > upstream_stats(upstream))
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index d8337ffd..582f2c0c 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1769,7 +1769,6 @@ main(int argc, char **argv)
 		loop->vmt->run(loop);
 	}
 	else if (listen_count) {
-		fprintf(stderr, "Starting Stubby DAEMON....\n");
 		assert(loop);
 #ifndef GETDNS_ON_WINDOWS
 		if (i_am_stubby && !run_in_foreground) {

From 453b94269bb8dd76d55eb436d7f210f9991671de Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 13 Sep 2017 12:45:56 +0100
Subject: [PATCH 033/140] Updates to makefiles for s/stubby.conf/stubby.yaml

---
 Makefile.in     | 2 +-
 src/Makefile.in | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 422f6d80..1b99cee3 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -245,7 +245,7 @@ $(distdir):
 	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
 	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
 	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
-	cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
+	cp $(srcdir)/stubby/stubby.yaml.example $(distdir)/stubby
 	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
 	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
 	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
diff --git a/src/Makefile.in b/src/Makefile.in
index d38f78f0..2f9bd411 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -193,14 +193,14 @@ stubby.lo: $(stubbysrcdir)/src/stubby.c
 stubby: stubby.lo libgetdns.la 
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
 
-install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
+install-stubby: stubby $(stubbysrcdir)/stubby.yaml.example $(stubbysrcdir)/stubby-setdns-macos.sh
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
 	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
 	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
-	test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
-		$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
+	test -f $(DESTDIR)$(stubbyconfdir)/stubby.yaml || \
+		$(INSTALL_DATA) $(stubbysrcdir)/stubby.yaml.example $(DESTDIR)$(stubbyconfdir)/stubby.yaml
 
 uninstall-stubby:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby

From 6d6e66c5a89aa4617b65796f274e52fa7fd24904 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 12:49:39 +0100
Subject: [PATCH 034/140] Add libyaml to dependencies for Travis.

---
 .travis.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.travis.yml b/.travis.yml
index d46dd307..6b3fc7b4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -8,6 +8,7 @@ addons:
     packages:
     - libunbound-dev
     - libidn11-dev
+    - libyaml-dev
     - check
     - libevent-dev
     - libev-dev

From c74e8353a8838cdc0535352f1b505797089c07d2 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 12:50:18 +0100
Subject: [PATCH 035/140] Move to clang-friendly way of marking unused function
 parameters as used.

---
 src/convert.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/convert.c b/src/convert.c
index a5692b77..c9244781 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1821,8 +1821,8 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	str = str;
-	dict = dict;
+	(void) str;
+	(void) dict;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
@@ -1845,8 +1845,8 @@ getdns_yaml2list(const char *str, getdns_list **list)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	str = str;
-	list = list;
+	(void) str;
+	(void) list;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
@@ -1869,8 +1869,8 @@ getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	str = str;
-	bindata = bindata;
+	(void) str;
+	(void) bindata;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
@@ -1893,8 +1893,8 @@ getdns_yaml2int(const char *str, uint32_t *value)
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
 #else /* USE_YAML_CONFIG */
-	str = str;
-	value = value;
+	(void) str;
+	(void) value;
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }

From eabad34af95728ae410a728fd05f52f031bd6fc4 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 12:51:16 +0100
Subject: [PATCH 036/140] Add libyaml dependency to README, and note how to
 remove it.

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index b54c8f73..65af0d07 100644
--- a/README.md
+++ b/README.md
@@ -72,6 +72,7 @@ External dependencies are linked outside the getdns API build tree (we rely on c
 * [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
 * [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1.  (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.)
 * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
+* [libyaml](http://pyyaml.org/wiki/LibYAML) version 0.1.6 or later.
 * Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
 
 For example, to build on a recent version of Ubuntu, you would need the following packages:
@@ -99,6 +100,7 @@ Note: If you only want to build stubby, then use the `--with-stubby` option when
 
 * getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure.  This removes the dependency on `libunbound`.
 * Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
+* getdns can be configured to not support YAML configuration with the `--disable-yaml-config` option to configure. This removes the dependency on `libyaml`.
 * When both `--enable-stub-only` and `--without-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
 
 ## Extensions and Event loop dependencies

From 8f3ce9af358d33b8390521a7b9164416d639549b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 13 Sep 2017 14:00:54 +0200
Subject: [PATCH 037/140] Configurable zero configuration DNSSEC parameters

---
 src/anchor.c                 | 306 ++++++++++++++++++++++++++---------
 src/context.c                | 147 +++++++++++++++++
 src/context.h                |  15 ++
 src/getdns/getdns_extra.h.in |  51 ++++++
 4 files changed, 439 insertions(+), 80 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 1a9b640a..ed594059 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -50,35 +50,6 @@
 #include "rr-iter.h"
 #include "util-internal.h"
 
-#define P7SIGNER "dnssec@iana.org"
-
-/* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
-static char _getdns_builtin_cert[] = 
-"-----BEGIN CERTIFICATE-----\n"
-"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
-"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
-"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
-"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
-"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
-"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
-"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
-"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
-"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
-"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
-"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
-"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
-"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
-"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
-"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
-"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
-"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
-"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
-"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
-"-----END CERTIFICATE-----\n";
-
-static getdns_bindata _getdns_builtin_cert_bd =
-    { sizeof(_getdns_builtin_cert) - 1, (void *)_getdns_builtin_cert};
-
 /* get key usage out of its extension, returns 0 if no key_usage extension */
 static unsigned long
 _getdns_get_usage_of_ex(X509* cert)
@@ -585,7 +556,7 @@ static ta_iter *ta_iter_init(ta_iter *ta, const char *doc, size_t doc_len)
 	return ta_iter_next(ta);
 }
 
-uint16_t _getdns_parse_xml_trust_anchors_buf(
+static uint16_t _getdns_parse_xml_trust_anchors_buf(
     gldns_buffer *gbuf, time_t now, char *xml_data, size_t xml_len)
 {
 	ta_iter ta_spc, *ta;
@@ -750,18 +721,35 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 	uint8_t xml_spc[4096], *xml_data;
 	uint8_t p7s_spc[4096], *p7s_data = NULL;
 	size_t xml_len, p7s_len;
+	const char *verify_email = NULL;
+	const char *verify_CA = NULL;
+	getdns_return_t r;
 
 	BIO *xml = NULL, *p7s = NULL, *crt = NULL;
 	X509 *x = NULL;
 	X509_STORE *store = NULL;
 
-	if (!(xml_data = _getdns_context_get_priv_file(context,
+	if ((r = getdns_context_get_trust_anchor_verify_CA(
+	    context, ".", &verify_CA)))
+		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
+			     " CA: \"%s\"\n", __FUNC__
+			    , getdns_get_errorstr_by_id(r));
+
+	else if ((r = getdns_context_get_trust_anchor_verify_email(
+	    context, ".", &verify_email)))
+		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
+		             "address: \"%s\"\n", __FUNC__
+		            , getdns_get_errorstr_by_id(r));
+
+	else if (!(xml_data = _getdns_context_get_priv_file(context,
 	    "root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
-		; /* pass */
+		DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n"
+		            , __FUNC__);
 
 	else if (!(p7s_data = _getdns_context_get_priv_file(context,
 	    "root-anchors.p7s", p7s_spc, sizeof(p7s_spc), &p7s_len)))
-		; /* pass */
+		DEBUG_ANCHOR("DEBUG %s(): root-anchors.p7s not present\n"
+		            , __FUNC__);
 
 	else if (!(xml = BIO_new_mem_buf(xml_data, xml_len)))
 		DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
@@ -770,8 +758,8 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 	else if (!(p7s = BIO_new_mem_buf(p7s_data, p7s_len)))
 		DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
 		            , __FUNC__);
-	
-	else if (!(crt = BIO_new_mem_buf((void *)_getdns_builtin_cert, -1)))
+
+	else if (!(crt = BIO_new_mem_buf((void *)verify_CA, -1)))
 		DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
 		            , __FUNC__);
 
@@ -787,7 +775,7 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
 		            , __FUNC__);
 
-	else if (_getdns_verify_p7sig(xml, p7s, store, "dnssec@iana.org")) {
+	else if (_getdns_verify_p7sig(xml, p7s, store, verify_email)) {
 		uint8_t ta_spc[sizeof(context->trust_anchors_spc)];
 		size_t ta_len;
 		uint8_t *ta = NULL;
@@ -837,17 +825,17 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		GETDNS_FREE(context->mf, p7s_data);
 }
 
-static const uint8_t tas_write_p7s_buf[] =
-"GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
-"Host: data.iana.org\r\n"
+static const char tas_write_p7s_buf[] =
+"GET %s HTTP/1.1\r\n"
+"Host: %s\r\n"
 "\r\n";
 
-static const uint8_t tas_write_xml_p7s_buf[] =
-"GET /root-anchors/root-anchors.xml HTTP/1.1\r\n"
-"Host: data.iana.org\r\n"
+static const char tas_write_xml_p7s_buf[] =
+"GET %s HTTP/1.1\r\n"
+"Host: %s\r\n"
 "\r\n"
-"GET /root-anchors/root-anchors.p7s HTTP/1.1\r\n"
-"Host: data.iana.org\r\n"
+"GET %s HTTP/1.1\r\n"
+"Host: %s\r\n"
 "\r\n";
 
 
@@ -888,6 +876,8 @@ static void tas_cleanup(getdns_context *context, tas_connection *a)
 	tas_rinse(context, a);
 	if (a->req)
 		_getdns_context_cancel_request(a->req->owner);
+	if (a->http)
+		GETDNS_FREE(context->mf, (void *)a->http);
 	(void) memset(a, 0, sizeof(*a));
 	a->fd = -1;
 }
@@ -1004,14 +994,33 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		getdns_bindata p7s_bd;
 		uint8_t *tas = context->trust_anchors_spc;
 		size_t tas_len = sizeof(context->trust_anchors_spc);
+		const char *verify_email = NULL;
+		getdns_bindata verify_CA;
+		getdns_return_t r;
 
 		p7s_bd.data = a->tcp.read_buf;
 		p7s_bd.size = a->tcp.read_buf_len;
-	       	tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
-		    &_getdns_builtin_cert_bd, "dnssec@iana.org",
-		    time(NULL), tas, &tas_len);
 
-		if (tas) {
+		if ((r = getdns_context_get_trust_anchor_verify_CA(
+		    context, ".", (const char **)&verify_CA.data)))
+			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
+				     " CA: \"%s\"\n", __FUNC__
+				    , getdns_get_errorstr_by_id(r));
+
+		else if (!(verify_CA.size = strlen((const char *)verify_CA.data)))
+			; /* pass */
+
+		else if ((r = getdns_context_get_trust_anchor_verify_email(
+		    context, ".", &verify_email)))
+			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
+				     " email address: \"%s\"\n", __FUNC__
+				    , getdns_get_errorstr_by_id(r));
+
+		else if (!(tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
+		    &verify_CA, verify_email, time(NULL), tas, &tas_len)))
+			; /* pass */
+
+		else {
 			context->trust_anchors = tas;
 			context->trust_anchors_len = tas_len;
 			_getdns_context_write_priv_file(
@@ -1019,8 +1028,9 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 			_getdns_context_write_priv_file(
 			    context, "root-anchors.p7s", &p7s_bd);
 			tas_success(context, a);
-		} else
-			tas_fail(context, a);
+			return;
+		}
+		tas_fail(context, a);
 		return;
 	}
 	/* First try to read signatures immediately */
@@ -1220,6 +1230,38 @@ static void tas_write_cb(void *userarg)
 	tas_next(context, a);
 }
 
+static getdns_return_t _getdns_get_tas_url_hostname(
+    getdns_context *context, char *hostname, const char **path)
+{
+	getdns_return_t r;
+	const char *url;
+	char *next_slash;
+	size_t s;
+
+	if ((r = getdns_context_get_trust_anchor_url(context, ".", &url)))
+		return r;
+
+	if ((next_slash = strchr(url + 7 /* "http://" */, '/'))) {
+		if (next_slash - url - 7 > 254)
+			return GETDNS_RETURN_NO_SUCH_LIST_ITEM;
+		if (path)
+			*path = next_slash;
+		strncpy(hostname, url + 7, next_slash - url - 7);
+		hostname[next_slash - url - 7] = 0;
+	} else  {
+		if (path)
+			*path = url + strlen(url);
+		strncpy(hostname, url + 7, 254);
+		hostname[254] = 0;
+	}
+	s = strlen(hostname);
+	if (s && s < 255 && hostname[s - 1] != '.') {
+		hostname[s] = '.';
+		hostname[s+1] = '\0';
+	}
+	return GETDNS_RETURN_GOOD;
+}
+
 static void tas_connect(getdns_context *context, tas_connection *a)
 {
 #if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
@@ -1281,16 +1323,74 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 		r = connect(a->fd, (struct sockaddr *)&addr, sizeof(addr));
 	}
 	if (r == 0 || (r == -1 && (_getdns_EINPROGRESS ||
-				   _getdns_EWOULDBLOCK))) {
+	                           _getdns_EWOULDBLOCK))) {
+		char tas_hostname[256];
+		const char *path = "", *fmt;
+		getdns_return_t R;
+		char *write_buf;
+		size_t buf_sz, path_len, hostname_len;
 
 		a->state += 1;
-		if (a->state == TAS_RETRY_GET_PS7) {
-			a->tcp.write_buf = tas_write_p7s_buf;
-			a->tcp.write_buf_len = sizeof(tas_write_p7s_buf) - 1;
-		} else {
-			a->tcp.write_buf = tas_write_xml_p7s_buf;
-			a->tcp.write_buf_len = sizeof(tas_write_xml_p7s_buf) - 1;
+		if (a->http) {
+			GETDNS_FREE(context->mf, (void *)a->http);
+			a->http = NULL;
+			a->tcp.write_buf = NULL;
+			a->tcp.write_buf_len = 0;
+			a->tcp.written = 0;
 		}
+		if ((R = _getdns_get_tas_url_hostname(
+		    context, tas_hostname, &path))) {
+			DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
+				     ": \"%s\"", __FUNC__
+				    , getdns_get_errorstr_by_id(r));
+			goto error;
+		}
+		hostname_len = strlen(tas_hostname);
+		if (hostname_len > 0 && tas_hostname[hostname_len - 1] == '.')
+			tas_hostname[--hostname_len] = '\0';
+		path_len = strlen(path);
+		if (path_len < 4) {
+			DEBUG_ANCHOR("ERROR %s(): path of tas_url \"%s\" too "
+			             "small\n", __FUNC__, path);
+			goto error;
+		}
+		if (a->state == TAS_RETRY_GET_PS7) {
+			buf_sz = sizeof(tas_write_p7s_buf)
+			       + 1 * (hostname_len - 2) + 1 * (path_len - 2) + 1;
+			fmt = tas_write_p7s_buf;
+		} else {
+			buf_sz = sizeof(tas_write_xml_p7s_buf)
+			       + 2 * (hostname_len - 2) + 2 * (path_len - 2) + 1;
+			fmt = tas_write_xml_p7s_buf;
+		}
+		if (!(write_buf = GETDNS_XMALLOC(context->mf, char, buf_sz))) {
+			DEBUG_ANCHOR("ERROR %s(): Could not allocate write "
+			             "buffer\n", __FUNC__);
+			goto error;
+		}
+		if (a->state == TAS_RETRY_GET_PS7) {
+			(void) snprintf( write_buf, buf_sz, fmt
+			               , path, tas_hostname);
+			write_buf[4 + path_len - 3] =
+			write_buf[4 + path_len - 3] == 'X' ? 'P' : 'p';
+			write_buf[4 + path_len - 2] =              '7';
+			write_buf[4 + path_len - 1] = 
+			write_buf[4 + path_len - 1] == 'L' ? 'S' : 's';
+		} else {
+			(void) snprintf( write_buf, buf_sz, fmt
+			               , path, tas_hostname
+			               , path, tas_hostname);
+			write_buf[29 + hostname_len + 2 * path_len - 3] = 
+			write_buf[29 + hostname_len + 2 * path_len - 3] == 'X'
+			                                           ? 'P' : 'p';
+			write_buf[29 + hostname_len + 2 * path_len - 2] =  '7';
+			write_buf[29 + hostname_len + 2 * path_len - 1] =
+			write_buf[29 + hostname_len + 2 * path_len - 1] == 'L'
+			                                           ? 'S' : 's';
+		}
+		DEBUG_ANCHOR("Write buffer: \"%s\"\n", write_buf);
+		a->tcp.write_buf = (uint8_t *)(a->http = write_buf);
+		a->tcp.write_buf_len = buf_sz - 1;
 		a->tcp.written = 0;
 
 		GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
@@ -1301,6 +1401,7 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 	} else
 		DEBUG_ANCHOR("Connect error: %s\n", strerror(errno));
 
+error:
 	tas_next(context, a);
 }
 
@@ -1316,7 +1417,7 @@ static void tas_happy_eyeballs_cb(void *userarg)
 		tas_connect(context, &context->a);
 }
 
-static void data_iana_org(getdns_dns_req *dnsreq)
+static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
 {
 	getdns_context *context = (getdns_context *)dnsreq->user_pointer;
 	tas_connection *a;
@@ -1328,19 +1429,30 @@ static void data_iana_org(getdns_dns_req *dnsreq)
 	a->rrset = _getdns_rrset_answer(
 	    &a->rrset_spc, a->req->response, a->req->response_len);
 
-	if (!a->rrset)
-		DEBUG_ANCHOR("%s lookup for data.iana.org. returned no "
-		             "response\n", rt_str(a->req->request_type));
-
-	else if (a->req->response_len < dnsreq->name_len + 12 ||
+	if (!a->rrset) {
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+		char tas_hostname[256] = "<no hostname>";
+		(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
+		DEBUG_ANCHOR("%s lookup for %s returned no response\n"
+		            , rt_str(a->req->request_type), tas_hostname);
+#endif
+	} else if (a->req->response_len < dnsreq->name_len + 12 ||
 	    !_getdns_dname_equal(a->req->response + 12, dnsreq->name) ||
-	    a->rrset->rr_type != a->req->request_type)
-		DEBUG_ANCHOR("%s lookup for data.iana.org. returned wrong "
-		             "response\n", rt_str(a->req->request_type));
-	else  if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset)))
-		DEBUG_ANCHOR("%s lookup for data.iana.org. returned no "
-		             "addresses\n", rt_str(a->req->request_type));
-	else {
+	    a->rrset->rr_type != a->req->request_type) {
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+		char tas_hostname[256] = "<no hostname>";
+		(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
+		DEBUG_ANCHOR("%s lookup for %s returned wrong response\n"
+		            , rt_str(a->req->request_type), tas_hostname);
+#endif
+	} else  if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset))) {
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+		char tas_hostname[256] = "<no hostname>";
+		(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
+		DEBUG_ANCHOR("%s lookup for %s returned no addresses\n"
+		            , rt_str(a->req->request_type), tas_hostname);
+#endif
+	} else {
 		tas_connection *other = a == &context->a ? &context->aaaa
 		                                         : &context->a;
 		a->loop = dnsreq->loop;
@@ -1371,11 +1483,44 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 {
 	getdns_return_t r;
 	size_t scheduled;
+	char tas_hostname[256];
+	const char *verify_CA;
+	const char *verify_email;
 
+	if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
+		DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
+		             ": \"%s\"", __FUNC__
+		            , getdns_get_errorstr_by_id(r));
+		return;
+
+	} else if ((r = getdns_context_get_trust_anchor_verify_CA(
+	    context, ".", &verify_CA))) {
+		DEBUG_ANCHOR("ERROR %s(): Could not get verify CA"
+		             ": \"%s\"", __FUNC__
+		            , getdns_get_errorstr_by_id(r));
+		return;
+
+	} else if (!*verify_CA) {
+		DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
+		             "disabled by empty verify CA\n");
+		return;
+	} else if ((r = getdns_context_get_trust_anchor_verify_email(
+	    context, ".", &verify_email))) {
+		DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
+		             ": \"%s\"", __FUNC__
+		            , getdns_get_errorstr_by_id(r));
+		return;
+
+	} else if (!*verify_email) {
+		DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
+		             "disabled by empty verify email address\n");
+		return;
+	}
+	DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
 	DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__,
 	             loop == &context->sync_eventloop.loop ? "" : "a");
 
-	while (!context->sys_ctxt) {
+	while (!context->sys_ctxt) { /* Used as breakable if. Never repeats. */
 		if ((r = getdns_context_create_with_extended_memory_functions(
 		    &context->sys_ctxt, 1, context->mf.mf_arg,
 		    context->mf.mf.ext.malloc, context->mf.mf.ext.realloc,
@@ -1411,10 +1556,10 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 #if 1
 	context->a.state = TAS_LOOKUP_ADDRESSES;
 	if ((r = _getdns_general_loop(context->sys_ctxt, loop,
-	    "data.iana.org.", GETDNS_RRTYPE_A, NULL, context,
-	    &context->a.req, NULL, data_iana_org))) {
-		DEBUG_ANCHOR("Error scheduling A lookup for data.iana.org: "
-		             "%s\n", getdns_get_errorstr_by_id(r));
+	    tas_hostname, GETDNS_RRTYPE_A, NULL, context,
+	    &context->a.req, NULL, _tas_hostname_lookup_cb))) {
+		DEBUG_ANCHOR("Error scheduling A lookup for %s: %s\n"
+		            , tas_hostname, getdns_get_errorstr_by_id(r));
 	} else
 		scheduled += 1;
 #endif
@@ -1422,17 +1567,18 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 #if 1
 	context->aaaa.state = TAS_LOOKUP_ADDRESSES;
 	if ((r = _getdns_general_loop(context->sys_ctxt, loop,
-	    "data.iana.org.", GETDNS_RRTYPE_AAAA, NULL, context,
-	    &context->aaaa.req, NULL, data_iana_org))) {
-		DEBUG_ANCHOR("Error scheduling AAAA lookup for data.iana.org: "
-		             "%s\n", getdns_get_errorstr_by_id(r));
+	    tas_hostname, GETDNS_RRTYPE_AAAA, NULL, context,
+	    &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
+		DEBUG_ANCHOR("Error scheduling AAAA lookup for %s: %s\n"
+		            , tas_hostname, getdns_get_errorstr_by_id(r));
 	} else
 		scheduled += 1;
 #endif
 
 	if (!scheduled) {
 		DEBUG_ANCHOR("Fatal error fetching trust anchor: Unable to "
-		             "schedule address requests for data.iana.org\n");
+		             "schedule address requests for %s\n"
+		            , tas_hostname);
 		context->trust_anchors_source = GETDNS_TASRC_FAILED;
 		_getdns_ta_notify_dnsreqs(context);
 	} else
diff --git a/src/context.c b/src/context.c
index 49879228..71bbc4ba 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1343,6 +1343,37 @@ static void _getdns_check_expired_pending_netreqs_cb(void *arg)
 	_getdns_check_expired_pending_netreqs((getdns_context *)arg, &now_ms);
 }
 
+static const char *_getdns_default_root_anchor_url =
+    "http://data.iana.org/root-anchors/root-anchors.xml";
+
+/* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
+static const char *_getdns_default_root_anchor_verify_CA =
+"-----BEGIN CERTIFICATE-----\n"
+"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
+"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
+"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
+"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
+"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
+"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
+"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
+"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
+"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
+"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
+"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
+"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
+"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
+"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
+"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
+"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
+"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
+"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
+"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
+"-----END CERTIFICATE-----\n";
+
+static const char *_getdns_default_root_anchor_verify_email =
+    "dnssec@iana.org";
+
+
 /*
  * getdns_context_create
  *
@@ -1443,6 +1474,11 @@ getdns_context_create_with_extended_memory_functions(
 	result->suffixes_len = sizeof(no_suffixes);
 
 	result->trust_anchors_source = GETDNS_TASRC_NONE;
+	result->can_write_appdata = PROP_UNKNOWN;
+	result->root_anchor_url = _getdns_default_root_anchor_url;
+	result->root_anchor_verify_email
+	    = _getdns_default_root_anchor_verify_email;
+	result->root_anchor_verify_CA = _getdns_default_root_anchor_verify_CA;
 
 	(void) memset(&result->a, 0, sizeof(result->a));
 	(void) memset(&result->aaaa, 0, sizeof(result->aaaa));
@@ -4626,5 +4662,116 @@ void _getdns_context_write_priv_file(getdns_context *context,
 	}
 }
 
+getdns_return_t
+getdns_context_set_trust_anchor_url(
+    getdns_context *context, const char *zone, const char *url)
+{
+	const char *path;
+	size_t path_len;
+
+	if (!context || !url)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && !(zone[0] == '.' && zone[1] == '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	if (! ((url[0] == 'h' || url[0] == 'H')
+	    && (url[1] == 't' || url[1] == 'T')
+	    && (url[2] == 't' || url[2] == 'T')
+	    && (url[3] == 'p' || url[3] == 'P')
+	    &&  url[4] == ':' && url[5] == '/' && url[6] == '/'
+	    && (path = strchr(url + 7, '/'))))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	path_len = strlen(path);
+	if (! ( path_len >= 4
+	    && (path[path_len - 3] == 'x' || path[path_len - 3] == 'X')
+	    && (path[path_len - 2] == 'm' || path[path_len - 2] == 'm')
+	    && (path[path_len - 1] == 'l' || path[path_len - 1] == 'l')))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	context->root_anchor_url = url;
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_get_trust_anchor_url(
+    getdns_context *context, const char *zone, const char **url)
+{
+	if (!context || !url)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && (zone[0] != '.' || zone[1] != '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	*url = context && context->root_anchor_url
+	     ?            context->root_anchor_url
+	     :     _getdns_default_root_anchor_url;
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_set_trust_anchor_verify_CA(
+    getdns_context *context, const char *zone, const char *verify_CA)
+{
+	if (!context || !verify_CA)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && (zone[0] != '.' || zone[1] != '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	context->root_anchor_verify_CA = verify_CA;
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_get_trust_anchor_verify_CA(
+    getdns_context *context, const char *zone, const char **verify_CA)
+{
+	if (!verify_CA)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && (zone[0] != '.' || zone[1] != '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	*verify_CA = context && context->root_anchor_verify_CA
+	           ?            context->root_anchor_verify_CA
+	           :     _getdns_default_root_anchor_verify_CA;
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_set_trust_anchor_verify_email(
+    getdns_context *context, const char *zone, const char *verify_email)
+{
+	if (!context || !verify_email)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && (zone[0] != '.' || zone[1] != '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	context->root_anchor_verify_email = verify_email;
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_get_trust_anchor_verify_email(
+    getdns_context *context, const char *zone, const char **verify_email)
+{
+	if (!verify_email)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (zone && (zone[0] != '.' || zone[1] != '\0'))
+		return GETDNS_RETURN_NOT_IMPLEMENTED;
+
+	*verify_email = context && context->root_anchor_verify_email
+	              ?            context->root_anchor_verify_email
+		      :     _getdns_default_root_anchor_verify_email;
+	return GETDNS_RETURN_GOOD;
+}
+
 
 /* context.c */
diff --git a/src/context.h b/src/context.h
index 24b47e8a..e7c39fa5 100644
--- a/src/context.h
+++ b/src/context.h
@@ -113,6 +113,7 @@ typedef enum getdns_tsig_algo {
 	GETDNS_HMAC_SHA512 = 7
 } getdns_tsig_algo;
 
+
 typedef struct getdns_tsig_info {
 	getdns_tsig_algo  alg;
 	const char       *name;
@@ -281,6 +282,13 @@ typedef enum tas_state {
 	TAS_RETRY_DONE
 } tas_state;
 
+typedef enum _getdns_property {
+	PROP_INHERIT =  0,
+	PROP_UNKNOWN =  1,
+	PROP_UNABLE  =  2,
+	PROP_ABLE    =  3 
+} _getdns_property;
+
 typedef struct tas_connection {
 	getdns_eventloop       *loop;
 	getdns_network_req     *req;
@@ -292,6 +300,7 @@ typedef struct tas_connection {
 	getdns_eventloop_event event;
 	tas_state              state;
 	getdns_tcp_state       tcp;
+	char                  *http;
 	getdns_bindata         xml;
 } tas_connection;
 
@@ -325,6 +334,12 @@ struct getdns_context {
 	tas_connection        aaaa;
 	uint8_t               tas_hdr_spc[512];
 
+	_getdns_property      can_write_appdata : 2;
+
+	const char           *root_anchor_url;
+	const char           *root_anchor_verify_CA;
+	const char           *root_anchor_verify_email;
+
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index dbb8eab4..a6f68d9a 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -79,6 +79,13 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT "Change related to getdns_context_set_tls_backoff_time"
 #define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES 624
 #define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT "Change related to getdns_context_set_tls_connection_retries"
+
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL 625
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL_TEXT "Change related to getdns_context_set_trust_anchor_url"
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA 626
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT "Change related to getdns_context_set_trust_anchor_verify_ca"
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL 627
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT "Change related to getdns_context_set_trust_anchor_verify_email"
 /** @}
   */
 
@@ -537,6 +544,28 @@ getdns_return_t
 getdns_context_set_logfunc(getdns_context *context, void *userarg,
     uint64_t system, getdns_loglevel_type level, getdns_logfunc_type func);
 
+/**
+ *
+ */
+getdns_return_t
+getdns_context_set_trust_anchor_url(
+    getdns_context *context, const char *zone, const char *url);
+
+/**
+ *
+ */
+getdns_return_t
+getdns_context_set_trust_anchor_verify_CA(
+    getdns_context *context, const char *zone, const char *verify_CA);
+
+/**
+ *
+ */
+getdns_return_t
+getdns_context_set_trust_anchor_verify_email(
+    getdns_context *context, const char *zone, const char *verify_email);
+
+
 /**
  * Get the current resolution type setting from this context.
  * @see getdns_context_set_resolution_type
@@ -902,6 +931,28 @@ getdns_return_t
 getdns_context_get_update_callback(getdns_context *context, void **userarg,
     void (**value) (getdns_context *, getdns_context_code_t, void *));
 
+/**
+ *
+ */
+getdns_return_t
+getdns_context_get_trust_anchor_url(
+    getdns_context *context, const char *zone, const char **url);
+
+/**
+ *
+ */
+getdns_return_t
+getdns_context_get_trust_anchor_verify_CA(
+    getdns_context *context, const char *zone, const char **verify_CA);
+
+/**
+ *
+ */
+getdns_return_t
+getdns_context_get_trust_anchor_verify_email(
+    getdns_context *context, const char *zone, const char **verify_email);
+
+
 /** @}
  */
 

From f0190e4f033183322840371934bfad87a7078463 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 13 Sep 2017 13:02:01 +0100
Subject: [PATCH 038/140] Add 2 missing parameters from the config output

---
 src/context.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/context.c b/src/context.c
index 47a04829..1c6a3a7c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3699,6 +3699,8 @@ _get_context_settings(getdns_context* context)
 	    || (  context->edns_maximum_udp_payload_size != -1
 	       && getdns_dict_set_int(result, "edns_maximum_udp_payload_size",
 	                              context->edns_maximum_udp_payload_size))
+	    || getdns_dict_set_int(result, "edns_client_subnet_private",
+	                           context->edns_client_subnet_private)
 	    || getdns_dict_set_int(result, "edns_extended_rcode",
 	                           context->edns_extended_rcode)
 	    || getdns_dict_set_int(result, "edns_version",
@@ -3714,7 +3716,9 @@ _get_context_settings(getdns_context* context)
 	    || getdns_dict_set_int(result, "tls_backoff_time",
 	                           context->tls_backoff_time)
 	    || getdns_dict_set_int(result, "tls_connection_retries",
-	                           context->tls_connection_retries))
+	                           context->tls_connection_retries)
+	    || getdns_dict_set_int(result, "tls_query_padding_blocksize",
+	                           context->tls_query_padding_blocksize))
 		goto error;
 	
 	/* list fields */

From 9683a64f733dcb93f858aff6a029a3660f1388fb Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 15:01:13 +0100
Subject: [PATCH 039/140] Add test 255-yaml-config with basic test of
 getdns_yaml2dict.

---
 .../255-yaml-config.Makefile                  | 15 ++++
 .../255-yaml-config.tpkg/255-yaml-config.c    | 60 ++++++++++++++
 .../255-yaml-config.tpkg/255-yaml-config.dsc  | 16 ++++
 .../255-yaml-config.tpkg/255-yaml-config.good | 80 +++++++++++++++++++
 .../255-yaml-config.input                     | 47 +++++++++++
 .../255-yaml-config.tpkg/255-yaml-config.pre  | 14 ++++
 .../255-yaml-config.tpkg/255-yaml-config.test |  7 ++
 7 files changed, 239 insertions(+)
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.Makefile
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.dsc
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.input
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.pre
 create mode 100644 src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.test

diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.Makefile b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.Makefile
new file mode 100644
index 00000000..c297df6d
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.Makefile
@@ -0,0 +1,15 @@
+builddir = @BUILDDIR@
+testname = @TPKG_NAME@
+LIBTOOL  = $(builddir)/libtool
+
+CFLAGS=-I$(builddir)/src
+LDLIBS=$(builddir)/src/libgetdns.la
+
+.SUFFIXES: .c .o .a .lo .h
+
+.c.lo:
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
+
+$(testname): $(testname).lo
+	$(LIBTOOL) --tag=CC --mode=link $(CC) $(LDLIBS) $(LDFLAGS) -o $(testname) $(testname).lo
+
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
new file mode 100644
index 00000000..b2a5f15b
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
@@ -0,0 +1,60 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <getdns/getdns.h>
+#include <getdns/getdns_extra.h>
+
+int main(int ac, char *av[])
+{
+	FILE *f;
+	char *buf = NULL;
+	size_t len;
+	ssize_t bytes_read;
+
+	f = fopen(av[1], "r");
+	if (!f) {
+		fprintf(stderr, "Could not open %s", av[1]);
+		exit(EXIT_FAILURE);
+	}
+
+	bytes_read = getdelim(&buf, &len, '\0', f);
+	fclose(f);
+
+	if (bytes_read == -1) {
+		fprintf(stderr, "Could not read %s", av[1]);
+		exit(EXIT_FAILURE);
+	}
+
+	buf = realloc(buf, bytes_read + 1);
+	if (!buf) {
+		fprintf(stderr, "Could not grow buffer");
+		exit(EXIT_FAILURE);
+	}
+	buf[bytes_read] = '\0';
+
+	getdns_dict *dict = NULL;
+	getdns_return_t r;
+
+	if (!(dict = getdns_dict_create())) {
+		fprintf(stderr, "Could not create dict");
+		exit(EXIT_FAILURE);
+	}
+
+	r = getdns_yaml2dict(buf, &dict);
+	if (r) {
+		fprintf(stderr, "Error setting dict data: %s", getdns_get_errorstr_by_id(r));
+		getdns_dict_destroy(dict);
+		exit(EXIT_FAILURE);
+	}
+
+	char *dict_str = getdns_pretty_print_dict(dict);
+	if (!dict_str) {
+		fprintf(stderr, "Could not convert dict to string");
+		getdns_dict_destroy(dict);
+		exit(EXIT_FAILURE);
+	}
+
+	printf("%s\n", dict_str);
+	free(dict_str);
+	getdns_dict_destroy(dict);
+	exit(EXIT_SUCCESS);
+}
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.dsc b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.dsc
new file mode 100644
index 00000000..e00f4468
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.dsc
@@ -0,0 +1,16 @@
+BaseName: 255-yaml-config
+Version: 1.0
+Description: Test YAML configuration
+CreationDate: Wed 13 Sep 2017 12:42:32 BST
+Maintainer: Jim Hague
+Category: 
+Component:
+CmdDepends: 
+Depends: 200-stub-only-compile.tpkg
+Help:
+Pre: 255-yaml-config.pre
+Post: 
+Test: 255-yaml-config.test
+AuxFiles: 
+Passed:
+Failure:
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
new file mode 100644
index 00000000..aae0e318
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
@@ -0,0 +1,80 @@
+{
+  "dnssec_return_status": 1000,
+  "upstream_recursive_servers":
+  [
+    {
+      "address_data": <bindata for 145.100.185.15>,
+      "tls_auth_name": <bindata of "dnsovertls.sinodun.com">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 145.100.185.16>,
+      "tls_auth_name": <bindata of "dnsovertls1.sinodun.com">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 185.49.141.37>,
+      "tls_auth_name": <bindata of "getdnsapi.net">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 184.105.193.78>,
+      "tls_auth_name": <bindata of "unicast.censurfridns.dk">
+    },
+    {
+      "address_data": <bindata for 2001:610:1:40ba:145:100:185:15>,
+      "tls_auth_name": <bindata of "dnsovertls.sinodun.com">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 2001:610:1:40ba:145:100:185:16>,
+      "tls_auth_name": <bindata of "dnsovertls1.sinodun.com">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 2a04:b900:0:100::38>,
+      "tls_auth_name": <bindata of "getdnsapi.net">,
+      "tls_pubkey_pinset":
+      [
+        {
+          "digest": <bindata of "sha256">,
+          "value": <bindata of foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=>
+        }
+      ]
+    },
+    {
+      "address_data": <bindata for 2620:ff:c000:0:1:0:64:25>,
+      "tls_auth_name": <bindata of "unicast.censurfridns.dk">
+    }
+  ]
+}
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.input b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.input
new file mode 100644
index 00000000..68e4460f
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.input
@@ -0,0 +1,47 @@
+upstream_recursive_servers:
+# IPv4 addresses
+# The Surfnet/Sinodun servers
+  - address_data: 145.100.185.15
+    tls_auth_name: "dnsovertls.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
+  - address_data: 145.100.185.16
+    tls_auth_name: "dnsovertls1.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
+# The getdnsapi.net server
+  - address_data: 185.49.141.37
+    tls_auth_name: "getdnsapi.net"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
+# The uncensored DNS servers (no SPKI available)
+  - address_data: 184.105.193.78
+    tls_auth_name: "unicast.censurfridns.dk"
+# IPv6 addresses
+# The Surfnet/Sinodun servers
+  - address_data: 2001:610:1:40ba:145:100:185:15
+    tls_auth_name: "dnsovertls.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
+  - address_data: 2001:610:1:40ba:145:100:185:16
+    tls_auth_name: "dnsovertls1.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
+# The getdnsapi.net server
+  - address_data: 2a04:b900:0:100::38
+    tls_auth_name: "getdnsapi.net"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
+# The uncensored DNS server (no SPKI available)
+  - address_data: 2620:ff:c000:0:1::64:25
+    tls_auth_name: "unicast.censurfridns.dk"
+
+# Require DNSSEC validation. For releases earlier than 1.2 a trust anchor must
+# be configured configured manually. This can be done with unbound-anchor.
+dnssec_return_status: GETDNS_EXTENSION_TRUE
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.pre b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.pre
new file mode 100644
index 00000000..802443c2
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.pre
@@ -0,0 +1,14 @@
+# #-- 255-yaml-config.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+(
+	grep '^CC=' "${BUILDDIR}/build-stub-only/src/Makefile"
+	grep '^LDFLAGS=' "${BUILDDIR}/build-stub-only/src/Makefile"
+
+	BUILDDIR4SED=`echo "${BUILDDIR}/build-stub-only" | sed  's/\//\\\\\//g'`
+	sed -e "s/@BUILDDIR@/${BUILDDIR4SED}/g" \
+	    -e "s/@TPKG_NAME@/${TPKG_NAME}/g" "${TPKG_NAME}.Makefile"
+) > Makefile
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.test b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.test
new file mode 100644
index 00000000..b3735fb4
--- /dev/null
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.test
@@ -0,0 +1,7 @@
+# #-- 255-yaml-config.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+make && "./${TPKG_NAME}" 255-yaml-config.input | tee out && diff out "${TPKG_NAME}.good"

From 57c40b147d07960e4b390980bf1775fa6c29a6d1 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 15:02:36 +0100
Subject: [PATCH 040/140] Fix capturing exit code of a test.

tpkg was not capturing the exit code of the test, but the exit code of the write_result actions.
---
 src/test/tpkg/tpkg | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/test/tpkg/tpkg b/src/test/tpkg/tpkg
index 713adcfb..043d2ece 100755
--- a/src/test/tpkg/tpkg
+++ b/src/test/tpkg/tpkg
@@ -858,9 +858,10 @@ echo "--------------- Test Output ------------------" | write_result result.$dsc
 pre
 
 out "[log] Executing test" 
-
-( ${SHELL} $dsc_test ${TPKG_ARGS} 2>&1 ) | write_result result.$dsc_basename
+( ${SHELL} $dsc_test ${TPKG_ARGS} 2>&1 ) > result.$dsc_basename.tmp
 test_result=$?
+write_result result.$dsc_basename < result.$dsc_basename.tmp
+rm -f result.$dsc_basename.tmp
 epoch   # would like to run after post, but that is not possible :-(
 if [ $test_result -ne 0 ]; then
         err "[warning] Test executed with errors: $test_result." 

From 8c331d580a60c465e0b50380bceb2e51936232ef Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 13 Sep 2017 15:48:42 +0100
Subject: [PATCH 041/140] Improve usage of getdns to make file extension
 clearer

---
 src/tools/getdns_query.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index c69958bd..5b950af8 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -215,7 +215,8 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-C\t<filename>\n");
 	fprintf(out, "\t\tRead settings from config file <filename>\n");
 	fprintf(out, "\t\tThe getdns context will be configured with these settings\n");
-	fprintf(out, "\t\tThe file must be in JSON or YAML dict format.\n");
+	fprintf(out, "\t\tThe file must be in YAML format (with extension of '.yaml')\n");
+	fprintf(out, "\t\tor JSON dict format (with extension '.conf')\n");
 	if (i_am_stubby) {
 		fprintf(out, "\t\tBy default, configuration is first read from");
 		fprintf(out, "\n\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"\n");

From 0c39696b64064d34695cfcfc1ca8acd8ff85bf30 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 15:50:20 +0100
Subject: [PATCH 042/140] Add '-f' to tpkg usage message.

---
 src/test/tpkg/tpkg | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/tpkg/tpkg b/src/test/tpkg/tpkg
index 043d2ece..0eddaedb 100755
--- a/src/test/tpkg/tpkg
+++ b/src/test/tpkg/tpkg
@@ -197,6 +197,7 @@ function usage() {
 	out " -b DIR\tuse DIR is a base directory in stead of ."
 	out " -a ARGS\tpass the string ARGS through to the test scripts"
 	out " -d\t\tUse directories instead of tar.gz for tpkg archive format"
+	out " -f\t\tForce test to be re-run if already executed"
         out 
         out " (C) NLnetLabs, Miek Gieben. Licensed under the GPL version 2."
 }

From 8139201f12534f19f08ac6a7943664ca6116390c Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 17:29:41 +0100
Subject: [PATCH 043/140] Allow YAML input to be just a list or scalar as well
 as a map.

This allows getdns_yaml2list(), getdns_yaml2bindata() and getdns_yaml2int() to work as expected.

Update the YAML test to check these.
---
 .../255-yaml-config.tpkg/255-yaml-config.c    | 61 +++++++++++++++++--
 .../255-yaml-config.tpkg/255-yaml-config.good |  7 +++
 src/yaml/convert_yaml_to_json.c               | 24 +++++---
 3 files changed, 79 insertions(+), 13 deletions(-)

diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
index b2a5f15b..128195c0 100644
--- a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
@@ -32,29 +32,80 @@ int main(int ac, char *av[])
 	buf[bytes_read] = '\0';
 
 	getdns_dict *dict = NULL;
+	getdns_list *list = NULL;
+	getdns_bindata *bindata = NULL;
 	getdns_return_t r;
 
 	if (!(dict = getdns_dict_create())) {
 		fprintf(stderr, "Could not create dict");
-		exit(EXIT_FAILURE);
+		goto fail;
 	}
 
 	r = getdns_yaml2dict(buf, &dict);
 	if (r) {
 		fprintf(stderr, "Error setting dict data: %s", getdns_get_errorstr_by_id(r));
-		getdns_dict_destroy(dict);
-		exit(EXIT_FAILURE);
+		goto fail;
+	}
+
+	/*
+	 * Now add a list, bindata and int to the dict by hand to check
+	 * the other yaml2* functions work.
+	 */
+	if (!(list = getdns_list_create())) {
+		fprintf(stderr, "Could not create list");
+		goto fail;
+	}
+
+	r = getdns_yaml2list("[\"One\", \"two\", \"three\"]", &list);
+	if (r) {
+		fprintf(stderr, "Error setting list data: %s", getdns_get_errorstr_by_id(r));
+		goto fail;
+	}
+
+	r = getdns_dict_set_list(dict, "List entry", list);
+	if (r) {
+		fprintf(stderr, "Error adding list to dict: %s", getdns_get_errorstr_by_id(r));
+		goto fail;
+	}
+
+	r = getdns_yaml2bindata("2001:7fd::1", &bindata);
+	if (r) {
+		fprintf(stderr, "Error setting bindata: %s", getdns_get_errorstr_by_id(r));
+		goto fail;
+	}
+
+	r = getdns_dict_set_bindata(dict, "Bindata entry", bindata);
+	if (r) {
+		fprintf(stderr, "Error adding list to dict: %s", getdns_get_errorstr_by_id(r));
+		goto fail;
+	}
+
+	uint32_t intval;
+	r = getdns_yaml2int("32767", &intval);
+	if (r) {
+		fprintf(stderr, "Error setting int: %s", getdns_get_errorstr_by_id(r));
+		goto fail;
+	}
+	if (intval != 32767) {
+		fprintf(stderr, "Error reading int: wrong value");
+		goto fail;
 	}
 
 	char *dict_str = getdns_pretty_print_dict(dict);
 	if (!dict_str) {
 		fprintf(stderr, "Could not convert dict to string");
-		getdns_dict_destroy(dict);
-		exit(EXIT_FAILURE);
+		goto fail;
 	}
 
 	printf("%s\n", dict_str);
 	free(dict_str);
 	getdns_dict_destroy(dict);
 	exit(EXIT_SUCCESS);
+
+fail:
+	if (dict)
+		getdns_dict_destroy(dict);
+	if (list)
+		getdns_list_destroy(list);
+	exit(EXIT_FAILURE);
 }
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
index aae0e318..2703569c 100644
--- a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.good
@@ -1,4 +1,11 @@
 {
+  "Bindata entry": <bindata of 0x200107fd000000000000000000000001>,
+  "List entry":
+  [
+     <bindata of "One">,
+     <bindata of "two">,
+     <bindata of "three">
+  ],
   "dnssec_return_status": 1000,
   "upstream_recursive_servers":
   [
diff --git a/src/yaml/convert_yaml_to_json.c b/src/yaml/convert_yaml_to_json.c
index f5117355..e62e971e 100644
--- a/src/yaml/convert_yaml_to_json.c
+++ b/src/yaml/convert_yaml_to_json.c
@@ -206,23 +206,31 @@ process_yaml_document(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *
 			break;
 
 		case YAML_MAPPING_START_EVENT:
-
-			/*
-			 * getdns config data is a dictionary (ie yaml mapping)
-			 * so the document must start with a mapping; scalar
-			 * or sequence would be wrong.
-			 */
+			
 			if (process_yaml_mapping(parser, event, buf) != 0) {
 				return -1;
 			}
 			break;
 
+		case YAML_SEQUENCE_START_EVENT:
+			
+			if (process_yaml_sequence(parser, event, buf) != 0) {
+				return -1;   
+			}
+			break;
+
+		case YAML_SCALAR_EVENT:
+			
+			if (output_scalar(event, buf) != 0) {
+				fprintf(stderr, "Value error: Error outputting scalar\n");
+				return -1;
+			}
+			break;
+
 		case YAML_STREAM_START_EVENT:
 		case YAML_STREAM_END_EVENT:
 		case YAML_DOCUMENT_START_EVENT:
 		case YAML_ALIAS_EVENT:
-		case YAML_SCALAR_EVENT:
-		case YAML_SEQUENCE_START_EVENT:
 		case YAML_SEQUENCE_END_EVENT:
 		case YAML_MAPPING_END_EVENT:
 

From 8618e4b731dd02a1c6a4acedc86c22d8c72dee1b Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Wed, 13 Sep 2017 17:41:16 +0100
Subject: [PATCH 044/140] Change extension from .yaml to .yml

---
 Makefile.in              | 2 +-
 src/Makefile.in          | 6 +++---
 src/tools/getdns_query.c | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 1b99cee3..2a18e98d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -245,7 +245,7 @@ $(distdir):
 	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
 	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
 	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
-	cp $(srcdir)/stubby/stubby.yaml.example $(distdir)/stubby
+	cp $(srcdir)/stubby/stubby.yml.example $(distdir)/stubby
 	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
 	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
 	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
diff --git a/src/Makefile.in b/src/Makefile.in
index 2f9bd411..9f496d40 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -193,14 +193,14 @@ stubby.lo: $(stubbysrcdir)/src/stubby.c
 stubby: stubby.lo libgetdns.la 
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
 
-install-stubby: stubby $(stubbysrcdir)/stubby.yaml.example $(stubbysrcdir)/stubby-setdns-macos.sh
+install-stubby: stubby $(stubbysrcdir)/stubby.yml.example $(stubbysrcdir)/stubby-setdns-macos.sh
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
 	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
 	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
-	test -f $(DESTDIR)$(stubbyconfdir)/stubby.yaml || \
-		$(INSTALL_DATA) $(stubbysrcdir)/stubby.yaml.example $(DESTDIR)$(stubbyconfdir)/stubby.yaml
+	test -f $(DESTDIR)$(stubbyconfdir)/stubby.yml || \
+		$(INSTALL_DATA) $(stubbysrcdir)/stubby.yml.example $(DESTDIR)$(stubbyconfdir)/stubby.yml
 
 uninstall-stubby:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 5b950af8..a58886c0 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -215,7 +215,7 @@ print_usage(FILE *out, const char *progname)
 	fprintf(out, "\t-C\t<filename>\n");
 	fprintf(out, "\t\tRead settings from config file <filename>\n");
 	fprintf(out, "\t\tThe getdns context will be configured with these settings\n");
-	fprintf(out, "\t\tThe file must be in YAML format (with extension of '.yaml')\n");
+	fprintf(out, "\t\tThe file must be in YAML format (with extension of '.yml')\n");
 	fprintf(out, "\t\tor JSON dict format (with extension '.conf')\n");
 	if (i_am_stubby) {
 		fprintf(out, "\t\tBy default, configuration is first read from");
@@ -571,7 +571,7 @@ int parse_config_file(const char *fn, int report_open_failure)
 	}
 	config_file[config_file_sz] = 0;
 	fclose(fh);
-	parse_config(config_file, strstr(fn, ".yaml") != NULL);
+	parse_config(config_file, strstr(fn, ".yml") != NULL);
 	free(config_file);
 	return GETDNS_RETURN_GOOD;
 }

From b20aedd182cfbe3892ee9de72475f864610f1fd7 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 13 Sep 2017 17:42:24 +0100
Subject: [PATCH 045/140] Update the getdns_yaml2*() Doxygen comments.

---
 src/getdns/getdns_extra.h.in | 44 ++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 526cfa2f..0f6248e7 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1697,6 +1697,18 @@ getdns_str2int(const char *str, uint32_t *value);
  * Convert YAML text to a getdns_dict.
  *
  * @param  str   A textual representation of a getdns_dict.
+ *               The format is similar, but not precisely YAML.
+ *               - When str contains an IP or IPv6 address, it is converted
+ *                 to an getdns dict representation of that address.  This may contain
+ *                 a port, tls_port, tsig spec or tls authentication name in the same
+ *                 way as may be given with the `getdns_query` tool.  For example:
+ *                 `185.49.140.67:80#443` will result in the following getdns_dict:
+ *
+ *                      { address_type: "IPv4"
+ *                      , address_data: "185.49.140.67"
+ *                      , port: 80
+ *                      , tls_port: 443
+ *                      }
  * @param  dict The returned getdns_dict.
  * @return GETDNS_RETURN_GOOD on success or an error code on failure.
  */
@@ -1717,6 +1729,34 @@ getdns_yaml2list(const char *str, getdns_list **list);
  * Convert string text to a getdns_bindata.
  *
  * @param  str   A textual representation of a getdns_bindata
+ *               The format is similar, but not precisely YAML.
+ *               - Strings between double-quotes will be converted to bindata
+ *                 containers, but *without the trailing null byte*.
+ *                 For example: `{ suffix: [ "nlnetlabs.nl.", "nlnet.nl." ] }`
+ *               - bindata representation of IP or IPv6 addresses may be
+ *                 given in their presentation format.  For example:
+ *                 `{ dns_root_servers: [ 2001:7fd::1, 193.0.14.129 ] }`
+ *               - Arbitrary binary data may be given with a `0x` prefix,
+ *                 or in base64 encoding.
+ *                 For example:
+ *
+ *                      { add_opt_parameters:
+ *                        { options: [ { option_code: 10
+ *                                     , option_data: 0xA9E4EC50C03F5D65
+ *                                     } ]
+ *                        }
+ *                      }
+ *
+ *               - Wireformat domain name bindatas can be given with a trailing dot.
+ *                 For example:
+ *
+ *                      { upstream_recursive_servers:
+ *                        [ { address_data  : 2a04:b900:0:100::37
+ *                          , tsig_name     : hmac-md5.tsigs.getdnsapi.net.
+ *                          , tsig_algorithm: hmac-md5.sig-alg.reg.int.
+ *                          , tsig_secret : 16G69OTeXW6xSQ==
+ *                          } ]
+ *                      }
  * @param  bindata The returned getdns_bindata.
  * @return GETDNS_RETURN_GOOD on success or an error code on failure.
  */
@@ -1727,6 +1767,10 @@ getdns_yaml2bindata(const char *str, getdns_bindata **bindata);
  * Convert string text to a getdns 32 bits unsigned integer.
  *
  * @param  str   A textual representation of the integer.
+ *               The format is similar, but not precisely YAML.
+ *               - integer values may be given by the constant name.
+ *                 For example: `{ resolution_type: GETDNS_RESOLUTION_STUB }`
+ *                 or `{ specify_class: GETDNS_RRCLASS_CH }`
  * @param  value The returned integer.
  * @return GETDNS_RETURN_GOOD on success or an error code on failure.
  */

From f31eb517e0a20dd17b35737234d9a07e477b02e3 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 11:47:02 +0200
Subject: [PATCH 046/140] Lazy TA and time checking

---
 src/anchor.c  | 24 ++++++++++++++----------
 src/anchor.h  |  2 +-
 src/context.c |  3 ---
 src/dnssec.c  |  3 ---
 src/general.c |  8 +++++---
 5 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index ed594059..68300984 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -557,7 +557,7 @@ static ta_iter *ta_iter_init(ta_iter *ta, const char *doc, size_t doc_len)
 }
 
 static uint16_t _getdns_parse_xml_trust_anchors_buf(
-    gldns_buffer *gbuf, time_t now, char *xml_data, size_t xml_len)
+    gldns_buffer *gbuf, uint64_t *now_ms, char *xml_data, size_t xml_len)
 {
 	ta_iter ta_spc, *ta;
 	uint16_t ta_count = 0;
@@ -571,12 +571,14 @@ static uint16_t _getdns_parse_xml_trust_anchors_buf(
 	for ( ta = ta_iter_init(&ta_spc, (char *)xml_data, xml_len)
 	    ; ta; ta = ta_iter_next(ta)) {
 
-		if (now < ta->validFrom)
+		if (*now_ms == 0) *now_ms = _getdns_get_now_ms();
+		if ((time_t)(*now_ms / 1000) < ta->validFrom)
 			DEBUG_ANCHOR("Disregarding trust anchor "
 			    "%s for %s which is not yet valid",
 			    ta->keytag, ta->zone);
 
-		else if (ta->validUntil != 0 && now > ta->validUntil)
+		else if (ta->validUntil != 0
+		     && (time_t)(*now_ms / 1000) > ta->validUntil)
 			DEBUG_ANCHOR("Disregarding trust anchor "
 			    "%s for %s which is not valid anymore",
 			    ta->keytag, ta->zone);
@@ -646,7 +648,7 @@ static uint16_t _getdns_parse_xml_trust_anchors_buf(
 static uint8_t *tas_validate(struct mem_funcs *mf,
     const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
     const getdns_bindata *crt_bd, const char *p7signer,
-    time_t now, uint8_t *tas, size_t *tas_len)
+    uint64_t *now_ms, uint8_t *tas, size_t *tas_len)
 {
 	BIO *xml = NULL, *p7s = NULL, *crt = NULL;
 	X509 *x = NULL;
@@ -682,7 +684,7 @@ static uint8_t *tas_validate(struct mem_funcs *mf,
 
 		gldns_buffer_init_vfixed_frm_data(&gbuf, tas, *tas_len);
 
-		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now, 
+		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
 		    (char *)xml_bd->data, xml_bd->size))
 			DEBUG_ANCHOR("Failed to parse trust anchor XML data");
 
@@ -691,7 +693,7 @@ static uint8_t *tas_validate(struct mem_funcs *mf,
 			if ((success = GETDNS_XMALLOC(*mf, uint8_t, *tas_len))) {
 				gldns_buffer_init_frm_data(&gbuf, success, *tas_len);
 				if (!_getdns_parse_xml_trust_anchors_buf(&gbuf,
-				    now, (char *)xml_bd->data, xml_bd->size)) {
+				    now_ms, (char *)xml_bd->data, xml_bd->size)) {
 
 					DEBUG_ANCHOR("Failed to re-parse trust"
 					             " anchor XML data\n");
@@ -716,7 +718,8 @@ static uint8_t *tas_validate(struct mem_funcs *mf,
 	return success;
 }
 
-void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
+void _getdns_context_equip_with_anchor(
+    getdns_context *context, uint64_t *now_ms)
 {
 	uint8_t xml_spc[4096], *xml_data;
 	uint8_t p7s_spc[4096], *p7s_data = NULL;
@@ -784,7 +787,7 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 		gldns_buffer_init_vfixed_frm_data(
 		    &gbuf, ta_spc, sizeof(ta_spc));
 
-		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now, 
+		if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
 		    (char *)xml_data, xml_len))
 			DEBUG_ANCHOR("Failed to parse trust anchor XML data");
 		else if ((ta_len = gldns_buffer_position(&gbuf)) > sizeof(ta_spc)) {
@@ -792,7 +795,7 @@ void _getdns_context_equip_with_anchor(getdns_context *context, time_t now)
 				gldns_buffer_init_frm_data(&gbuf, ta,
 				    gldns_buffer_position(&gbuf));
 				if (!_getdns_parse_xml_trust_anchors_buf(
-				    &gbuf, now, (char *)xml_data, xml_len)) {
+				    &gbuf, now_ms, (char *)xml_data, xml_len)) {
 					DEBUG_ANCHOR("Failed to re-parse trust"
 					             " anchor XML data");
 					GETDNS_FREE(context->mf, ta);
@@ -997,6 +1000,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		const char *verify_email = NULL;
 		getdns_bindata verify_CA;
 		getdns_return_t r;
+		uint64_t now_ms = 0;
 
 		p7s_bd.data = a->tcp.read_buf;
 		p7s_bd.size = a->tcp.read_buf_len;
@@ -1017,7 +1021,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 				    , getdns_get_errorstr_by_id(r));
 
 		else if (!(tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
-		    &verify_CA, verify_email, time(NULL), tas, &tas_len)))
+		    &verify_CA, verify_email, &now_ms, tas, &tas_len)))
 			; /* pass */
 
 		else {
diff --git a/src/anchor.h b/src/anchor.h
index 56a6cbfe..fda7433b 100644
--- a/src/anchor.h
+++ b/src/anchor.h
@@ -38,7 +38,7 @@
 #include "getdns/getdns_extra.h"
 #include <time.h>
 
-void _getdns_context_equip_with_anchor(getdns_context *context, time_t now);
+void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
 
 void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop);
 
diff --git a/src/context.c b/src/context.c
index 71bbc4ba..1c303f61 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1600,9 +1600,6 @@ getdns_context_create_with_extended_memory_functions(
 #else
 	/* XXX implement Windows-style unlock here */
 #endif
-	if (result->trust_anchors_source == GETDNS_TASRC_NONE)
-		_getdns_context_equip_with_anchor(result, time(NULL));
-
 #ifdef HAVE_LIBUNBOUND
 	result->unbound_ctx = NULL;
 	if ((r = rebuild_ub_ctx(result)))
diff --git a/src/dnssec.c b/src/dnssec.c
index 2a137d7d..d166e91f 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3031,9 +3031,6 @@ static void check_chain_complete(chain_head *chain)
 		}
 
 	} else {
-		if (context->trust_anchors_source == GETDNS_TASRC_NONE)
-			_getdns_start_fetching_ta(context, dnsreq->loop);
-
 		if (context->trust_anchors_source == GETDNS_TASRC_FETCHING) {
 			dnsreq->waiting_for_ta = 1;
 			dnsreq->ta_notify = context->ta_notify;
diff --git a/src/general.c b/src/general.c
index 13fc4190..21448641 100644
--- a/src/general.c
+++ b/src/general.c
@@ -587,9 +587,11 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	req->is_sync_request = loop == &context->sync_eventloop.loop;
 
 	if (req->dnssec_return_status &&
-	    context->trust_anchors_source == GETDNS_TASRC_NONE)
-		_getdns_start_fetching_ta(context, loop);
-
+	    context->trust_anchors_source == GETDNS_TASRC_NONE) {
+		_getdns_context_equip_with_anchor(context, &now_ms);
+		if (context->trust_anchors_source == GETDNS_TASRC_NONE)
+			_getdns_start_fetching_ta(context, loop);
+	}
 	if (return_netreq_p)
 		*return_netreq_p = req->netreqs[0];
 

From 836c6515399c488428ef4837f4703ac7b45ecb40 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 12:25:25 +0200
Subject: [PATCH 047/140] Initial fixes from John to compile getdns on Windows

---
 configure.ac                     | 11 +++++++++--
 src/extension/select_eventloop.c |  2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 4eea1694..16c64d90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -232,7 +232,7 @@ esac
 
 
 DEFAULT_EVENTLOOP=select_eventloop
-AC_CHECK_HEADERS([sys/poll.h poll.h sys/resource.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([sys/poll.h poll.h sys/resource.h sys/types.h],,, [AC_INCLUDES_DEFAULT])
 AC_ARG_ENABLE(poll-eventloop, AC_HELP_STRING([--disable-poll-eventloop], [Disable default eventloop based on poll (default=enabled if available)]))
 case "$enable_poll_eventloop" in
 	no)
@@ -1286,9 +1286,12 @@ const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
 
 #ifdef USE_WINSOCK
+# ifndef  _CUSTOM_VSNPRINTF
+#  define _CUSTOM_VSNPRINTF
 static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
 { int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
-# define vsnprintf _gldns_custom_vsnprintf
+#  define vsnprintf _gldns_custom_vsnprintf
+# endif
 #endif
 
 #ifdef __cplusplus
@@ -1315,6 +1318,10 @@ static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *fo
 #include <sys/select.h>
 #endif
 
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 47769afd..348c7ab1 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -27,9 +27,9 @@
 
 #include "config.h"
 
-#include "extension/select_eventloop.h"
 #include "debug.h"
 #include "types-internal.h"
+#include "extension/select_eventloop.h"
 
 static uint64_t get_now_plus(uint64_t amount)
 {

From 6d29f7fb650ec2aabddf5f8d194afbb01f1490a8 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 15:14:00 +0200
Subject: [PATCH 048/140] Fix issues accumulated when tpkg didn't work

---
 src/Makefile.in                               |  4 +-
 src/anchor.c                                  |  2 +-
 src/const-info.c                              |  6 +++
 src/context.c                                 |  3 +-
 src/debug.h                                   | 46 +++++++++----------
 src/libgetdns.symbols                         |  6 +++
 .../330-event-loops-unit-tests.test           |  2 +
 src/test/tpkg/run-all-lcov.sh                 |  2 +-
 src/test/tpkg/run-all.sh                      |  2 +-
 src/test/tpkg/run-parallel.sh                 |  2 +-
 src/test/tpkg/tpkg                            | 11 +++--
 11 files changed, 53 insertions(+), 33 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index ded0c635..fedc0921 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -501,6 +501,8 @@ sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
  config.h
 strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
  config.h
+strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
+ config.h
 locks.lo locks.o: $(srcdir)/util/locks.c \
  config.h \
  $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
@@ -557,4 +559,4 @@ select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
  $(srcdir)/extension/select_eventloop.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
diff --git a/src/anchor.c b/src/anchor.c
index 68300984..8dc31d0a 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -721,7 +721,7 @@ static uint8_t *tas_validate(struct mem_funcs *mf,
 void _getdns_context_equip_with_anchor(
     getdns_context *context, uint64_t *now_ms)
 {
-	uint8_t xml_spc[4096], *xml_data;
+	uint8_t xml_spc[4096], *xml_data = NULL;
 	uint8_t p7s_spc[4096], *p7s_data = NULL;
 	size_t xml_len, p7s_len;
 	const char *verify_email = NULL;
diff --git a/src/const-info.c b/src/const-info.c
index 776e6795..9caf93cd 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -82,6 +82,9 @@ static struct const_info consts_info[] = {
 	{     622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
 	{     623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
 	{     624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
+	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL_TEXT },
+	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT },
+	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT },
 	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{     702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -174,6 +177,9 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL", 625 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA", 626 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL", 627 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
diff --git a/src/context.c b/src/context.c
index e44ce842..6f57143e 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4629,7 +4629,8 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 			GETDNS_FREE(context->mf, buf);
 			buf = NULL;
 		}
-		buf[*file_sz] = 0;
+		else
+			buf[*file_sz] = 0;
 	}
 	(void) fclose(f);
 	return buf;
diff --git a/src/debug.h b/src/debug.h
index 0ddc9400..9d181140 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -47,41 +47,41 @@
 
 #ifdef GETDNS_ON_WINDOWS
 #define DEBUG_ON(...) do { \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
-        time_t tsec; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
+		time_t tsec_dEbUgSyM; \
 		\
-		gettimeofday(&tv, NULL); \
-		tsec = (time_t) tv.tv_sec; \
-		gmtime_s(&tm, (const time_t *) &tsec); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		tsec = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #else
 #define DEBUG_ON(...) do { \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
 		\
-		gettimeofday(&tv, NULL); \
-		gmtime_r(&tv.tv_sec, &tm); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #endif
 
 #define DEBUG_NL(...) do { \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
 		\
-		gettimeofday(&tv, NULL); \
-		gmtime_r(&tv.tv_sec, &tm); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 		fprintf(stderr, "\n"); \
 	} while (0)
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 00b26848..6ef6a820 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -33,6 +33,9 @@ getdns_context_get_tls_authentication
 getdns_context_get_tls_backoff_time
 getdns_context_get_tls_connection_retries
 getdns_context_get_tls_query_padding_blocksize
+getdns_context_get_trust_anchor_url
+getdns_context_get_trust_anchor_verify_CA
+getdns_context_get_trust_anchor_verify_email
 getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
@@ -67,6 +70,9 @@ getdns_context_set_tls_authentication
 getdns_context_set_tls_backoff_time
 getdns_context_set_tls_connection_retries
 getdns_context_set_tls_query_padding_blocksize
+getdns_context_set_trust_anchor_url
+getdns_context_set_trust_anchor_verify_CA
+getdns_context_set_trust_anchor_verify_email
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
diff --git a/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test b/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
index 31a7dd1f..d34f8e8a 100644
--- a/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
+++ b/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
@@ -11,4 +11,6 @@ then
 	then
 		exit 1
 	fi
+else
+	exit 1
 fi
diff --git a/src/test/tpkg/run-all-lcov.sh b/src/test/tpkg/run-all-lcov.sh
index 8a083980..38f4b51a 100755
--- a/src/test/tpkg/run-all-lcov.sh
+++ b/src/test/tpkg/run-all-lcov.sh
@@ -25,4 +25,4 @@ do
 done
 lcov $LCOV_MERGE -o run-all.info
 genhtml run-all.info --output-directory coverage-html
-"${TPKG}" r
+"${TPKG}" -n -1 r
diff --git a/src/test/tpkg/run-all.sh b/src/test/tpkg/run-all.sh
index 2c1a23f8..94a5623a 100755
--- a/src/test/tpkg/run-all.sh
+++ b/src/test/tpkg/run-all.sh
@@ -17,4 +17,4 @@ do
 	# trap keyboard interrupt (control-c)
 	trap control_c 2
 done
-"${TPKG}" r
+"${TPKG}" -n -1 r
diff --git a/src/test/tpkg/run-parallel.sh b/src/test/tpkg/run-parallel.sh
index a3ef22e0..1bde085a 100755
--- a/src/test/tpkg/run-parallel.sh
+++ b/src/test/tpkg/run-parallel.sh
@@ -31,7 +31,7 @@ do
 	fi
 done
 echo "${ALL}" >> Makefile
-printf '\t"%s" r\n\n' "${TPKG}" >> Makefile
+printf '\t"%s" -n -1 r\n\n' "${TPKG}" >> Makefile
 printf 'clean:\n\t"%s" clean\n\trm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info\n\n' "${TPKG}" >> Makefile
 for P in ${OTHERS}
 do
diff --git a/src/test/tpkg/tpkg b/src/test/tpkg/tpkg
index 0eddaedb..3701b723 100755
--- a/src/test/tpkg/tpkg
+++ b/src/test/tpkg/tpkg
@@ -193,6 +193,8 @@ function usage() {
         out " -p PRI\tlog using PRI as priority"
         out " -k\t\tdon't remove test directory when creating/executing a tpkg package"
         out " -n NUM\tif less than NUM of the tests are passed exit with 1"
+        out " \t\tOtherwise exit with 0.  When NUM is -1, no tests may fail"
+	out " \t\tOnly valid when running tpkg report"
         out " \t\tOtherwise exit with 0. Only valid when running tpkg report"
 	out " -b DIR\tuse DIR is a base directory in stead of ."
 	out " -a ARGS\tpass the string ARGS through to the test scripts"
@@ -330,11 +332,12 @@ function report() {
                 if [[ $passed -lt $TPKG_PASS ]]; then
                         exit 1
                 fi
-	elif [[ $failed -gt 0 ]]; then
-		exit 1
-	else
-        	exit 0
+	elif [[  $TPKG_PASS -lt 0 ]]; then
+		if [[ $failed -gt 0 ]]; then
+			exit 1
+		fi
         fi
+	exit 0
 }
 
 # clone test1 to test2

From 96c6e49ae5ffa4f351d1c71f0369e09ce405b3ca Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 15:26:40 +0200
Subject: [PATCH 049/140] Use the on windows compilable stubby

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 61142309..9f73cacf 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 6114230904d9413514d521358ca7956aac99e822
+Subproject commit 9f73cacf3b85e85c2b459543442d33a7660fce2d

From 57e6487d76f95e6e08ca45e792e16c8923e631b1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 16:02:37 +0200
Subject: [PATCH 050/140] Some more fixes specific to travis

---
 .travis.yml                                   |  1 +
 src/anchor.c                                  |  6 ++-
 src/context.h                                 |  2 +-
 .../330-event-loops-unit-tests.test           | 39 +++++++++++++++++--
 4 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index d46dd307..a2f8b3b8 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,6 +11,7 @@ addons:
     - check
     - libevent-dev
     - libev-dev
+    - libuv-dev
     - valgrind
     - clang
     - wget
diff --git a/src/anchor.c b/src/anchor.c
index 8dc31d0a..498ab7ca 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -812,7 +812,8 @@ void _getdns_context_equip_with_anchor(
 			context->trust_anchors_len = ta_len;
 			context->trust_anchors_source = GETDNS_TASRC_XML;
 		}
-		DEBUG_ANCHOR("ta: %p, ta_len: %d\n", context->trust_anchors, (int)context->trust_anchors_len);
+		DEBUG_ANCHOR("ta: %p, ta_len: %d\n",
+		    (void *)context->trust_anchors, (int)context->trust_anchors_len);
 		
 	} else {
 		DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
@@ -1092,7 +1093,8 @@ static void tas_read_cb(void *userarg)
 		assert(n <= (ssize_t)a->tcp.to_read);
 
 		DEBUG_ANCHOR("read: %d bytes at %p, for doc %p of size %d\n",
-		    (int)n, a->tcp.read_pos, a->tcp.read_buf, (int)a->tcp.read_buf_len);
+		    (int)n, (void *)a->tcp.read_pos
+		          , (void *)a->tcp.read_buf, (int)a->tcp.read_buf_len);
 		a->tcp.read_pos += n;
 		a->tcp.to_read -= n;
 		if (a->tcp.to_read == 0)
diff --git a/src/context.h b/src/context.h
index 9d25e382..9bab5199 100644
--- a/src/context.h
+++ b/src/context.h
@@ -335,7 +335,7 @@ struct getdns_context {
 	tas_connection        aaaa;
 	uint8_t               tas_hdr_spc[512];
 
-	_getdns_property      can_write_appdata : 2;
+	_getdns_property      can_write_appdata;
 
 	const char           *root_anchor_url;
 	const char           *root_anchor_verify_CA;
diff --git a/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test b/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
index d34f8e8a..10ab6ded 100644
--- a/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
+++ b/src/test/tpkg/330-event-loops-unit-tests.tpkg/330-event-loops-unit-tests.test
@@ -5,12 +5,43 @@
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
 cd "${BUILDDIR}/build-event-loops"
-if make -j 4 test
+make -j 4 test
+if test -e "${BUILDDIR}/build-event-loops/src/test/fails"
 then
-	if test -e "${BUILDDIR}/build-event-loops/src/test/fails"
+	if test -e "${BUILDDIR}/build-event-loops/src/test/check_getdns.failed"
 	then
-		exit 1
+		echo ""
+		echo "********************"
+		echo "*** check_getdns ***"
+		echo "********************"
+		cat "${BUILDDIR}/build-event-loops/src/test/check_getdns.log"
+	fi
+	if test -e "${BUILDDIR}/build-event-loops/src/test/check_getdns_event.failed"
+	then
+		echo ""
+		echo "**************************"
+		echo "*** check_getdns_event ***"
+		echo "**************************"
+		cat "${BUILDDIR}/build-event-loops/src/test/check_getdns_event.log"
+	fi
+	if test -e "${BUILDDIR}/build-event-loops/src/test/check_getdns_ev.failed"
+	then
+		echo ""
+		echo "***********************"
+		echo "*** check_getdns_ev ***"
+		echo "***********************"
+		cat "${BUILDDIR}/build-event-loops/src/test/check_getdns_ev.log"
+	fi
+	if test -e "${BUILDDIR}/build-event-loops/src/test/check_getdns_uv.failed"
+	then
+		echo ""
+		echo "***********************"
+		echo "*** check_getdns_uv ***"
+		echo "***********************"
+		cat "${BUILDDIR}/build-event-loops/src/test/check_getdns_uv.log"
 	fi
-else
 	exit 1
+else
+	exit 0
 fi
+

From e6051976dd85f88e819c79612232f011896b3707 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 16:32:53 +0200
Subject: [PATCH 051/140] travis specific fixed

---
 src/anchor.c                                              | 3 ++-
 src/test/tpkg/310-dependencies.tpkg/310-dependencies.test | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/anchor.c b/src/anchor.c
index 498ab7ca..ab48cb6a 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -850,7 +850,7 @@ static inline const char * rt_str(uint16_t rt)
 
 static int tas_busy(tas_connection *a)
 {
-	return a->req != NULL;
+	return a && a->req != NULL;
 }
 
 static int tas_fetching(tas_connection *a)
@@ -982,6 +982,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 	    (int)a->tcp.read_buf_len, (char *)a->tcp.read_buf);
 
 	assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
+	assert(context);
 
 	if (a->state == TAS_READ_XML_DOC) {
 		if (a->xml.data)
diff --git a/src/test/tpkg/310-dependencies.tpkg/310-dependencies.test b/src/test/tpkg/310-dependencies.tpkg/310-dependencies.test
index 985c420d..ef88d699 100644
--- a/src/test/tpkg/310-dependencies.tpkg/310-dependencies.test
+++ b/src/test/tpkg/310-dependencies.tpkg/310-dependencies.test
@@ -15,6 +15,11 @@ find . -type f -name "Makefile.in" -print0 | xargs -0 rm -f  && (
 )
 (
 	cd "${BUILDDIR}/build-event-loops"
+	if test "`hostname`" != "bonobo"
+	then
+		echo Sorry, running dependency test on bonobo only
+		exit 0
+	fi
 	if ! ./config.status --config | grep -q 'enable-all-drafts.*--with-libevent.*--with-libev.*--with-libuv'
 	then
 		echo Skipping because not covering enough code

From aa74c0a3d5596178e07729f7359842e59913535a Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 16:43:10 +0200
Subject: [PATCH 052/140] One more pleasing travis fix

---
 src/extension/libuv.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/extension/libuv.c b/src/extension/libuv.c
index ec9257be..f1b7114e 100644
--- a/src/extension/libuv.c
+++ b/src/extension/libuv.c
@@ -172,6 +172,9 @@ getdns_libuv_timeout_cb(uv_timer_t *timer, int status)
 #endif
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
+#ifndef HAVE_NEW_UV_TIMER_CB
+	(void)status;
+#endif
         assert(el_ev->timeout_cb);
 	DEBUG_UV("enter libuv_timeout_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);

From 89809291509768d88c0c9863b3cbedbbcc616826 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 17:16:54 +0200
Subject: [PATCH 053/140] Check whether -D_POSIX is needed for sigset_t

---
 configure.ac | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/configure.ac b/configure.ac
index 16c64d90..accad7c0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -584,6 +584,28 @@ if test "$USE_WINSOCK" = 1; then
 	LIBS="$LIBS -lgdi32 -liphlpapi"
 fi
 
+dnl Check if -D_POSIX is needed for sigset_t
+
+AC_CHECK_TYPE([sigset_t], [
+	AC_MSG_NOTICE(-D_POSIX is NOT needed for the sigset_t type)
+], [
+	BACKCFLAGS="$CFLAGS"
+	CFLAGS="-D_POSIX $CFLAGS"
+	AC_CHECK_TYPE([sigset_t], [
+		AC_MSG_NOTICE(-D_POSIX is needed for the sigset_t type)
+	], [
+		AC_MSG_NOTICE(Unclear whether -D_POSIX is needed for the sigset_t type)
+		BACKCFLAGS="$CFLAGS"
+	], [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+	])
+], [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+])
 
 my_with_libidn=1
 AC_ARG_WITH(libidn, AS_HELP_STRING([--with-libidn=pathname],

From 40295075adecf907bf65da0865b90c5e2e4fa742 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 14 Sep 2017 17:34:39 +0200
Subject: [PATCH 054/140] Update stubby submodule

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 9f73cacf..6d97f432 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 9f73cacf3b85e85c2b459543442d33a7660fce2d
+Subproject commit 6d97f4323f2706a2dfcffc7172bd3f71223974a8

From 463855d274293a7d9bd202dea5d76731a226eb57 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 16 Sep 2017 18:16:21 +0200
Subject: [PATCH 055/140] Writability test for application data

---
 src/anchor.c  |  18 +++--
 src/context.c | 213 +++++++++++++++++++++++++++++++++++++++-----------
 src/context.h |   4 +-
 3 files changed, 183 insertions(+), 52 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index ab48cb6a..8a615657 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -1029,9 +1029,9 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		else {
 			context->trust_anchors = tas;
 			context->trust_anchors_len = tas_len;
-			_getdns_context_write_priv_file(
+			(void) _getdns_context_write_priv_file(
 			    context, "root-anchors.xml", &a->xml);
-			_getdns_context_write_priv_file(
+			(void) _getdns_context_write_priv_file(
 			    context, "root-anchors.p7s", &p7s_bd);
 			tas_success(context, a);
 			return;
@@ -1403,7 +1403,7 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 		GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 2000,
 		    getdns_eventloop_event_init(&a->event, a->req->owner,
 		    NULL, tas_write_cb, tas_timeout_cb));
-		DEBUG_ANCHOR("Scheduled write\n");
+		DEBUG_ANCHOR("Scheduled write with event\n");
 		return;
 	} else
 		DEBUG_ANCHOR("Connect error: %s\n", strerror(errno));
@@ -1420,8 +1420,11 @@ static void tas_happy_eyeballs_cb(void *userarg)
 	assert(dnsreq->netreqs[0]->request_type == GETDNS_RRTYPE_A);
 	if (tas_fetching(&context->aaaa))
 		return;
-	else
+	else {
+		DEBUG_ANCHOR("AAAA came too late, clearing Happy Eyeballs timer\n");
+		GETDNS_CLEAR_EVENT(context->a.loop, &context->a.event);
 		tas_connect(context, &context->a);
+	}
 }
 
 static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
@@ -1494,7 +1497,12 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 	const char *verify_CA;
 	const char *verify_email;
 
-	if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
+	if (!_getdns_context_can_write_appdata(context)) {
+		DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
+		             "non writeable appdata directory\n", __FUNC__);
+		return;
+
+	} else if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
 		             ": \"%s\"", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
diff --git a/src/context.c b/src/context.c
index 6f57143e..89a86005 100644
--- a/src/context.c
+++ b/src/context.c
@@ -41,6 +41,7 @@
 #include <arpa/inet.h>
 #include <sys/time.h>
 #include <netdb.h>
+#include <pwd.h>
 #else
 #include <winsock2.h>
 #include <iphlpapi.h>
@@ -4601,82 +4602,202 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict)
 	return r;
 }
 
+static size_t _getdns_get_appdata(char *path)
+{
+	size_t len;
+
+#ifdef USE_WINSOCK
+# define APPDATA_SUBDIR "getdns"
+
+	if (! SUCCEEDED(SHGetFolderPath(NULL,
+	    CSIDL_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, path)))
+		DEBUG_ANCHOR("ERROR %s(): Could not get \%AppData\% directory\n"
+		            , __FUNC__);
+
+	else if ((len = strlen(path)) + sizeof(APPDATA_SUBDIR) + 2 >= PATH_MAX)
+		DEBUG_ANCHOR("ERROR %s(): Home path too long for appdata\n"
+		            , __FUNC__);
+#else
+# define APPDATA_SUBDIR ".getdns"
+	struct passwd *p = getpwuid(getuid());
+	char *home = NULL;
+
+	if (!(home = p ? p->pw_dir : getenv("HOME")))
+		DEBUG_ANCHOR("ERROR %s(): Could not get home directory\n"
+		            , __FUNC__);
+
+	else if ((len = strlen(home)) + sizeof(APPDATA_SUBDIR) + 2 >= PATH_MAX)
+		DEBUG_ANCHOR("ERROR %s(): Home path too long for appdata\n"
+		            , __FUNC__);
+
+	else if (!strcpy(path, home))
+		; /* strcpy returns path always */
+#endif
+	else {
+		if (len == 0 || (  path[len - 1] != '/'
+		                && path[len - 1] != '\\')) {
+			path[len++] = '/';
+			path[len  ] = '\0';
+		}
+		(void) strcpy(path + len, APPDATA_SUBDIR);
+		len += sizeof(APPDATA_SUBDIR) - 1;
+
+		if (mkdir(path, 0755) < 0 && errno != EEXIST)
+			DEBUG_ANCHOR("ERROR %s(): Could not mkdir %s: %s\n"
+				    , __FUNC__, path, strerror(errno));
+		else {
+			path[len++] = '/';
+			path[len  ] = '\0';
+			return len;
+		}
+	}
+	return 0;
+}
+
 uint8_t *_getdns_context_get_priv_file(getdns_context *context,
     const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz)
 {
 	char path[PATH_MAX];
-	int n;
-	FILE *f;
+	FILE *f = NULL;
+	size_t len;
 
-	n = snprintf(path, sizeof(path), "%s/.getdns/%s", getenv("HOME"), fn);
-	if (n < 0 || n > PATH_MAX)
-		return NULL;
+	if (!(len = _getdns_get_appdata(path)))
+		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
+		            , __FUNC__);
 
-	if (!(f = fopen(path, "r")))
-		return NULL;
+	else if (len + strlen(fn) >= sizeof(path))
+		DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__);
 
-	if ((*file_sz = fread(buf, 1, buf_len, f)) < (buf_len  - 1) && feof(f))
+	else if (!strcpy(path + len, fn))
+		; /* strcpy returns path + len always */
+
+	else if (!(f = fopen(path, "r")))
+		DEBUG_ANCHOR("ERROR %s(): Opening \"%s\": %s\n"
+		            , __FUNC__, path, strerror(errno));
+
+	else if ((*file_sz = fread(buf, 1, buf_len, f)) < (buf_len  - 1) && feof(f)) {
 		buf[*file_sz] = 0;
-
+		(void) fclose(f);
+		return buf;
+	}
 	else if (fseek(f, 0, SEEK_END) < 0)
-		buf = NULL;
+		DEBUG_ANCHOR("ERROR %s(): Determining size of \"%s\": %s\n"
+		            , __FUNC__, path, strerror(errno));
 
-	else if ((buf = GETDNS_XMALLOC(
-	    context->mf, uint8_t, (buf_len = ftell(f) + 1)))) {
+	else if (!(buf = GETDNS_XMALLOC(
+	    context->mf, uint8_t, (buf_len = ftell(f) + 1))))
+		DEBUG_ANCHOR("ERROR %s(): Allocating %d memory for \"%s\"\n"
+		            , __FUNC__, (int)buf_len, path);
 
+	else {
 		rewind(f);
 		if ((*file_sz = fread(buf, 1, buf_len, f)) >= buf_len || !feof(f)) {
 			GETDNS_FREE(context->mf, buf);
-			buf = NULL;
+			DEBUG_ANCHOR("ERROR %s(): Reading \"%s\": %s\n"
+				    , __FUNC__, path, strerror(errno));
 		}
-		else
+		else {
 			buf[*file_sz] = 0;
+			(void) fclose(f);
+			return buf;
+		}
 	}
-	(void) fclose(f);
-	return buf;
+	if (f)
+		(void) fclose(f);
+	return NULL;
 }
 
-void _getdns_context_write_priv_file(getdns_context *context,
+
+int _getdns_context_write_priv_file(getdns_context *context,
     const char *fn, getdns_bindata *content)
 {
 	char path[PATH_MAX], tmpfn[PATH_MAX];
-	int n, fd;
-	FILE *f;
+	int fd = -1;
+	FILE *f = NULL;
+	size_t len;
 
-	(void)context;
+	if (!(len = _getdns_get_appdata(path)))
+		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
+		            , __FUNC__);
 
-	DEBUG_ANCHOR("%s\n", __FUNC__);
+	else if (len + 6          >= sizeof(tmpfn)
+	     ||  len + strlen(fn) >= sizeof(path))
+		DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__);
 
-	n = snprintf( path, sizeof( path), "%s/.getdns/%s"  , getenv("HOME"), fn);
-	if (n < 0 || n > PATH_MAX) {
-		DEBUG_ANCHOR("Could not create filename for writing\n");
-		return;
-	}
 
-	n = snprintf(tmpfn, sizeof(tmpfn), "%s/.getdns/XXXXXX", getenv("HOME"));
-	if (n < 0 || n > PATH_MAX) {
-		DEBUG_ANCHOR("Could not create tmpfn for writing\n");
-		return;
-	}
+	else if (snprintf(tmpfn, sizeof(tmpfn), "%sXXXXXX", path) < 0)
+		DEBUG_ANCHOR("ERROR %s(): Creating temporary filename template\n"
+		            , __FUNC__);
 
-	if ((fd = mkstemp(tmpfn)) < 0) {
-		DEBUG_ANCHOR("Could not create temporary file from \"%s\": %s\n",
-		    tmpfn, strerror(errno));
-		return;
-	}
+	else if (!strcpy(path + len, fn))
+		; /* strcpy returns path + len always */
 
-	if (!(f = fdopen(fd, "w"))) {
-		close(fd);
-		return;
-	}
-	if (fwrite(content->data, 1, content->size, f) != content->size)
-		fclose(f);
+	else if ((fd = mkstemp(tmpfn)) < 0)
+		DEBUG_ANCHOR("ERROR %s(): Creating temporary file: %s\n"
+		            , __FUNC__, strerror(errno));
+
+	else if (!(f = fdopen(fd, "w")))
+		DEBUG_ANCHOR("ERROR %s(): Opening temporary file: %s\n"
+		            , __FUNC__, strerror(errno));
+
+	else if (fwrite(content->data, 1, content->size, f) < content->size)
+		DEBUG_ANCHOR("ERROR %s(): Writing temporary file: %s\n"
+		            , __FUNC__, strerror(errno));
+
+	else if (fclose(f) < 0)
+		DEBUG_ANCHOR("ERROR %s(): Closing temporary file: %s\n"
+		            , __FUNC__, strerror(errno));
+
+	else if (rename(tmpfn, path) < 0)
+		DEBUG_ANCHOR("ERROR %s(): Renaming temporary file: %s\n"
+		            , __FUNC__, strerror(errno));
 	else {
-		fclose(f);
-		if (rename(tmpfn, path) == -1)
-			DEBUG_ANCHOR("Could not mv \"%s\" \"%s\": %s\n",
-			    tmpfn, path, strerror(errno));
+		context->can_write_appdata = PROP_ABLE;
+		return 1;
 	}
+	if (f)
+		(void) fclose(f);
+
+	else if (fd >= 0)
+		(void) close(fd);
+
+	context->can_write_appdata = PROP_UNABLE;
+	return 0;
+}
+
+int _getdns_context_can_write_appdata(getdns_context *context)
+{
+	char test_fn[30], path[PATH_MAX];
+	size_t len;
+	getdns_bindata test_content = { 4, (void *)"TEST" };
+
+	if (context->can_write_appdata == PROP_ABLE)
+		return 1;
+
+	else if (context->can_write_appdata == PROP_UNABLE)
+		return 0;
+
+	(void) snprintf( test_fn, sizeof(test_fn)
+	               , "write-test-%d.tmp", arc4random());
+
+	if (!_getdns_context_write_priv_file(context, test_fn, &test_content))
+		return 0;
+
+	if (!(len = _getdns_get_appdata(path)))
+		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
+		            , __FUNC__);
+
+	else if (len + strlen(test_fn) >= sizeof(path))
+		DEBUG_ANCHOR("ERROR %s(): Application data too long\n", __FUNC__);
+
+	else if (!strcpy(path + len, test_fn))
+		; /* strcpy returns path + len always */
+
+	else if (unlink(path) < 0)
+		DEBUG_ANCHOR("ERROR %s(): Unlinking write test file \"%s\": %s\n"
+		            , __FUNC__, path, strerror(errno));
+
+	return 1;
 }
 
 getdns_return_t
diff --git a/src/context.h b/src/context.h
index 9bab5199..8acc8466 100644
--- a/src/context.h
+++ b/src/context.h
@@ -548,9 +548,11 @@ void _getdns_upstream_shutdown(getdns_upstream *upstream);
 uint8_t *_getdns_context_get_priv_file(getdns_context *context,
     const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
 
-void _getdns_context_write_priv_file(getdns_context *context,
+int _getdns_context_write_priv_file(getdns_context *context,
     const char *fn, getdns_bindata *content);
 
+int _getdns_context_can_write_appdata(getdns_context *context);
+
 void _getdns_upstream_reset(getdns_upstream *upstream);
 
 #endif /* _GETDNS_CONTEXT_H_ */

From 737f49d2cc297f0aebcb90ef5a2a4c8c766fd856 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 18 Sep 2017 09:59:22 +0200
Subject: [PATCH 056/140] Setup libunbound ta's after processing XML

---
 src/anchor.c  |  2 ++
 src/general.c | 10 +++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 8a615657..62a7786f 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -803,6 +803,7 @@ void _getdns_context_equip_with_anchor(
 					context->trust_anchors = ta;
 					context->trust_anchors_len = ta_len;
 					context->trust_anchors_source = GETDNS_TASRC_XML;
+					_getdns_ta_notify_dnsreqs(context);
 				}
 			} else
 				DEBUG_ANCHOR("Could not allocate space for XML file");
@@ -811,6 +812,7 @@ void _getdns_context_equip_with_anchor(
 			context->trust_anchors = context->trust_anchors_spc;
 			context->trust_anchors_len = ta_len;
 			context->trust_anchors_source = GETDNS_TASRC_XML;
+			_getdns_ta_notify_dnsreqs(context);
 		}
 		DEBUG_ANCHOR("ta: %p, ta_len: %d\n",
 		    (void *)context->trust_anchors, (int)context->trust_anchors_len);
diff --git a/src/general.c b/src/general.c
index 21448641..8ca253b9 100644
--- a/src/general.c
+++ b/src/general.c
@@ -571,11 +571,6 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	if (extensions && (r = validate_extensions(extensions)))
 		return r;
 
-	/* Set up the context assuming we won't use the specified namespaces.
-	   This is (currently) identical to setting up a pure DNS namespace */
-	if ((r = _getdns_context_prepare_for_resolution(context, 0)))
-		return r;
-
 	/* create the request */
 	if (!(req = _getdns_dns_req_new(
 	    context, loop, name, request_type, extensions, &now_ms)))
@@ -592,6 +587,11 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 		if (context->trust_anchors_source == GETDNS_TASRC_NONE)
 			_getdns_start_fetching_ta(context, loop);
 	}
+	/* Set up the context assuming we won't use the specified namespaces.
+	   This is (currently) identical to setting up a pure DNS namespace */
+	if ((r = _getdns_context_prepare_for_resolution(context, 0)))
+		return r;
+
 	if (return_netreq_p)
 		*return_netreq_p = req->netreqs[0];
 

From e2ffaf3e07270d1889bee860f83f0a277bb5ab47 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 18 Sep 2017 11:49:43 +0200
Subject: [PATCH 057/140] Less activity to detect XML verify failure

---
 src/anchor.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 62a7786f..a2903b96 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -738,12 +738,21 @@ void _getdns_context_equip_with_anchor(
 			     " CA: \"%s\"\n", __FUNC__
 			    , getdns_get_errorstr_by_id(r));
 
+	else if (!verify_CA || !*verify_CA)
+		DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
+		             "disabled by empty verify CA\n");
+		return;
+
 	else if ((r = getdns_context_get_trust_anchor_verify_email(
 	    context, ".", &verify_email)))
 		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
 		             "address: \"%s\"\n", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
 
+	else if (!verify_email || !*verify_email)
+		DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
+		             "disabled by empty verify email\n");
+
 	else if (!(xml_data = _getdns_context_get_priv_file(context,
 	    "root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
 		DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n"
@@ -1499,12 +1508,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 	const char *verify_CA;
 	const char *verify_email;
 
-	if (!_getdns_context_can_write_appdata(context)) {
-		DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
-		             "non writeable appdata directory\n", __FUNC__);
-		return;
-
-	} else if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
+	if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
 		             ": \"%s\"", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
@@ -1517,10 +1521,11 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		            , getdns_get_errorstr_by_id(r));
 		return;
 
-	} else if (!*verify_CA) {
+	} else if (!verify_CA || !*verify_CA) {
 		DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
 		             "disabled by empty verify CA\n");
 		return;
+
 	} else if ((r = getdns_context_get_trust_anchor_verify_email(
 	    context, ".", &verify_email))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
@@ -1528,11 +1533,16 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		            , getdns_get_errorstr_by_id(r));
 		return;
 
-	} else if (!*verify_email) {
+	} else if (!verify_email || !*verify_email) {
 		DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
 		             "disabled by empty verify email address\n");
 		return;
-	}
+
+	} else if (!_getdns_context_can_write_appdata(context)) {
+		DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
+		             "non writeable appdata directory\n", __FUNC__);
+		return;
+	} 
 	DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
 	DEBUG_ANCHOR("%s on the %ssynchronous loop\n", __FUNC__,
 	             loop == &context->sync_eventloop.loop ? "" : "a");

From 34d35f9e7935a2edaa16674e2db04fa801a23675 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 10:30:13 +0200
Subject: [PATCH 058/140] Track updating TA's with root DNSKEY rrset

---
 src/anchor.c       | 305 ++++++++++++++++++++++++++++++++++++++++++++-
 src/anchor.h       |  13 ++
 src/context.c      |  23 +++-
 src/context.h      |   5 +
 src/dnssec.c       |  15 +++
 src/general.c      |  12 +-
 src/gldns/keyraw.c |   2 +-
 src/gldns/keyraw.h |   2 +-
 8 files changed, 364 insertions(+), 13 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index a2903b96..86338d4f 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -45,9 +45,10 @@
 #include "gldns/parseutil.h"
 #include "gldns/gbuffer.h"
 #include "gldns/str2wire.h"
+#include "gldns/wire2str.h"
 #include "gldns/pkthdr.h"
+#include "gldns/keyraw.h"
 #include "general.h"
-#include "rr-iter.h"
 #include "util-internal.h"
 
 /* get key usage out of its extension, returns 0 if no key_usage extension */
@@ -741,7 +742,6 @@ void _getdns_context_equip_with_anchor(
 	else if (!verify_CA || !*verify_CA)
 		DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
 		             "disabled by empty verify CA\n");
-		return;
 
 	else if ((r = getdns_context_get_trust_anchor_verify_email(
 	    context, ".", &verify_email)))
@@ -1612,4 +1612,305 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		context->trust_anchors_source = GETDNS_TASRC_FETCHING;
 }
 
+
+static int _uint16_cmp(const void *a, const void *b)
+{ return (int)*(uint16_t *)a - (int)*(uint16_t *)b; }
+
+static int _uint8x16_cmp(const void *a, const void *b)
+{ return memcmp(a, b, RRSIG_RDATA_LEN); }
+
+static void
+_getdns_init_ksks(_getdns_ksks *ksks, _getdns_rrset *dnskey_set)
+{
+	_getdns_rrtype_iter *rr, rr_space;
+	_getdns_rrsig_iter  *rrsig, rrsig_space;
+
+	assert(ksks);
+	assert(dnskey_set);
+	assert(dnskey_set->rr_type == GETDNS_RRTYPE_DNSKEY);
+
+	ksks->n = 0;
+	for ( rr = _getdns_rrtype_iter_init(&rr_space, dnskey_set)
+	    ; rr && ksks->n < MAX_KSKS
+	    ; rr = _getdns_rrtype_iter_next(rr)) {
+
+		if (rr->rr_i.nxt - rr->rr_i.rr_type < 12
+		    || !(rr->rr_i.rr_type[11] & 1))
+			continue; /* Not a KSK */
+
+		ksks->ids[ksks->n++] = gldns_calc_keytag_raw(
+		    rr->rr_i.rr_type + 10,
+		    rr->rr_i.nxt - rr->rr_i.rr_type - 10);
+	}
+	qsort(ksks->ids, ksks->n, sizeof(uint16_t), _uint16_cmp);
+
+	ksks->n_rrsigs = 0;
+	for ( rrsig = _getdns_rrsig_iter_init(&rrsig_space, dnskey_set)
+	    ; rrsig && ksks->n_rrsigs < MAX_KSKS
+	    ; rrsig = _getdns_rrsig_iter_next(rrsig)) {
+		
+		if (rrsig->rr_i.nxt - rrsig->rr_i.rr_type < 28)
+			continue;
+
+		(void) memcpy(ksks->rrsigs[ksks->n_rrsigs++],
+		    rrsig->rr_i.rr_type + 12, RRSIG_RDATA_LEN);
+	}
+	qsort(ksks->rrsigs, ksks->n_rrsigs, RRSIG_RDATA_LEN, _uint8x16_cmp);
+}
+
+
+static int
+_getdns_ksks_equal(_getdns_ksks *a, _getdns_ksks *b)
+{
+	return a == b
+	    || (  a != NULL && b != NULL
+            && a->n == b->n
+	    && memcmp(a->ids, b->ids, a->n * sizeof(uint16_t)) == 0
+	    && a->n_rrsigs == b->n_rrsigs
+	    && memcmp(a->rrsigs, b->rrsigs, a->n_rrsigs * RRSIG_RDATA_LEN) == 0);
+}
+
+static void _getdns_context_read_root_ksk(getdns_context *context)
+{
+	FILE *fp;
+	struct gldns_file_parse_state pst;
+	size_t len, dname_len;
+	uint8_t buf_spc[4096], *buf = buf_spc, *ptr = buf_spc;
+	size_t buf_sz = sizeof(buf_spc);
+	_getdns_rrset root_dnskey;
+	uint8_t *root_dname = (uint8_t *)"\00";
+
+
+	if (!(fp = _getdns_context_get_priv_fp(context, "root.key")))
+		return;
+
+	for (;;) {
+		size_t n_rrs = 0;
+
+		*pst.origin = 0;
+		pst.origin_len = 1;
+		*pst.prev_rr = 0;
+		pst.prev_rr_len = 1;
+		pst.default_ttl = 0;
+		pst.lineno = 1;
+
+		(void) memset(buf, 0, 12);
+		ptr += 12;
+
+		while (!feof(fp)) {
+			len = buf + buf_sz - ptr;
+			dname_len = 0;
+			if (gldns_fp2wire_rr_buf(fp, ptr, &len, &dname_len, &pst))
+				break;
+			if ((ptr += len) > buf + buf_sz)
+				break;
+			if (len)
+				n_rrs += 1;
+			if (dname_len && dname_len < sizeof(pst.prev_rr)) {
+				memcpy(pst.prev_rr, ptr, dname_len);
+				pst.prev_rr_len = dname_len;
+			}
+		}
+		if (ptr <= buf + buf_sz) {
+			gldns_write_uint16(buf + GLDNS_ANCOUNT_OFF, n_rrs);
+			break;
+		}
+		rewind(fp);
+		if (buf == buf_spc)
+			buf_sz = 65536;
+		else {
+			GETDNS_FREE(context->mf, buf);
+			buf_sz *= 2;
+		}
+		if (!(buf = GETDNS_XMALLOC(context->mf, uint8_t, buf_sz))) {
+			DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
+			break;;
+		}
+		ptr = buf;
+	};
+	fclose(fp);
+	if (!buf)
+		return;
+
+	root_dnskey.name     = root_dname;
+	root_dnskey.rr_class = GETDNS_RRCLASS_IN;
+	root_dnskey.rr_type  = GETDNS_RRTYPE_DNSKEY;
+	root_dnskey.pkt      = buf;
+	root_dnskey.pkt_len  = ptr - buf;
+	root_dnskey.sections = SECTION_ANSWER;
+
+	_getdns_init_ksks(&context->root_ksk, &root_dnskey);
+
+	if (buf && buf != buf_spc)
+		GETDNS_FREE(context->mf, buf);
+}
+
+void
+_getdns_context_update_root_ksk(
+    getdns_context *context, _getdns_rrset *dnskey_set)
+{
+	_getdns_ksks root_ksk_seen;
+	_getdns_rrtype_iter *rr, rr_space;
+	_getdns_rrsig_iter  *rrsig, rrsig_space;
+	char str_spc[4096], *str_buf, *str_pos;
+	int sz_needed;
+	int remaining;
+	size_t str_sz = 0;
+	getdns_bindata root_key_bd;
+
+	_getdns_init_ksks(&root_ksk_seen, dnskey_set);
+	if (_getdns_ksks_equal(&context->root_ksk, &root_ksk_seen))
+		return; /* root DNSKEY rrset already known */
+
+	 /* Try to read root DNSKEY rrset from root.key  */
+	_getdns_context_read_root_ksk(context);
+	if (_getdns_ksks_equal(&context->root_ksk, &root_ksk_seen))
+		return; /* root DNSKEY rrset same as the safed one */
+
+	/* Different root DNSKEY rrset.  Perhaps because of failure to read
+	 * from disk.  If we cannot write to our appdata directory, bail out
+	 */
+	if (context->can_write_appdata == PROP_UNABLE)
+		return;
+
+	/* We might be able to write or we do not know whether we can write
+	 * to the appdata directory.  In the latter we'll try to write to
+	 * find out.  The section below converts the wireformat DNSKEY rrset
+	 * to presentationformat.
+	 */
+	str_pos = str_buf = str_spc;
+	remaining = sizeof(str_spc);
+	for (;;) {
+		for ( rr = _getdns_rrtype_iter_init(&rr_space, dnskey_set)
+		    ; rr ; rr = _getdns_rrtype_iter_next(rr)) {
+			
+			sz_needed = gldns_wire2str_rr_buf((uint8_t *)rr->rr_i.pos,
+			    rr->rr_i.nxt - rr->rr_i.pos, str_pos,
+			    (size_t)(remaining > 0 ? remaining : 0));
+
+			str_pos += sz_needed;
+			remaining -= sz_needed;
+		}
+		for ( rrsig = _getdns_rrsig_iter_init(&rrsig_space, dnskey_set)
+		    ; rrsig
+		    ; rrsig = _getdns_rrsig_iter_next(rrsig)) {
+			sz_needed = gldns_wire2str_rr_buf((uint8_t *)rrsig->rr_i.pos,
+			    rrsig->rr_i.nxt - rrsig->rr_i.pos, str_pos,
+			    (size_t)(remaining > 0 ? remaining : 0));
+
+			str_pos += sz_needed;
+			remaining -= sz_needed;
+		}
+		if (remaining > 0) {
+			*str_pos = 0;
+			if (str_buf == str_spc)
+				str_sz = sizeof(str_spc) - remaining;
+			break;
+		}
+		if (str_buf != str_spc) {
+			DEBUG_ANCHOR("ERROR %s(): Buffer size determination "
+			             "error\n", __FUNC__);
+			if (str_buf)
+				GETDNS_FREE(context->mf, str_buf);
+
+			return;
+		}
+		if (!(str_pos = str_buf = GETDNS_XMALLOC( context->mf, char,
+		    (str_sz = sizeof(str_spc) - remaining) + 1))) {
+			DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
+			return;
+		}
+		remaining = str_sz + 1;
+		DEBUG_ANCHOR("Retrying with buf size: %d\n", remaining);
+	};
+
+	/* Write presentation format DNSKEY rrset to "root.key" file */
+	root_key_bd.size = str_sz;
+	root_key_bd.data = (void *)str_buf;
+	if (_getdns_context_write_priv_file(
+	    context, "root.key", &root_key_bd)) {
+		size_t i;
+
+		/* A new "root.key" file was written.  When they contain
+		 * key_id's which are not in "root-anchors.xml", then update
+		 * "root-anchors.xml".
+		 */
+
+		for (i = 0; i < context->root_ksk.n; i++) {
+			_getdns_rrset_iter tas_iter_spc, *ta;
+
+			for ( ta = _getdns_rrset_iter_init(&tas_iter_spc
+						, context->trust_anchors
+			         		, context->trust_anchors_len
+			         		, SECTION_ANSWER)
+			    ; ta ; ta = _getdns_rrset_iter_next(ta)) {
+				_getdns_rrtype_iter *rr, rr_space;
+				_getdns_rrset *rrset;
+
+				if (!(rrset = _getdns_rrset_iter_value(ta)))
+					continue;
+
+				if (*rrset->name != '\0')
+					continue; /* Not a root anchor */
+
+				if (rrset->rr_type == GETDNS_RRTYPE_DS) {
+					for ( rr = _getdns_rrtype_iter_init(
+					           &rr_space, rrset)
+					    ; rr
+					    ; rr = _getdns_rrtype_iter_next(rr)
+					    ) {
+						if (rr->rr_i.nxt -
+						    rr->rr_i.rr_type < 12)
+							continue;
+
+						DEBUG_ANCHOR("DS with id: %d\n"
+						, (int)gldns_read_uint16(rr->rr_i.rr_type + 10));
+						if (gldns_read_uint16(
+						    rr->rr_i.rr_type + 10) ==
+						    context->root_ksk.ids[i])
+							break;
+					}
+					if (rr)
+						break;
+					continue;
+				}
+				if (rrset->rr_type != GETDNS_RRTYPE_DNSKEY)
+					continue;
+
+				for ( rr = _getdns_rrtype_iter_init(&rr_space
+				                                   , rrset)
+				    ; rr ; rr = _getdns_rrtype_iter_next(rr)) {
+
+
+					if (rr->rr_i.nxt-rr->rr_i.rr_type < 12
+					    || !(rr->rr_i.rr_type[11] & 1))
+						continue; /* Not a KSK */
+
+					if (gldns_calc_keytag_raw(
+					    rr->rr_i.rr_type + 10,
+					    rr->rr_i.nxt-rr->rr_i.rr_type - 10)
+					    == context->root_ksk.ids[i])
+						break;
+				}
+				if (rr)
+					break;
+			}
+			if (!ta) {
+				DEBUG_ANCHOR("NOTICE %s(): Key with id %d "
+				             "*not* found in TA.\n"
+				             "\"root-anchors.xml\" need "
+					     "updating.\n", __FUNC__
+				            , context->root_ksk.ids[i]);
+				context->trust_anchors_source =
+				    GETDNS_TASRC_XML_UPDATE;
+				break;
+			}
+			DEBUG_ANCHOR("DEBUG %s(): Key with id %d found in TA\n"
+			            , __FUNC__, context->root_ksk.ids[i]);
+		}
+	}
+	if (str_buf && str_buf != str_spc)
+		GETDNS_FREE(context->mf, str_buf);
+}
+
 /* anchor.c */
diff --git a/src/anchor.h b/src/anchor.h
index fda7433b..3c826384 100644
--- a/src/anchor.h
+++ b/src/anchor.h
@@ -37,10 +37,23 @@
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
 #include <time.h>
+#include "rr-iter.h"
 
 void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
 
 void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop);
 
+#define MAX_KSKS        16
+#define RRSIG_RDATA_LEN 16
+typedef struct _getdns_ksks {
+	size_t   n;
+	uint16_t ids[MAX_KSKS];
+	size_t   n_rrsigs;
+	uint8_t  rrsigs[MAX_KSKS][RRSIG_RDATA_LEN];
+} _getdns_ksks;
+
+void _getdns_context_update_root_ksk(
+    getdns_context *context, _getdns_rrset *dnskey_set);
+
 #endif
 /* anchor.h */
diff --git a/src/context.c b/src/context.c
index 89a86005..ae89a098 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1500,6 +1500,8 @@ getdns_context_create_with_extended_memory_functions(
 	    = _getdns_default_root_anchor_verify_email;
 	result->root_anchor_verify_CA = _getdns_default_root_anchor_verify_CA;
 
+	(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));
+
 	(void) memset(&result->a, 0, sizeof(result->a));
 	(void) memset(&result->aaaa, 0, sizeof(result->aaaa));
 	result->a.fd = -1;
@@ -4654,13 +4656,13 @@ static size_t _getdns_get_appdata(char *path)
 	return 0;
 }
 
-uint8_t *_getdns_context_get_priv_file(getdns_context *context,
-    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz)
+FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn)
 {
 	char path[PATH_MAX];
 	FILE *f = NULL;
 	size_t len;
 
+	(void) context;
 	if (!(len = _getdns_get_appdata(path)))
 		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
 		            , __FUNC__);
@@ -4675,6 +4677,17 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 		DEBUG_ANCHOR("ERROR %s(): Opening \"%s\": %s\n"
 		            , __FUNC__, path, strerror(errno));
 
+	return f;
+}
+
+uint8_t *_getdns_context_get_priv_file(getdns_context *context,
+    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz)
+{
+	FILE *f = NULL;
+
+	if (!(f = _getdns_context_get_priv_fp(context, fn)))
+		; /* pass */
+
 	else if ((*file_sz = fread(buf, 1, buf_len, f)) < (buf_len  - 1) && feof(f)) {
 		buf[*file_sz] = 0;
 		(void) fclose(f);
@@ -4682,19 +4695,19 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 	}
 	else if (fseek(f, 0, SEEK_END) < 0)
 		DEBUG_ANCHOR("ERROR %s(): Determining size of \"%s\": %s\n"
-		            , __FUNC__, path, strerror(errno));
+		            , __FUNC__, fn, strerror(errno));
 
 	else if (!(buf = GETDNS_XMALLOC(
 	    context->mf, uint8_t, (buf_len = ftell(f) + 1))))
 		DEBUG_ANCHOR("ERROR %s(): Allocating %d memory for \"%s\"\n"
-		            , __FUNC__, (int)buf_len, path);
+		            , __FUNC__, (int)buf_len, fn);
 
 	else {
 		rewind(f);
 		if ((*file_sz = fread(buf, 1, buf_len, f)) >= buf_len || !feof(f)) {
 			GETDNS_FREE(context->mf, buf);
 			DEBUG_ANCHOR("ERROR %s(): Reading \"%s\": %s\n"
-				    , __FUNC__, path, strerror(errno));
+				    , __FUNC__, fn, strerror(errno));
 		}
 		else {
 			buf[*file_sz] = 0;
diff --git a/src/context.h b/src/context.h
index 8acc8466..8225d10b 100644
--- a/src/context.h
+++ b/src/context.h
@@ -49,6 +49,7 @@
 #include "util/lruhash.h"
 #endif
 #include "rr-iter.h"
+#include "anchor.h"
 
 struct getdns_dns_req;
 struct ub_ctx;
@@ -99,6 +100,7 @@ typedef enum getdns_tasrc {
 	GETDNS_TASRC_APP,
 	GETDNS_TASRC_FETCHING,
 	GETDNS_TASRC_XML,
+	GETDNS_TASRC_XML_UPDATE,
 	GETDNS_TASRC_FAILED
 } getdns_tasrc;
 
@@ -341,6 +343,8 @@ struct getdns_context {
 	const char           *root_anchor_verify_CA;
 	const char           *root_anchor_verify_email;
 
+	_getdns_ksks          root_ksk;
+
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
@@ -545,6 +549,7 @@ void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
 
 void _getdns_upstream_shutdown(getdns_upstream *upstream);
 
+FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn);
 uint8_t *_getdns_context_get_priv_file(getdns_context *context,
     const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
 
diff --git a/src/dnssec.c b/src/dnssec.c
index d166e91f..4ea9fd97 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2998,6 +2998,11 @@ static void append_empty_ds2val_chain_list(
 	if (_getdns_list_append_this_dict(val_chain_list, rr_dict))
 		getdns_dict_destroy(rr_dict);
 }
+static inline chain_node *_to_the_root(chain_node *node)
+{
+	while (node->parent) node = node->parent;
+	return node;
+}
 
 static void check_chain_complete(chain_head *chain)
 {
@@ -3063,6 +3068,16 @@ static void check_chain_complete(chain_head *chain)
 		                          , context->trust_anchors_len
 		                          , SECTION_ANSWER));
 #endif
+	if (context->trust_anchors_source != GETDNS_TASRC_XML)
+		; /* pass  */
+
+	/* Find root key or query for it in full recursion... */
+	else if (!(head = chain) || !(node = _to_the_root(head->parent)))
+		; /* pass  */
+       	
+	else if (node->dnskey.name && *node->dnskey.name == 0)
+		_getdns_context_update_root_ksk(context, &node->dnskey);
+
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	if (    dnsreq->dnssec_roadblock_avoidance
 	    && !dnsreq->avoid_dnssec_roadblocks
diff --git a/src/general.c b/src/general.c
index 8ca253b9..60644115 100644
--- a/src/general.c
+++ b/src/general.c
@@ -581,11 +581,15 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	req->internal_cb = internal_cb;
 	req->is_sync_request = loop == &context->sync_eventloop.loop;
 
-	if (req->dnssec_return_status &&
-	    context->trust_anchors_source == GETDNS_TASRC_NONE) {
-		_getdns_context_equip_with_anchor(context, &now_ms);
-		if (context->trust_anchors_source == GETDNS_TASRC_NONE)
+	if (req->dnssec_return_status) {
+		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
 			_getdns_start_fetching_ta(context, loop);
+
+		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+			_getdns_context_equip_with_anchor(context, &now_ms);
+			if (context->trust_anchors_source == GETDNS_TASRC_NONE)
+				_getdns_start_fetching_ta(context, loop);
+		}
 	}
 	/* Set up the context assuming we won't use the specified namespaces.
 	   This is (currently) identical to setting up a pure DNS namespace */
diff --git a/src/gldns/keyraw.c b/src/gldns/keyraw.c
index 3f6f1a20..365d6a0e 100644
--- a/src/gldns/keyraw.c
+++ b/src/gldns/keyraw.c
@@ -95,7 +95,7 @@ gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
 	}
 }
 
-uint16_t gldns_calc_keytag_raw(uint8_t* key, size_t keysize)
+uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
 {
 	if(keysize < 4) {
 		return 0;
diff --git a/src/gldns/keyraw.h b/src/gldns/keyraw.h
index 60e2bfde..3d19e96f 100644
--- a/src/gldns/keyraw.h
+++ b/src/gldns/keyraw.h
@@ -44,7 +44,7 @@ size_t gldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
  * \param[in] keysize length of key data.
  * \return the keytag
  */
-uint16_t gldns_calc_keytag_raw(uint8_t* key, size_t keysize);
+uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize);
 
 #if GLDNS_BUILD_CONFIG_HAVE_SSL
 /** 

From e2abb8aff4077253fda1ca430094aaa610a5c341 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 11:44:21 +0200
Subject: [PATCH 059/140] Fetch TA when ZONE or APP TASRC and bogus answer

---
 src/dnssec.c | 85 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 74 insertions(+), 11 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 4ea9fd97..72800c9d 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2545,8 +2545,13 @@ static int chain_node_get_trusted_keys(
 	} else
 		return GETDNS_DNSSEC_BOGUS;
 
-	if (GETDNS_DNSSEC_SECURE != (s = chain_node_get_trusted_keys(
-	    mf, now, skew, node->parent, ta, keys)))
+	s = chain_node_get_trusted_keys(mf, now, skew, node->parent, ta, keys);
+	/* Set dnssec status on root DNSKEY request (for TA management) */
+	if (!node->parent && node->dnskey_req &&
+	     node->dnskey.name && *node->dnskey.name == 0)
+		node->dnskey_req->dnssec_status = s;
+
+	if (s != GETDNS_DNSSEC_SECURE)
 		return s;
 
 	/* keys is an authenticated dnskey rrset always now (i.e. ZSK) */
@@ -2751,6 +2756,33 @@ static void chain_set_netreq_dnssec_status(chain_head *chain, _getdns_rrset_iter
 		}
 	}
 }
+
+static void chain_clear_netreq_dnssec_status(chain_head *chain)
+{
+	chain_head *head;
+	size_t      node_count;
+	chain_node *node;
+
+	/* The netreq status is the worst for any head */
+	for (head = chain; head; head = head->next) {
+		if (!head->netreq)
+			continue;
+
+		head->netreq->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
+		for ( node_count = head->node_count, node = head->parent
+		    ; node_count ; node_count--, node = node->parent ) {
+
+			node->ds_signer = -1;
+			node->dnskey_signer = -1;
+
+			if ( ! node->parent && node->dnskey_req
+			    && node->dnskey.name && !*node->dnskey.name) {
+				node->dnskey_req->dnssec_status =
+				    GETDNS_DNSSEC_INDETERMINATE;
+			}
+		}
+	}
+}
 #endif
 
 /* The DNSSEC status of all heads for a chain structure is evaluated by 
@@ -3030,7 +3062,6 @@ static void check_chain_complete(chain_head *chain)
 			if (*d == dnsreq) {
 				*d = dnsreq->ta_notify;
 				dnsreq->ta_notify = NULL;
-				dnsreq->waiting_for_ta = 0;
 				break;
 			}
 		}
@@ -3068,15 +3099,46 @@ static void check_chain_complete(chain_head *chain)
 		                          , context->trust_anchors_len
 		                          , SECTION_ANSWER));
 #endif
-	if (context->trust_anchors_source != GETDNS_TASRC_XML)
-		; /* pass  */
-
-	/* Find root key or query for it in full recursion... */
-	else if (!(head = chain) || !(node = _to_the_root(head->parent)))
-		; /* pass  */
+	if (context->trust_anchors_source == GETDNS_TASRC_XML) {
+		if ((head = chain) && (node = _to_the_root(head->parent)) &&
+		    node->dnskey.name && *node->dnskey.name == 0)
+			_getdns_context_update_root_ksk(context,&node->dnskey);
        	
-	else if (node->dnskey.name && *node->dnskey.name == 0)
-		_getdns_context_update_root_ksk(context, &node->dnskey);
+	} else if (dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
+		DEBUG_ANCHOR("Request was bogus!\n");
+		if ((head = chain) && (node = _to_the_root(head->parent))
+		    && node->dnskey.name && *node->dnskey.name == 0
+		    && node->dnskey_req->dnssec_status == GETDNS_DNSSEC_BOGUS){
+
+			DEBUG_ANCHOR("ROOT DNSKEY set was bogus!\n");
+			if (!dnsreq->waiting_for_ta) {
+				uint64_t now = 0;
+
+				dnsreq->waiting_for_ta = 1;
+				_getdns_context_equip_with_anchor(
+				    context, &now);
+
+				if (context->trust_anchors_source
+				    == GETDNS_TASRC_XML) {
+					chain_clear_netreq_dnssec_status(chain);
+					check_chain_complete(chain);
+					return;
+				}
+				_getdns_start_fetching_ta(
+				    context,  dnsreq->loop);
+
+				if (dnsreq->waiting_for_ta &&
+				    context->trust_anchors_source
+				    == GETDNS_TASRC_FETCHING) {
+
+					chain_clear_netreq_dnssec_status(chain);
+					dnsreq->ta_notify = context->ta_notify;
+					context->ta_notify = dnsreq;
+					return;
+				}
+			}
+		}
+	}
 
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	if (    dnsreq->dnssec_roadblock_avoidance
@@ -3131,6 +3193,7 @@ static void check_chain_complete(chain_head *chain)
 		return;
 	}
 #endif
+	dnsreq->waiting_for_ta = 0;
 	val_chain_list = dnsreq->dnssec_return_validation_chain
 		? getdns_list_create_with_context(context) : NULL;
 

From f0f2afbca7bfce88266de7156e746f853d37b051 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 12:40:59 +0200
Subject: [PATCH 060/140] Fetch TA before resolve for full recursion too

---
 src/dnssec.c           | 24 ++++++++++++++++++----
 src/general.c          | 45 ++++++++++++++++++++++++++----------------
 src/request-internal.c |  1 +
 src/types-internal.h   |  1 +
 4 files changed, 50 insertions(+), 21 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 72800c9d..4079ae4f 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3263,6 +3263,7 @@ static void check_chain_complete(chain_head *chain)
 void _getdns_ta_notify_dnsreqs(getdns_context *context)
 {
 	getdns_dns_req **dnsreq_p, *dnsreq = NULL;
+	uint64_t now_ms = 0;
 
 	assert(context);
 
@@ -3272,14 +3273,29 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
 
 	dnsreq_p = &context->ta_notify;
 	while ((dnsreq = *dnsreq_p)) {
+		assert(dnsreq->waiting_for_ta);
 
-		assert(dnsreq->waiting_for_ta && dnsreq->chain);
+		if (dnsreq->chain) 
+			check_chain_complete(dnsreq->chain);
+		else {
+			getdns_network_req *netreq, **netreq_p;
+			int r = GETDNS_RETURN_GOOD;
 
-		check_chain_complete(dnsreq->chain);
+			 (void) _getdns_context_prepare_for_resolution(context, 0);
 
+			*dnsreq_p = dnsreq->ta_notify;
+			for ( netreq_p = dnsreq->netreqs
+			    ; !r && (netreq = *netreq_p)
+			    ; netreq_p++ ) {
+
+				if (!(r = _getdns_submit_netreq(netreq, &now_ms)))
+					continue;
+				if (r == DNS_REQ_FINISHED)
+					break;
+				_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
+			}
+		}
 		assert(*dnsreq_p != dnsreq);
-		/* if (*dnsreq_p == dnsreq)
-			dnsreq_p = &dnsreq->ta_notify; */
 	}
 }
 
diff --git a/src/general.c b/src/general.c
index 60644115..72e7840a 100644
--- a/src/general.c
+++ b/src/general.c
@@ -581,27 +581,37 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	req->internal_cb = internal_cb;
 	req->is_sync_request = loop == &context->sync_eventloop.loop;
 
-	if (req->dnssec_return_status) {
-		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
-			_getdns_start_fetching_ta(context, loop);
-
-		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
-			_getdns_context_equip_with_anchor(context, &now_ms);
-			if (context->trust_anchors_source == GETDNS_TASRC_NONE)
-				_getdns_start_fetching_ta(context, loop);
-		}
-	}
-	/* Set up the context assuming we won't use the specified namespaces.
-	   This is (currently) identical to setting up a pure DNS namespace */
-	if ((r = _getdns_context_prepare_for_resolution(context, 0)))
-		return r;
-
 	if (return_netreq_p)
 		*return_netreq_p = req->netreqs[0];
 
 	_getdns_context_track_outbound_request(req);
 
-	if (!usenamespaces)
+	if (req->dnssec_extension_set) {
+		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
+			_getdns_start_fetching_ta(context, loop);
+
+		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+			_getdns_context_equip_with_anchor(context, &now_ms);
+			if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+				_getdns_start_fetching_ta(context, loop);
+				if (context->trust_anchors_source
+						== GETDNS_TASRC_FETCHING
+				    && context->resolution_type
+						== GETDNS_RESOLUTION_RECURSING
+				    && context->resolution_type
+						!= context->resolution_type_set) {
+
+					req->waiting_for_ta = 1;
+					req->ta_notify = context->ta_notify;
+					context->ta_notify = req;
+					return GETDNS_RETURN_GOOD;
+				}
+			}
+		}
+	}
+	if (!usenamespaces) {
+		(void) _getdns_context_prepare_for_resolution(context, 0);
+
 		/* issue all network requests */
 		for ( netreq_p = req->netreqs
 		    ; !r && (netreq = *netreq_p)
@@ -616,7 +626,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 		}
 
-	else for (i = 0; i < context->namespace_count; i++) {
+	} else for (i = 0; i < context->namespace_count; i++) {
 		if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
 
 			if (!(r = _getdns_context_local_namespace_resolve(
@@ -650,6 +660,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 #endif /* HAVE_MDNS_SUPPORT */
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
+			(void) _getdns_context_prepare_for_resolution(context, 0);
 
 			/* TODO: We will get a good return code here even if
 			   the name is not found (NXDOMAIN). We should consider
diff --git a/src/request-internal.c b/src/request-internal.c
index 32f6611a..c5a5b0a9 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -914,6 +914,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		dnssec_return_full_validation_chain;
 	result->dnssec_return_validation_chain = dnssec_return_validation_chain
 	     || dnssec_return_full_validation_chain;
+	result->dnssec_extension_set           = dnssec_extension_set;
 	result->edns_cookies                   = edns_cookies;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	result->dnssec_roadblock_avoidance     = dnssec_roadblock_avoidance;
diff --git a/src/types-internal.h b/src/types-internal.h
index a827456a..56b7a2f0 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -300,6 +300,7 @@ typedef struct getdns_dns_req {
 	unsigned dnssec_return_all_statuses		: 1;
 	unsigned dnssec_return_validation_chain		: 1;
 	unsigned dnssec_return_full_validation_chain	: 1;
+	unsigned dnssec_extension_set                   : 1;
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	unsigned dnssec_roadblock_avoidance		: 1;
 	unsigned avoid_dnssec_roadblocks		: 1;

From 17d7ee79f23c26d23f77ce31e11485deaf247a31 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 12:44:14 +0200
Subject: [PATCH 061/140] Fix NULL pointer dereference

---
 src/dnssec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 4079ae4f..da0f92b1 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2770,7 +2770,7 @@ static void chain_clear_netreq_dnssec_status(chain_head *chain)
 
 		head->netreq->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
 		for ( node_count = head->node_count, node = head->parent
-		    ; node_count ; node_count--, node = node->parent ) {
+		    ; node && node_count ; node_count--, node = node->parent ) {
 
 			node->ds_signer = -1;
 			node->dnskey_signer = -1;

From 36943a438090a5229de06599a1950d495507a38e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 14:42:35 +0200
Subject: [PATCH 062/140] A dnsreq is bogus if any of its netreqs is

---
 src/dnssec.c  | 37 ++++++++++++++++++++++---------------
 src/dnssec.h  |  2 ++
 src/general.c | 33 ++++++++++++++++++++-------------
 3 files changed, 44 insertions(+), 28 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index da0f92b1..3a2fc866 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3036,6 +3036,17 @@ static inline chain_node *_to_the_root(chain_node *node)
 	return node;
 }
 
+int _getdns_bogus(getdns_dns_req *dnsreq)
+{
+	getdns_network_req **netreq_p, *netreq;
+
+	for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
+		if (netreq->dnssec_status == GETDNS_DNSSEC_BOGUS)
+			return 1;
+	}
+	return 0;
+}
+
 static void check_chain_complete(chain_head *chain)
 {
 	getdns_dns_req *dnsreq;
@@ -3075,22 +3086,13 @@ static void check_chain_complete(chain_head *chain)
 		}
 	}
 #ifdef STUB_NATIVE_DNSSEC
-	/* Perform validation only on GETDNS_RESOLUTION_STUB (unbound_id == -1)
-	 * Or when asked for the validation chain (to identify the RRSIGs that
-	 * signed the RRSETs, so that only those will be included in the
-	 * validation chain)
-	 * In any case we must have a trust anchor.
-	 */
-	if ((   chain->netreq->unbound_id == -1
-	     || dnsreq->dnssec_return_validation_chain)
-	    && context->trust_anchors)
+	if (context->trust_anchors)
 
 		chain_set_netreq_dnssec_status(chain,_getdns_rrset_iter_init(&tas_iter,
 		    context->trust_anchors, context->trust_anchors_len,
 		    SECTION_ANSWER));
 #else
-	if (dnsreq->dnssec_return_validation_chain
-	    && context->trust_anchors)
+	if (context->trust_anchors)
 
 		(void) chain_validate_dnssec(priv_getdns_context_mf(context),
 		    time(NULL), context->dnssec_allowed_skew,
@@ -3104,13 +3106,14 @@ static void check_chain_complete(chain_head *chain)
 		    node->dnskey.name && *node->dnskey.name == 0)
 			_getdns_context_update_root_ksk(context,&node->dnskey);
        	
-	} else if (dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
+	} else if (_getdns_bogus(dnsreq)) {
 		DEBUG_ANCHOR("Request was bogus!\n");
+
 		if ((head = chain) && (node = _to_the_root(head->parent))
 		    && node->dnskey.name && *node->dnskey.name == 0
 		    && node->dnskey_req->dnssec_status == GETDNS_DNSSEC_BOGUS){
 
-			DEBUG_ANCHOR("ROOT DNSKEY set was bogus!\n");
+			DEBUG_ANCHOR("root DNSKEY set was bogus!\n");
 			if (!dnsreq->waiting_for_ta) {
 				uint64_t now = 0;
 
@@ -3143,7 +3146,7 @@ static void check_chain_complete(chain_head *chain)
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	if (    dnsreq->dnssec_roadblock_avoidance
 	    && !dnsreq->avoid_dnssec_roadblocks
-	    &&  dnsreq->netreqs[0]->dnssec_status == GETDNS_DNSSEC_BOGUS) {
+	    &&  _getdns_bogus(dnsreq)) {
 
 		getdns_network_req **netreq_p, *netreq;
 		uint64_t now_ms = 0;
@@ -3381,6 +3384,7 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 
 	if (dnsreq->avoid_dnssec_roadblocks && chain->lock == 0)
 		; /* pass */
+
 	else for (netreq_p = dnsreq->netreqs; (netreq = *netreq_p) ; netreq_p++) {
 		if (!  netreq->response
 		    || netreq->response_len < GLDNS_HEADER_SIZE
@@ -3391,7 +3395,10 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
 
 			netreq->dnssec_status = GETDNS_DNSSEC_INSECURE;
 			continue;
-		}
+
+		} else if (netreq->unbound_id != -1)
+			netreq->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
+
 		add_pkt2val_chain( &dnsreq->my_mf, &chain
 		                 , netreq->response, netreq->response_len
 				 , netreq
diff --git a/src/dnssec.h b/src/dnssec.h
index 3ffa96ee..ef1b4747 100644
--- a/src/dnssec.h
+++ b/src/dnssec.h
@@ -67,6 +67,8 @@ static inline int _dnssec_rdata_to_canonicalize(uint16_t rr_type)
 	    || rr_type == GLDNS_RR_TYPE_DNAME || rr_type == GLDNS_RR_TYPE_RRSIG;
 }
 
+int _getdns_bogus(getdns_dns_req *dns_req);
+
 #endif
 
 /* dnssec.h */
diff --git a/src/general.c b/src/general.c
index 72e7840a..d8a2bdf8 100644
--- a/src/general.c
+++ b/src/general.c
@@ -214,13 +214,15 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 #endif
 
 #ifdef STUB_NATIVE_DNSSEC
-	    || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
+	    || (    dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
 	        && !dns_req->avoid_dnssec_roadblocks
 	        && (dns_req->dnssec_return_status ||
 	            dns_req->dnssec_return_only_secure ||
 	            dns_req->dnssec_return_all_statuses
 	           ))
 #endif
+	    || (  dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	       && _getdns_bogus(dns_req))
 	    )) {
 		/* Reschedule timeout for this DNS request
 		 */
@@ -236,6 +238,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 #if defined(REQ_DEBUG) && REQ_DEBUG
 		debug_req("getting validation chain for ", *dns_req->netreqs);
 #endif
+		DEBUG_ANCHOR("Valchain lookup\n");
 		_getdns_get_validation_chain(dns_req);
 	} else
 		_getdns_call_user_callback(
@@ -594,22 +597,18 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			_getdns_context_equip_with_anchor(context, &now_ms);
 			if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
 				_getdns_start_fetching_ta(context, loop);
-				if (context->trust_anchors_source
-						== GETDNS_TASRC_FETCHING
-				    && context->resolution_type
-						== GETDNS_RESOLUTION_RECURSING
-				    && context->resolution_type
-						!= context->resolution_type_set) {
-
-					req->waiting_for_ta = 1;
-					req->ta_notify = context->ta_notify;
-					context->ta_notify = req;
-					return GETDNS_RETURN_GOOD;
-				}
 			}
 		}
 	}
 	if (!usenamespaces) {
+		if (context->trust_anchors_source == GETDNS_TASRC_FETCHING
+		    && context->resolution_type == GETDNS_RESOLUTION_RECURSING
+		    && context->resolution_type != context->resolution_type_set) {
+			req->waiting_for_ta = 1;
+			req->ta_notify = context->ta_notify;
+			context->ta_notify = req;
+			return GETDNS_RETURN_GOOD;
+		}
 		(void) _getdns_context_prepare_for_resolution(context, 0);
 
 		/* issue all network requests */
@@ -660,6 +659,14 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 #endif /* HAVE_MDNS_SUPPORT */
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
+			if (context->trust_anchors_source == GETDNS_TASRC_FETCHING
+			    && context->resolution_type == GETDNS_RESOLUTION_RECURSING
+			    && context->resolution_type != context->resolution_type_set) {
+				req->waiting_for_ta = 1;
+				req->ta_notify = context->ta_notify;
+				context->ta_notify = req;
+				return GETDNS_RETURN_GOOD;
+			}
 			(void) _getdns_context_prepare_for_resolution(context, 0);
 
 			/* TODO: We will get a good return code here even if

From e6536bb2ef52a43f24b6e28d78e593b67264e3c5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 15:18:43 +0200
Subject: [PATCH 063/140] Typo

---
 src/context.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/context.c b/src/context.c
index ae89a098..d306ca9e 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4835,10 +4835,11 @@ getdns_context_set_trust_anchor_url(
 		return GETDNS_RETURN_NOT_IMPLEMENTED;
 
 	path_len = strlen(path);
-	if (! ( path_len >= 4
+	if (! ( path_len >= 5
+	    &&  path[path_len - 4] == '.'
 	    && (path[path_len - 3] == 'x' || path[path_len - 3] == 'X')
-	    && (path[path_len - 2] == 'm' || path[path_len - 2] == 'm')
-	    && (path[path_len - 1] == 'l' || path[path_len - 1] == 'l')))
+	    && (path[path_len - 2] == 'm' || path[path_len - 2] == 'M')
+	    && (path[path_len - 1] == 'l' || path[path_len - 1] == 'L')))
 		return GETDNS_RETURN_NOT_IMPLEMENTED;
 
 	context->root_anchor_url = url;

From 905cf290d469018f5648f5dcdd38b54f8df95dff Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 15:38:07 +0200
Subject: [PATCH 064/140] Bump version, update ChangeLog

---
 ChangeLog    | 10 ++++++++++
 configure.ac | 11 ++++++-----
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index dc26f768..7b983c6b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+* 2017-09-??: Version 1.2.0
+  * Fix tpkg exit status on test failure. Thanks Jim Hague.
+  * Refined logging levels for upstream statistics
+  * Reuse (best behaving) backed-off TLS upstreams when non are usable.
+  * Let TLS upstreams back-off a incremental amount of time.
+    Back-off time starts with 1 second and is doubled each failure, but
+    will not exceed the time given by getdns_context_set_tls_backoff_time()
+  * Make TLS upstream management more resilient to temporary outages
+    (like laptop sleeps)
+
 * 2017-09-04: Version 1.1.3
   * Small bugfixes that came out of static analysis
   * No annotations with the output of getdns_query anymore,
diff --git a/configure.ac b/configure.ac
index 4eea1694..65898022 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,7 +36,7 @@ sinclude(./m4/acx_getaddrinfo.m4)
 sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
-AC_INIT([getdns], [1.1.3], [users@getdnsapi.net], [], [https://getdnsapi.net])
+AC_INIT([getdns], [1.2.0], [users@getdnsapi.net], [rc1], [https://getdnsapi.net])
 
 # Dont forget to put a dash in front of the release candidate!!!
 # That is how it is done with semantic versioning!
@@ -51,7 +51,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01010300])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010103c1])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@@ -84,10 +84,11 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-1.0.0 had libversion 5:1:4
 # getdns-1.1.0 had libversion 6:0:0
 # getdns-1.1.1 had libversion 6:1:0
-# getdns-1.1.2 has libversion 7:0:1
-# getdns-1.1.3 will have libversion 7:1:1
+# getdns-1.1.2 had libversion 7:0:1
+# getdns-1.1.3 had libversion 7:1:1
+# getdns-1.2.0 will have libversion 8:0:2
 #
-GETDNS_LIBVERSION=7:1:1
+GETDNS_LIBVERSION=8:0:2
 
 AC_SUBST(GETDNS_COMPILATION_COMMENT)
 AC_SUBST(GETDNS_LIBVERSION)

From ac86b41fab159b0e6b8b7896ecb6d2fc585aaa46 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 15:46:35 +0200
Subject: [PATCH 065/140] Update stubby

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 61142309..3f132bf7 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 6114230904d9413514d521358ca7956aac99e822
+Subproject commit 3f132bf7d51bdd156d28758acb884de3fb1249b0

From 8897bdf18fb075bbacd58df721a289077b3f5c2f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 20 Sep 2017 15:55:24 +0200
Subject: [PATCH 066/140] dependencies

---
 src/Makefile.in | 67 ++++++++++++++++++++++++++-----------------------
 1 file changed, 36 insertions(+), 31 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index a9cc4695..b4193cbe 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -270,13 +270,14 @@ anchor.lo anchor.o: $(srcdir)/anchor.c \
  $(srcdir)/debug.h $(srcdir)/anchor.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/general.h $(srcdir)/util-internal.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h
 const-info.lo const-info.o: $(srcdir)/const-info.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -286,14 +287,14 @@ context.lo context.o: $(srcdir)/context.c \
  $(srcdir)/anchor.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
- $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
 convert.lo convert.o: $(srcdir)/convert.c \
  config.h \
  getdns/getdns.h \
@@ -303,9 +304,9 @@ convert.lo convert.o: $(srcdir)/convert.c \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/yaml/convert_yaml_to_json.h $(srcdir)/convert.h
 dict.lo dict.o: $(srcdir)/dict.c \
  config.h \
  $(srcdir)/types-internal.h \
@@ -316,7 +317,7 @@ dict.lo dict.o: $(srcdir)/dict.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/parseutil.h
 dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
  config.h \
@@ -329,10 +330,10 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/anchor.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h
 general.lo general.o: $(srcdir)/general.c \
  config.h \
  $(srcdir)/general.h \
@@ -344,8 +345,8 @@ general.lo general.o: $(srcdir)/general.c \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h $(srcdir)/anchor.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/dict.h $(srcdir)/mdns.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -355,7 +356,7 @@ list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
 mdns.lo mdns.o: $(srcdir)/mdns.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/context.h \
@@ -366,7 +367,7 @@ mdns.lo mdns.o: $(srcdir)/mdns.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
  $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
  $(srcdir)/util/orig-headers/lookup3.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
@@ -380,7 +381,7 @@ pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/util-internal.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
  config.h \
  $(srcdir)/types-internal.h \
@@ -391,8 +392,8 @@ request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
- $(srcdir)/convert.h $(srcdir)/general.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
 rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  config.h \
  getdns/getdns.h \
@@ -402,7 +403,8 @@ rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
+ $(srcdir)/dict.h
 rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
  config.h \
  getdns/getdns.h \
@@ -416,7 +418,7 @@ server.lo server.o: $(srcdir)/server.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h
 stub.lo stub.o: $(srcdir)/stub.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/stub.h \
@@ -428,7 +430,7 @@ stub.lo stub.o: $(srcdir)/stub.c \
  $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
  $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
 sync.lo sync.o: $(srcdir)/sync.c \
  getdns/getdns.h \
@@ -440,8 +442,8 @@ sync.lo sync.o: $(srcdir)/sync.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
 ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
  config.h \
  getdns/getdns.h \
@@ -456,8 +458,8 @@ util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
 gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
  config.h \
  $(srcdir)/gldns/gbuffer.h
@@ -536,6 +538,9 @@ val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
  $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
 yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
+convert_yaml_to_json.lo convert_yaml_to_json.o: $(srcdir)/yaml/convert_yaml_to_json.c \
+ config.h \
+ $(srcdir)/yaml/../gldns/gbuffer.h $(srcdir)/yaml/convert_yaml_to_json.h
 libev.lo libev.o: $(srcdir)/extension/libev.c \
  config.h \
  $(srcdir)/types-internal.h \
@@ -562,7 +567,7 @@ poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
 select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
  config.h \
- $(srcdir)/extension/select_eventloop.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/select_eventloop.h

From 712f62a4c1a867e0bb54ccfedec5f7585c1fa331 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 21 Sep 2017 11:03:38 +0200
Subject: [PATCH 067/140] Things that came out of compiling on Windows

---
 configure.ac                     | 18 ++++++++++++++----
 src/anchor.c                     | 16 ++++++++++++----
 src/context.c                    | 17 +++++++++++++----
 src/debug.h                      |  2 +-
 src/extension/select_eventloop.c | 17 +++++++++--------
 src/server.c                     |  6 ++++--
 src/stub.c                       |  2 +-
 src/sync.c                       |  6 ++++--
 src/tools/getdns_query.c         |  6 +++---
 src/util-internal.h              |  2 +-
 src/yaml/convert_yaml_to_json.c  | 12 ++++++------
 stubby                           |  2 +-
 12 files changed, 69 insertions(+), 37 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9ce934ff..039a1a78 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1149,10 +1149,20 @@ fi
 
 
 #---- check for pthreads library
-AC_SEARCH_LIBS([pthread_mutex_init],[pthread], [
-	AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])
-	LIBS="-lpthread $LIBS"
-], [AC_MSG_WARN([pthreads not available])])
+AC_ARG_WITH(libpthread, AS_HELP_STRING([--without-libpthread],
+	[Disable libpthread (default is autodetect)]),
+	[], [withval="yes"])
+
+case "$withval" in
+	yes)
+		AC_SEARCH_LIBS([pthread_mutex_init],[pthread], [
+			AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])
+			LIBS="-lpthread $LIBS"
+		], [AC_MSG_WARN([pthreads not available])])
+		;;
+	*)
+		;;
+esac
 
 AC_MSG_CHECKING([whether the C compiler (${CC-cc}) supports the __func__ variable])
 AC_LANG_PUSH(C)
diff --git a/src/anchor.c b/src/anchor.c
index 86338d4f..fba1d1f3 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -988,9 +988,7 @@ static void tas_read_cb(void *userarg);
 static void tas_write_cb(void *userarg);
 static void tas_doc_read(getdns_context *context, tas_connection *a)
 {
-	DEBUG_ANCHOR("doc (size: %d): \"%.*s\"\n",
-	    (int)a->tcp.read_buf_len,
-	    (int)a->tcp.read_buf_len, (char *)a->tcp.read_buf);
+	DEBUG_ANCHOR("doc (size: %d)\n", (int)a->tcp.read_buf_len);
 
 	assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
 	assert(context);
@@ -1085,7 +1083,11 @@ static void tas_read_cb(void *userarg)
 	DEBUG_ANCHOR( "state: %d, to_read: %d\n"
 	            , (int)a->state, (int)a->tcp.to_read);
 
+#ifdef USE_WINSOCK
+	n = recv(a->fd, (char *)a->tcp.read_pos, a->tcp.to_read, 0);
+#else
 	n = read(a->fd, a->tcp.read_pos, a->tcp.to_read);
+#endif
 	if (n == 0) {
 		DEBUG_ANCHOR("Connection closed\n");
 		GETDNS_CLEAR_EVENT(a->loop, &a->event);
@@ -1218,7 +1220,13 @@ static void tas_write_cb(void *userarg)
 	DEBUG_ANCHOR( "state: %d, to_write: %d\n"
 	            , (int)a->state, (int)a->tcp.write_buf_len);
 
+
+#ifdef USE_WINSOCK
+	DEBUG_ANCHOR("sending to: %d\n", a->fd);
+	written = send(a->fd, (const char *)a->tcp.write_buf, a->tcp.write_buf_len, 0);
+#else
 	written = write(a->fd, a->tcp.write_buf, a->tcp.write_buf_len);
+#endif
 	if (written >= 0) {
 		assert(written <= (ssize_t)a->tcp.write_buf_len);
 
@@ -1240,7 +1248,7 @@ static void tas_write_cb(void *userarg)
 		    tas_read_cb, NULL, tas_timeout_cb));
 		return;
 
-	} else if (_getdns_EWOULDBLOCK)
+	} else if (_getdns_EWOULDBLOCK || _getdns_EINPROGRESS)
 		return;
 
 	DEBUG_ANCHOR("Write error: %s\n", strerror(errno));
diff --git a/src/context.c b/src/context.c
index 4eaef000..19d749f9 100644
--- a/src/context.c
+++ b/src/context.c
@@ -54,6 +54,7 @@ typedef unsigned short in_port_t;
 #include <stdio.h>
 #include <windows.h>
 #include <wincrypt.h>
+#include <shlobj.h>
 #endif
 
 #include <sys/stat.h>
@@ -4613,17 +4614,19 @@ static size_t _getdns_get_appdata(char *path)
 	size_t len;
 
 #ifdef USE_WINSOCK
+# define SLASHTOK '\\'
 # define APPDATA_SUBDIR "getdns"
 
 	if (! SUCCEEDED(SHGetFolderPath(NULL,
 	    CSIDL_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, path)))
-		DEBUG_ANCHOR("ERROR %s(): Could not get \%AppData\% directory\n"
+		DEBUG_ANCHOR("ERROR %s(): Could not get %%AppData%% directory\n"
 		            , __FUNC__);
 
 	else if ((len = strlen(path)) + sizeof(APPDATA_SUBDIR) + 2 >= PATH_MAX)
 		DEBUG_ANCHOR("ERROR %s(): Home path too long for appdata\n"
 		            , __FUNC__);
 #else
+# define SLASHTOK '/'
 # define APPDATA_SUBDIR ".getdns"
 	struct passwd *p = getpwuid(getuid());
 	char *home = NULL;
@@ -4642,17 +4645,23 @@ static size_t _getdns_get_appdata(char *path)
 	else {
 		if (len == 0 || (  path[len - 1] != '/'
 		                && path[len - 1] != '\\')) {
-			path[len++] = '/';
+			path[len++] = SLASHTOK;
 			path[len  ] = '\0';
 		}
 		(void) strcpy(path + len, APPDATA_SUBDIR);
 		len += sizeof(APPDATA_SUBDIR) - 1;
 
-		if (mkdir(path, 0755) < 0 && errno != EEXIST)
+		if (0 >
+#ifdef USE_WINSOCK
+		    mkdir(path)
+#else
+		    mkdir(path, 0755)
+#endif
+		    && errno != EEXIST)
 			DEBUG_ANCHOR("ERROR %s(): Could not mkdir %s: %s\n"
 				    , __FUNC__, path, strerror(errno));
 		else {
-			path[len++] = '/';
+			path[len++] = SLASHTOK;
 			path[len  ] = '\0';
 			return len;
 		}
diff --git a/src/debug.h b/src/debug.h
index 9d181140..8f3c2c33 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -53,7 +53,7 @@
 		time_t tsec_dEbUgSyM; \
 		\
 		gettimeofday(&tv_dEbUgSyM, NULL); \
-		tsec = (time_t) tv_dEbUgSyM.tv_sec; \
+		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
 		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
 		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 348c7ab1..6f6d0f75 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -235,20 +235,21 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_usec = (long)((timeout - now) % 1000000);
 	}
 #ifdef USE_WINSOCK
-    if (max_fd == -1)
-    {
-        if (timeout != TIMEOUT_FOREVER)
-        {
-            uint32_t timeout_ms = (tv.tv_usec / 1000) + (tv.tv_sec * 1000);
-            Sleep(timeout_ms);
-        }
-    } else
+	if (max_fd == -1) {
+		if (timeout != TIMEOUT_FOREVER) {
+			uint32_t timeout_ms = (tv.tv_usec / 1000) + (tv.tv_sec * 1000);
+			Sleep(timeout_ms);
+        	}
+	} else {
 #endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
 	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
 		perror("select() failed");
 		exit(EXIT_FAILURE);
 	}
+#ifdef USE_WINSOCK
+	}
+#endif
 	now = get_now_plus(0);
 	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
 		if (select_loop->fd_events[fd] &&
diff --git a/src/server.c b/src/server.c
index 05267b60..ab986a41 100644
--- a/src/server.c
+++ b/src/server.c
@@ -189,7 +189,8 @@ static void tcp_write_cb(void *userarg)
 	}
 	to_write = conn->to_write;
 	if (conn->fd == -1 || 
-	    (written = send(conn->fd, &to_write->write_buf[to_write->written],
+	    (written = send(conn->fd,
+	    (const void *)&to_write->write_buf[to_write->written],
 	    to_write->write_buf_len - to_write->written, 0)) == -1) {
 
 		/* IO error, close connection */
@@ -367,7 +368,8 @@ static void tcp_read_cb(void *userarg)
 	(void) loop->vmt->schedule(loop, conn->fd,
 	    DOWNSTREAM_IDLE_TIMEOUT, &conn->event);
 
-	if ((bytes_read = recv(conn->fd, conn->read_pos, conn->to_read, 0)) < 0) {
+	if ((bytes_read = recv(conn->fd,
+	    (void *)conn->read_pos, conn->to_read, 0)) < 0) {
 		if (errno == EAGAIN || errno == EWOULDBLOCK)
 			return; /* Come back to do the read later */
 
diff --git a/src/stub.c b/src/stub.c
index 9c2a2cee..1d16c4bb 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -840,7 +840,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		/* Coming back from an earlier unfinished write or handshake.
 		 * Try to send remaining data */
 #ifdef USE_WINSOCK
-		written = send(fd, tcp->write_buf + tcp->written,
+		written = send(fd, (void *)(tcp->write_buf + tcp->written),
 			tcp->write_buf_len - tcp->written, 0);
 #else
 		written = write(fd, tcp->write_buf     + tcp->written,
diff --git a/src/sync.c b/src/sync.c
index 75f8cca3..c618b0e4 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -76,7 +76,7 @@ getdns_sync_data_init(getdns_context *context, getdns_sync_data *data)
 #  ifdef HAVE_UNBOUND_EVENT_API
 	if (_getdns_ub_loop_enabled(&context->ub_loop)) {
 		context->ub_loop.extension = ext;
-	} else
+	} else 
 #  endif
 #  ifndef USE_WINSOCK
 		return ext->vmt->schedule(ext, ub_fd(context->unbound_ctx),
@@ -85,7 +85,9 @@ getdns_sync_data_init(getdns_context *context, getdns_sync_data *data)
 		/* No sync full recursion requests on windows without 
 		 * UNBOUND_EVENT_API because ub_fd() doesn't work on windows.
 		 */
-		; /* pass */
+#   ifdef HAVE_UNBOUND_EVENT_API
+		{ ; } /* pass */
+#   endif
 #  endif
 #endif
 	return GETDNS_RETURN_GOOD;
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index aec56f44..9ab55b19 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -341,7 +341,7 @@ static getdns_return_t validate_chain(getdns_dict *response)
 		if ((r = getdns_list_set_dict(to_validate, 0, reply)))
 			goto error;
 
-		if (verbosity) printf("reply "PRIsz", dnssec_status: ", i);
+		if (verbosity) printf("reply %d, dnssec_status: ", (int)i);
 		switch ((s = getdns_validate_dnssec(
 		    to_validate, validation_chain, trust_anchor))) {
 
@@ -1075,11 +1075,11 @@ next:		;
 		/* apply the accumulated pubkey pinset to all upstreams: */
 		for (j = 0; j < upstream_count; j++) {
 			if (r = getdns_list_get_dict(upstream_list, j, &upstream), r) {
-				fprintf(stderr, "Failed to get upstream "PRIsz" when adding pinset\n", j);
+				fprintf(stderr, "Failed to get upstream %d when adding pinset\n", (int)j);
 				return r;
 			}
 			if (r = getdns_dict_set_list(upstream, "tls_pubkey_pinset", pubkey_pinset), r) {
-				fprintf(stderr, "Failed to set pubkey pinset on upstream "PRIsz"\n", j);
+				fprintf(stderr, "Failed to set pubkey pinset on upstream %d\n", (int)j);
 				return r;
 			}
 		}
diff --git a/src/util-internal.h b/src/util-internal.h
index 3f4b9959..1ef007bc 100644
--- a/src/util-internal.h
+++ b/src/util-internal.h
@@ -203,7 +203,7 @@ INLINE uint64_t _getdns_get_now_ms()
 	struct timeval tv;
 
 	(void) gettimeofday(&tv, NULL);
-	return tv.tv_sec * 1000 + tv.tv_usec / 1000;
+	return (uint64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
 }
 
 INLINE uint64_t _getdns_ms_until_expiry(uint64_t expires)
diff --git a/src/yaml/convert_yaml_to_json.c b/src/yaml/convert_yaml_to_json.c
index e62e971e..be04725d 100644
--- a/src/yaml/convert_yaml_to_json.c
+++ b/src/yaml/convert_yaml_to_json.c
@@ -471,13 +471,13 @@ void report_parser_error(yaml_parser_t *parser)
 
 	case YAML_SCANNER_ERROR:
 		if (parser->context) {
-			fprintf(stderr, "Scanner error: %s at line %lu, column %lu\n"
-					"%s at line %lu, column %lu\n", parser->context,
+			fprintf(stderr, "Scanner error: %s at line "PRIsz", column "PRIsz"\n"
+					"%s at line "PRIsz", column "PRIsz"\n", parser->context,
 					parser->context_mark.line+1, parser->context_mark.column+1,
 					parser->problem, parser->problem_mark.line+1,
 					parser->problem_mark.column+1);
 		} else {
-			fprintf(stderr, "Scanner error: %s at line %lu, column %lu\n",
+			fprintf(stderr, "Scanner error: %s at line "PRIsz", column "PRIsz"\n",
 					parser->problem, parser->problem_mark.line+1,
 					parser->problem_mark.column+1);
 		}
@@ -485,13 +485,13 @@ void report_parser_error(yaml_parser_t *parser)
 
 	case YAML_PARSER_ERROR:
 		if (parser->context) {
-			fprintf(stderr, "Parser error: %s at line %lu, column %lu\n"
-					"%s at line %lu, column %lu\n", parser->context,
+			fprintf(stderr, "Parser error: %s at line "PRIsz", column "PRIsz"\n"
+					"%s at line "PRIsz", column "PRIsz"\n", parser->context,
 					parser->context_mark.line+1, parser->context_mark.column+1,
 					parser->problem, parser->problem_mark.line+1,
 					parser->problem_mark.column+1);
 		} else {
-			fprintf(stderr, "Parser error: %s at line %lu, column %lu\n",
+			fprintf(stderr, "Parser error: %s at line "PRIsz", column "PRIsz"\n",
 					parser->problem, parser->problem_mark.line+1,
 					parser->problem_mark.column+1);
 		}
diff --git a/stubby b/stubby
index 3f132bf7..993cbb35 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 3f132bf7d51bdd156d28758acb884de3fb1249b0
+Subproject commit 993cbb35c1e1c2bcccb49fc0781e94c34c21a5ee

From 90a187a1acbaa66620f5e4cefefc25dfe6f7fee1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 21 Sep 2017 12:33:19 +0200
Subject: [PATCH 068/140] New recommendations regarding trust anchor management

---
 Makefile.in | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index 61484a54..c864d64e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -71,21 +71,26 @@ install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
 	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
 	cd doc && $(MAKE) install
 	@echo "***"
-	@echo "***  !!! IMPORTANT !!!!  libgetdns needs a DNSSEC trust anchor!"
+	@echo "***  !!! IMPORTANT !!!!"
+	@echo "***"
+	@echo "***  From release 1.2.0, getdns comes with built-in DNSSEC"
+	@echo "***  trust anchor management.  External trust anchor management,"
+	@echo "***  for example with unbound-anchor, is no longer necessary"
+	@echo "***  and no longer recommended."
+	@echo "***"
+	@echo "***  Previously installed trust anchors, in the default location -"
 	@echo "***"
-	@echo "***  For the library to be able to perform DNSSEC, the root"
-	@echo "***  trust anchor needs to be present in presentation format"
-	@echo "***  in the file: "
 	@echo "***        @TRUST_ANCHOR_FILE@"
 	@echo "***"
-	@echo "***  We recomend using unbound-anchor to retrieve and install"
-	@echo "***  the root trust anchor like this: "
-	@echo "***        mkdir -p `dirname @TRUST_ANCHOR_FILE@`"
-	@echo "***        unbound-anchor -a \"@TRUST_ANCHOR_FILE@\""
+	@echo "***  - will be preferred and used for DNSSEC validation, however"
+	@echo "***  getdns will fallback to trust-anchors obtained via built-in"
+	@evho "***  trust anchor management when the anchors from the default"
+	@echo "***  location fail to validate the root DNSKEY rrset."
 	@echo "***"
-	@echo "***  We strongly recommend package maintainers to provide the"
-	@echo "***  root trust anchor by installing it with unbound-anchor"
-	@echo "***  at package installation time from the post-install script."
+	@echo "***  To prevent expired DNSSEC trust anchors to be used for"
+	@echo "***  validation, we strongly recommend removing the trust anchors"
+	@echo "***  on the default location when there is no active external"
+	@echo "***  trust anchor management keeping it up-to-date."
 	@echo "***"
 
 uninstall: @UNINSTALL_GETDNS_QUERY@

From edba5b77f86e82bdfb42f0a42e0fdd2d5284c099 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 21 Sep 2017 12:33:44 +0200
Subject: [PATCH 069/140] Updated ChangeLog

---
 ChangeLog | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 7b983c6b..ec48868a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,18 @@
 * 2017-09-??: Version 1.2.0
+  * A function to set the location for library specific data,
+    like trust-anchors: getdns_context_set_appdata().
+  * Zero configuration DNSSEC - build upon the scheme
+    described in RFC7958.  The URL from which to fetch
+    the trust anchor, the verification CA and email
+    can be set with the new getdns_context_set_trust_anchor_url(),
+    getdns_context_set_trust_anchor_verify_CA() and
+    getdns_context_set_trust_anchor_verify_email() functions.
+    The default values are to fetch from IANA and to validate
+    with the ICANN CA.
+  * Update of Stubby with yaml configuration file and
+    logging from a certain severity support.
+  * Conversion of yaml to getdns_dict and getdns_list with
+    getdns_yaml2dict() and getdns_yaml2list() functions
   * Fix tpkg exit status on test failure. Thanks Jim Hague.
   * Refined logging levels for upstream statistics
   * Reuse (best behaving) backed-off TLS upstreams when non are usable.

From 1b47ce4d10b970da72851cb8d282a957361a434c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 21 Sep 2017 12:38:49 +0200
Subject: [PATCH 070/140] Slightly different function prototypes

---
 src/anchor.c                 | 14 ++++----
 src/context.c                | 30 ++++-------------
 src/convert.c                |  6 +++-
 src/getdns/getdns_extra.h.in | 65 ++++--------------------------------
 src/libgetdns.symbols        |  2 --
 5 files changed, 24 insertions(+), 93 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index fba1d1f3..8da59bba 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -734,7 +734,7 @@ void _getdns_context_equip_with_anchor(
 	X509_STORE *store = NULL;
 
 	if ((r = getdns_context_get_trust_anchor_verify_CA(
-	    context, ".", &verify_CA)))
+	    context, &verify_CA)))
 		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 			     " CA: \"%s\"\n", __FUNC__
 			    , getdns_get_errorstr_by_id(r));
@@ -744,7 +744,7 @@ void _getdns_context_equip_with_anchor(
 		             "disabled by empty verify CA\n");
 
 	else if ((r = getdns_context_get_trust_anchor_verify_email(
-	    context, ".", &verify_email)))
+	    context, &verify_email)))
 		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
 		             "address: \"%s\"\n", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
@@ -1017,7 +1017,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		p7s_bd.size = a->tcp.read_buf_len;
 
 		if ((r = getdns_context_get_trust_anchor_verify_CA(
-		    context, ".", (const char **)&verify_CA.data)))
+		    context, (const char **)&verify_CA.data)))
 			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 				     " CA: \"%s\"\n", __FUNC__
 				    , getdns_get_errorstr_by_id(r));
@@ -1026,7 +1026,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 			; /* pass */
 
 		else if ((r = getdns_context_get_trust_anchor_verify_email(
-		    context, ".", &verify_email)))
+		    context, &verify_email)))
 			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 				     " email address: \"%s\"\n", __FUNC__
 				    , getdns_get_errorstr_by_id(r));
@@ -1264,7 +1264,7 @@ static getdns_return_t _getdns_get_tas_url_hostname(
 	char *next_slash;
 	size_t s;
 
-	if ((r = getdns_context_get_trust_anchor_url(context, ".", &url)))
+	if ((r = getdns_context_get_trust_anchor_url(context, &url)))
 		return r;
 
 	if ((next_slash = strchr(url + 7 /* "http://" */, '/'))) {
@@ -1523,7 +1523,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		return;
 
 	} else if ((r = getdns_context_get_trust_anchor_verify_CA(
-	    context, ".", &verify_CA))) {
+	    context, &verify_CA))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get verify CA"
 		             ": \"%s\"", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
@@ -1535,7 +1535,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		return;
 
 	} else if ((r = getdns_context_get_trust_anchor_verify_email(
-	    context, ".", &verify_email))) {
+	    context, &verify_email))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
 		             ": \"%s\"", __FUNC__
 		            , getdns_get_errorstr_by_id(r));
diff --git a/src/context.c b/src/context.c
index 19d749f9..b2f3d8bf 100644
--- a/src/context.c
+++ b/src/context.c
@@ -4828,7 +4828,7 @@ int _getdns_context_can_write_appdata(getdns_context *context)
 
 getdns_return_t
 getdns_context_set_trust_anchor_url(
-    getdns_context *context, const char *zone, const char *url)
+    getdns_context *context, const char *url)
 {
 	const char *path;
 	size_t path_len;
@@ -4836,9 +4836,6 @@ getdns_context_set_trust_anchor_url(
 	if (!context || !url)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && !(zone[0] == '.' && zone[1] == '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	if (! ((url[0] == 'h' || url[0] == 'H')
 	    && (url[1] == 't' || url[1] == 'T')
 	    && (url[2] == 't' || url[2] == 'T')
@@ -4862,14 +4859,11 @@ getdns_context_set_trust_anchor_url(
 
 getdns_return_t
 getdns_context_get_trust_anchor_url(
-    getdns_context *context, const char *zone, const char **url)
+    getdns_context *context, const char **url)
 {
 	if (!context || !url)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && (zone[0] != '.' || zone[1] != '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	*url = context && context->root_anchor_url
 	     ?            context->root_anchor_url
 	     :     _getdns_default_root_anchor_url;
@@ -4878,14 +4872,11 @@ getdns_context_get_trust_anchor_url(
 
 getdns_return_t
 getdns_context_set_trust_anchor_verify_CA(
-    getdns_context *context, const char *zone, const char *verify_CA)
+    getdns_context *context, const char *verify_CA)
 {
 	if (!context || !verify_CA)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && (zone[0] != '.' || zone[1] != '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	context->root_anchor_verify_CA = verify_CA;
 	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA);
 	return GETDNS_RETURN_GOOD;
@@ -4893,14 +4884,11 @@ getdns_context_set_trust_anchor_verify_CA(
 
 getdns_return_t
 getdns_context_get_trust_anchor_verify_CA(
-    getdns_context *context, const char *zone, const char **verify_CA)
+    getdns_context *context, const char **verify_CA)
 {
 	if (!verify_CA)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && (zone[0] != '.' || zone[1] != '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	*verify_CA = context && context->root_anchor_verify_CA
 	           ?            context->root_anchor_verify_CA
 	           :     _getdns_default_root_anchor_verify_CA;
@@ -4909,14 +4897,11 @@ getdns_context_get_trust_anchor_verify_CA(
 
 getdns_return_t
 getdns_context_set_trust_anchor_verify_email(
-    getdns_context *context, const char *zone, const char *verify_email)
+    getdns_context *context, const char *verify_email)
 {
 	if (!context || !verify_email)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && (zone[0] != '.' || zone[1] != '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	context->root_anchor_verify_email = verify_email;
 	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL);
 	return GETDNS_RETURN_GOOD;
@@ -4924,14 +4909,11 @@ getdns_context_set_trust_anchor_verify_email(
 
 getdns_return_t
 getdns_context_get_trust_anchor_verify_email(
-    getdns_context *context, const char *zone, const char **verify_email)
+    getdns_context *context, const char **verify_email)
 {
 	if (!verify_email)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (zone && (zone[0] != '.' || zone[1] != '\0'))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
-
 	*verify_email = context && context->root_anchor_verify_email
 	              ?            context->root_anchor_verify_email
 		      :     _getdns_default_root_anchor_verify_email;
diff --git a/src/convert.c b/src/convert.c
index c9244781..aeb02071 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1851,6 +1851,10 @@ getdns_yaml2list(const char *str, getdns_list **list)
 #endif /* USE_YAML_CONFIG */
 }
 
+/* WT: I don't see how the two functions below would be different from
+ *     the str2bindata and str2int ones.
+ */
+#if 0
 getdns_return_t
 getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
 {
@@ -1898,4 +1902,4 @@ getdns_yaml2int(const char *str, uint32_t *value)
 	return GETDNS_RETURN_NOT_IMPLEMENTED;
 #endif /* USE_YAML_CONFIG */
 }
-
+#endif
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index c042a875..d9612775 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -548,22 +548,21 @@ getdns_context_set_logfunc(getdns_context *context, void *userarg,
  *
  */
 getdns_return_t
-getdns_context_set_trust_anchor_url(
-    getdns_context *context, const char *zone, const char *url);
+getdns_context_set_trust_anchor_url(getdns_context *context, const char *url);
 
 /**
  *
  */
 getdns_return_t
 getdns_context_set_trust_anchor_verify_CA(
-    getdns_context *context, const char *zone, const char *verify_CA);
+    getdns_context *context, const char *verify_CA);
 
 /**
  *
  */
 getdns_return_t
 getdns_context_set_trust_anchor_verify_email(
-    getdns_context *context, const char *zone, const char *verify_email);
+    getdns_context *context, const char *verify_email);
 
 
 /**
@@ -936,21 +935,21 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,
  */
 getdns_return_t
 getdns_context_get_trust_anchor_url(
-    getdns_context *context, const char *zone, const char **url);
+    getdns_context *context, const char **url);
 
 /**
  *
  */
 getdns_return_t
 getdns_context_get_trust_anchor_verify_CA(
-    getdns_context *context, const char *zone, const char **verify_CA);
+    getdns_context *context, const char **verify_CA);
 
 /**
  *
  */
 getdns_return_t
 getdns_context_get_trust_anchor_verify_email(
-    getdns_context *context, const char *zone, const char **verify_email);
+    getdns_context *context, const char **verify_email);
 
 
 /** @}
@@ -1776,58 +1775,6 @@ getdns_yaml2dict(const char *str, getdns_dict **dict);
 getdns_return_t
 getdns_yaml2list(const char *str, getdns_list **list);
 
-/**
- * Convert string text to a getdns_bindata.
- *
- * @param  str   A textual representation of a getdns_bindata
- *               The format is similar, but not precisely YAML.
- *               - Strings between double-quotes will be converted to bindata
- *                 containers, but *without the trailing null byte*.
- *                 For example: `{ suffix: [ "nlnetlabs.nl.", "nlnet.nl." ] }`
- *               - bindata representation of IP or IPv6 addresses may be
- *                 given in their presentation format.  For example:
- *                 `{ dns_root_servers: [ 2001:7fd::1, 193.0.14.129 ] }`
- *               - Arbitrary binary data may be given with a `0x` prefix,
- *                 or in base64 encoding.
- *                 For example:
- *
- *                      { add_opt_parameters:
- *                        { options: [ { option_code: 10
- *                                     , option_data: 0xA9E4EC50C03F5D65
- *                                     } ]
- *                        }
- *                      }
- *
- *               - Wireformat domain name bindatas can be given with a trailing dot.
- *                 For example:
- *
- *                      { upstream_recursive_servers:
- *                        [ { address_data  : 2a04:b900:0:100::37
- *                          , tsig_name     : hmac-md5.tsigs.getdnsapi.net.
- *                          , tsig_algorithm: hmac-md5.sig-alg.reg.int.
- *                          , tsig_secret : 16G69OTeXW6xSQ==
- *                          } ]
- *                      }
- * @param  bindata The returned getdns_bindata.
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- */
-getdns_return_t
-getdns_yaml2bindata(const char *str, getdns_bindata **bindata);
-
-/**
- * Convert string text to a getdns 32 bits unsigned integer.
- *
- * @param  str   A textual representation of the integer.
- *               The format is similar, but not precisely YAML.
- *               - integer values may be given by the constant name.
- *                 For example: `{ resolution_type: GETDNS_RESOLUTION_STUB }`
- *                 or `{ specify_class: GETDNS_RRCLASS_CH }`
- * @param  value The returned integer.
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- */
-getdns_return_t
-getdns_yaml2int(const char *str, uint32_t *value);
-
 /** @}
  */
 
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 950a72d9..0d17b148 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -165,9 +165,7 @@ getdns_wire2msg_dict_scan
 getdns_wire2rr_dict
 getdns_wire2rr_dict_buf
 getdns_wire2rr_dict_scan
-getdns_yaml2bindata
 getdns_yaml2dict
-getdns_yaml2int
 getdns_yaml2list
 plain_mem_funcs_user_arg
 priv_getdns_context_mf

From da2aa634d386237f9297d6c8c90ed5b5c60e57f4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 21 Sep 2017 17:06:29 +0200
Subject: [PATCH 071/140] Make appdata_dir configurable +

	settings via getdns_context_config()
---
 src/const-info.c             |   2 +
 src/context.c                | 217 ++++++++++++++++++++++++++---------
 src/context.h                |  11 +-
 src/getdns/getdns_extra.h.in |   9 ++
 src/libgetdns.symbols        |   1 +
 5 files changed, 181 insertions(+), 59 deletions(-)

diff --git a/src/const-info.c b/src/const-info.c
index 9caf93cd..df319b4f 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -85,6 +85,7 @@ static struct const_info consts_info[] = {
 	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL_TEXT },
 	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT },
 	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT },
+	{     628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
 	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{     702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -153,6 +154,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CALLBACK_COMPLETE", 700 },
 	{ "GETDNS_CALLBACK_ERROR", 703 },
 	{ "GETDNS_CALLBACK_TIMEOUT", 702 },
+	{ "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 },
 	{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
diff --git a/src/context.c b/src/context.c
index b2f3d8bf..aa102dae 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1364,11 +1364,11 @@ static void _getdns_check_expired_pending_netreqs_cb(void *arg)
 	_getdns_check_expired_pending_netreqs((getdns_context *)arg, &now_ms);
 }
 
-static const char *_getdns_default_root_anchor_url =
+static const char *_getdns_default_trust_anchor_url =
     "http://data.iana.org/root-anchors/root-anchors.xml";
 
 /* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
-static const char *_getdns_default_root_anchor_verify_CA =
+static const char *_getdns_default_trust_anchor_verify_CA =
 "-----BEGIN CERTIFICATE-----\n"
 "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
 "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
@@ -1391,7 +1391,7 @@ static const char *_getdns_default_root_anchor_verify_CA =
 "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
 "-----END CERTIFICATE-----\n";
 
-static const char *_getdns_default_root_anchor_verify_email =
+static const char *_getdns_default_trust_anchor_verify_email =
     "dnssec@iana.org";
 
 
@@ -1496,10 +1496,10 @@ getdns_context_create_with_extended_memory_functions(
 
 	result->trust_anchors_source = GETDNS_TASRC_NONE;
 	result->can_write_appdata = PROP_UNKNOWN;
-	result->root_anchor_url = _getdns_default_root_anchor_url;
-	result->root_anchor_verify_email
-	    = _getdns_default_root_anchor_verify_email;
-	result->root_anchor_verify_CA = _getdns_default_root_anchor_verify_CA;
+	result->trust_anchor_url = NULL;
+	result->trust_anchor_verify_email = NULL;
+	result->trust_anchor_verify_CA = NULL;
+	result->appdata_dir = NULL;
 
 	(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));
 
@@ -1763,10 +1763,20 @@ getdns_context_destroy(struct getdns_context *context)
 	_getdns_traverse_postorder(&context->local_hosts,
 	    destroy_local_host, context);
 
-
 	getdns_dict_destroy(context->header);
 	getdns_dict_destroy(context->add_opt_parameters);
 
+	if (context->trust_anchor_url)
+		GETDNS_FREE(context->mf, context->trust_anchor_url);
+	if (context->trust_anchor_verify_CA)
+		GETDNS_FREE( context->mf
+		           , context->trust_anchor_verify_CA);
+	if (context->trust_anchor_verify_email)
+		GETDNS_FREE( context->mf
+		           , context->trust_anchor_verify_email);
+	if (context->appdata_dir)
+		GETDNS_FREE(context->mf, context->appdata_dir);
+
 #ifdef USE_WINSOCK
 	WSACleanup();
 #endif
@@ -3626,11 +3636,11 @@ char *
 _getdns_strdup(const struct mem_funcs *mfs, const char *s)
 {
     size_t sz = strlen(s) + 1;
-    char *r = GETDNS_XMALLOC(*mfs, char, sz);
-    if (r)
-        return memcpy(r, s, sz);
-    else
+    char *r;
+    if (!s || !(r = GETDNS_XMALLOC(*mfs, char, sz)))
         return NULL;
+    else
+        return memcpy(r, s, sz);
 }
 
 struct getdns_bindata *
@@ -3759,12 +3769,15 @@ getdns_context_get_eventloop(getdns_context *context, getdns_eventloop **loop)
 	return GETDNS_RETURN_GOOD;
 }
 
+static size_t _getdns_get_appdata(getdns_context *context, char *path);
 static getdns_dict*
 _get_context_settings(getdns_context* context)
 {
 	getdns_dict *result = getdns_dict_create_with_context(context);
 	getdns_list *list;
 	size_t       i;
+	const char  *str_value;
+	char         appdata_dir[PATH_MAX] = "";
 
 	if (!result)
 		return NULL;
@@ -3804,7 +3817,10 @@ _get_context_settings(getdns_context* context)
 	    || getdns_dict_set_int(result, "tls_connection_retries",
 	                           context->tls_connection_retries)
 	    || getdns_dict_set_int(result, "tls_query_padding_blocksize",
-	                           context->tls_query_padding_blocksize))
+	                           context->tls_query_padding_blocksize)
+	    || getdns_dict_set_int(result, "resolution_type",
+	                           context->resolution_type)
+	    )
 		goto error;
 	
 	/* list fields */
@@ -3823,6 +3839,14 @@ _get_context_settings(getdns_context* context)
 		getdns_list_destroy(list);
 		goto error;
 	}
+	if (getdns_context_get_dnssec_trust_anchors(context, &list))
+		; /* pass */
+
+	else if (list && _getdns_dict_set_this_list(
+	    result, "dnssec_trust_anchors", list)) {
+		getdns_list_destroy(list);
+		goto error;
+	}
 	if (context->dns_transport_count > 0) {
 		/* create a namespace list */
 		if (!(list = getdns_list_create_with_context(context)))
@@ -3858,6 +3882,15 @@ _get_context_settings(getdns_context* context)
 			return NULL;
 		}
 	}
+	(void) _getdns_get_appdata(context, appdata_dir);
+	(void) getdns_dict_util_set_string(result, "appdata_dir", appdata_dir);
+	if (!getdns_context_get_trust_anchor_url(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchor_url", str_value);
+	if (!getdns_context_get_trust_anchor_verify_CA(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchor_verify_CA", str_value);
+	if (!getdns_context_get_trust_anchor_verify_email(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchor_verify_email", str_value);
+
 	return result;
 error:
 	getdns_dict_destroy(result);
@@ -3875,9 +3908,24 @@ getdns_context_get_api_information(getdns_context* context)
 	    && ! getdns_dict_util_set_string(
 	    result, "version_string", GETDNS_VERSION)
 
+	    && ! getdns_dict_set_int(
+	    result, "version_number", getdns_get_version_number())
+
+	    && ! getdns_dict_util_set_string(
+	    result, "api_version_string", getdns_get_api_version())
+
+	    && ! getdns_dict_set_int(
+	    result, "api_version_number", getdns_get_api_version_number())
+
 	    && ! getdns_dict_util_set_string(
 	    result, "implementation_string", PACKAGE_URL)
 
+	    && ! getdns_dict_util_set_string(
+	    result, "compilation_comment", GETDNS_COMPILATION_COMMENT)
+
+	    && ! getdns_dict_util_set_string(
+	    result, "trust_anchor_file", TRUST_ANCHOR_FILE)
+
 	    && ! getdns_dict_set_int(
 	    result, "resolution_type", context->resolution_type)
 
@@ -4479,6 +4527,12 @@ static getdns_return_t _get_list_or_read_file(const getdns_dict *config_dict,
 			else r = GETDNS_RETURN_INVALID_PARAMETER; \
 		}
 
+#define CONTEXT_SETTING_STRING(X) \
+	} else if (_streq(setting, #X )) { \
+		if (!(r = getdns_dict_get_bindata(config_dict, #X , &bd))) \
+			r = getdns_context_set_ ## X( \
+			    context, (char *)bd->data);
+
 static getdns_return_t
 _getdns_context_config_setting(getdns_context *context,
     const getdns_dict *config_dict, const getdns_bindata *setting)
@@ -4490,6 +4544,7 @@ _getdns_context_config_setting(getdns_context *context,
 	getdns_transport_list_t dns_transport_list[100];
 	size_t count, i;
 	uint32_t n;
+	getdns_bindata *bd;
 	int destroy_list = 0;
 
 	if (_streq(setting, "all_context")) {
@@ -4527,6 +4582,10 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_INT(tls_backoff_time)
 	CONTEXT_SETTING_INT(tls_connection_retries)
 	CONTEXT_SETTING_INT(tls_query_padding_blocksize)
+	CONTEXT_SETTING_STRING(trust_anchor_url)
+	CONTEXT_SETTING_STRING(trust_anchor_verify_CA)
+	CONTEXT_SETTING_STRING(trust_anchor_verify_email)
+	CONTEXT_SETTING_STRING(appdata_dir)
 
 	/**************************************/
 	/****                              ****/
@@ -4579,8 +4638,14 @@ _getdns_context_config_setting(getdns_context *context,
 	/****  Ignored context settings  ****/
 	/****                            ****/
 	/************************************/
-	} else if (!_streq(setting, "implementation_string") &&
-	    !_streq(setting, "version_string")) {
+	} else if (!_streq(setting, "implementation_string")
+	    && !_streq(setting, "version_string")
+	    && !_streq(setting, "version_number")
+	    && !_streq(setting, "api_version_string")
+	    && !_streq(setting, "api_version_number")
+	    && !_streq(setting, "trust_anchor_file")
+	    && !_streq(setting, "compilation_comment")
+	    ) {
 		r = GETDNS_RETURN_NOT_IMPLEMENTED;
 	}
 	return r;
@@ -4609,15 +4674,19 @@ getdns_context_config(getdns_context *context, const getdns_dict *config_dict)
 	return r;
 }
 
-static size_t _getdns_get_appdata(char *path)
+static size_t _getdns_get_appdata(getdns_context *context, char *path)
 {
-	size_t len;
+	size_t len = 0;
 
 #ifdef USE_WINSOCK
 # define SLASHTOK '\\'
 # define APPDATA_SUBDIR "getdns"
 
-	if (! SUCCEEDED(SHGetFolderPath(NULL,
+	if (context->appdata_dir) {
+		(void) strcpy(path, context->appdata_dir);
+		len = strlen(path);
+
+	} else if (! SUCCEEDED(SHGetFolderPath(NULL,
 	    CSIDL_APPDATA | CSIDL_FLAG_CREATE, NULL, 0, path)))
 		DEBUG_ANCHOR("ERROR %s(): Could not get %%AppData%% directory\n"
 		            , __FUNC__);
@@ -4631,7 +4700,11 @@ static size_t _getdns_get_appdata(char *path)
 	struct passwd *p = getpwuid(getuid());
 	char *home = NULL;
 
-	if (!(home = p ? p->pw_dir : getenv("HOME")))
+	if (context->appdata_dir) {
+		(void) strcpy(path, context->appdata_dir);
+		len = strlen(path);
+
+	} else if (!(home = p ? p->pw_dir : getenv("HOME")))
 		DEBUG_ANCHOR("ERROR %s(): Could not get home directory\n"
 		            , __FUNC__);
 
@@ -4650,7 +4723,11 @@ static size_t _getdns_get_appdata(char *path)
 		}
 		(void) strcpy(path + len, APPDATA_SUBDIR);
 		len += sizeof(APPDATA_SUBDIR) - 1;
-
+	}
+	if (len) {
+		if (path[len - 1] == '/' || path[len - 1] == '\\') {
+			path[--len] = '\0';
+		}
 		if (0 >
 #ifdef USE_WINSOCK
 		    mkdir(path)
@@ -4676,7 +4753,7 @@ FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn)
 	size_t len;
 
 	(void) context;
-	if (!(len = _getdns_get_appdata(path)))
+	if (!(len = _getdns_get_appdata(context, path)))
 		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
 		            , __FUNC__);
 
@@ -4742,7 +4819,7 @@ int _getdns_context_write_priv_file(getdns_context *context,
 	FILE *f = NULL;
 	size_t len;
 
-	if (!(len = _getdns_get_appdata(path)))
+	if (!(len = _getdns_get_appdata(context, path)))
 		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
 		            , __FUNC__);
 
@@ -4809,7 +4886,7 @@ int _getdns_context_can_write_appdata(getdns_context *context)
 	if (!_getdns_context_write_priv_file(context, test_fn, &test_content))
 		return 0;
 
-	if (!(len = _getdns_get_appdata(path)))
+	if (!(len = _getdns_get_appdata(context, path)))
 		DEBUG_ANCHOR("ERROR %s(): Could nog get application data path\n"
 		            , __FUNC__);
 
@@ -4833,26 +4910,33 @@ getdns_context_set_trust_anchor_url(
 	const char *path;
 	size_t path_len;
 
-	if (!context || !url)
+	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (! ((url[0] == 'h' || url[0] == 'H')
-	    && (url[1] == 't' || url[1] == 'T')
-	    && (url[2] == 't' || url[2] == 'T')
-	    && (url[3] == 'p' || url[3] == 'P')
-	    &&  url[4] == ':' && url[5] == '/' && url[6] == '/'
-	    && (path = strchr(url + 7, '/'))))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
+	if (url) {
+		if (! ((url[0] == 'h' || url[0] == 'H')
+		    && (url[1] == 't' || url[1] == 'T')
+		    && (url[2] == 't' || url[2] == 'T')
+		    && (url[3] == 'p' || url[3] == 'P')
+		    &&  url[4] == ':' && url[5] == '/' && url[6] == '/'
+		    && (path = strchr(url + 7, '/'))))
+			return GETDNS_RETURN_NOT_IMPLEMENTED;
 
-	path_len = strlen(path);
-	if (! ( path_len >= 5
-	    &&  path[path_len - 4] == '.'
-	    && (path[path_len - 3] == 'x' || path[path_len - 3] == 'X')
-	    && (path[path_len - 2] == 'm' || path[path_len - 2] == 'M')
-	    && (path[path_len - 1] == 'l' || path[path_len - 1] == 'L')))
-		return GETDNS_RETURN_NOT_IMPLEMENTED;
+		path_len = strlen(path);
+		if (! ( path_len >= 5
+		    &&    path[path_len - 4] == '.'
+		    && (  path[path_len - 3] == 'x'
+		       || path[path_len - 3] == 'X')
+		    && (  path[path_len - 2] == 'm'
+		       || path[path_len - 2] == 'M')
+		    && (  path[path_len - 1] == 'l'
+		       || path[path_len - 1] == 'L')))
+			return GETDNS_RETURN_NOT_IMPLEMENTED;
+	}
+	if (context->trust_anchor_url)
+		GETDNS_FREE(context->mf, context->trust_anchor_url);
+	context->trust_anchor_url = _getdns_strdup(&context->mf, url);
 
-	context->root_anchor_url = url;
 	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL);
 	return GETDNS_RETURN_GOOD;
 }
@@ -4864,9 +4948,9 @@ getdns_context_get_trust_anchor_url(
 	if (!context || !url)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*url = context && context->root_anchor_url
-	     ?            context->root_anchor_url
-	     :     _getdns_default_root_anchor_url;
+	*url = context && context->trust_anchor_url
+	     ?            context->trust_anchor_url
+	     :     _getdns_default_trust_anchor_url;
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -4874,11 +4958,16 @@ getdns_return_t
 getdns_context_set_trust_anchor_verify_CA(
     getdns_context *context, const char *verify_CA)
 {
-	if (!context || !verify_CA)
+	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	context->root_anchor_verify_CA = verify_CA;
-	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA);
+	if (context->trust_anchor_verify_CA)
+		GETDNS_FREE(context->mf, context->trust_anchor_verify_CA);
+	context->trust_anchor_verify_CA =
+	    _getdns_strdup(&context->mf, verify_CA);
+
+	dispatch_updated( context
+	                , GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA);
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -4889,9 +4978,9 @@ getdns_context_get_trust_anchor_verify_CA(
 	if (!verify_CA)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*verify_CA = context && context->root_anchor_verify_CA
-	           ?            context->root_anchor_verify_CA
-	           :     _getdns_default_root_anchor_verify_CA;
+	*verify_CA = context && context->trust_anchor_verify_CA
+	           ?            context->trust_anchor_verify_CA
+	           :     _getdns_default_trust_anchor_verify_CA;
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -4899,11 +4988,16 @@ getdns_return_t
 getdns_context_set_trust_anchor_verify_email(
     getdns_context *context, const char *verify_email)
 {
-	if (!context || !verify_email)
+	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	context->root_anchor_verify_email = verify_email;
-	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL);
+	if (context->trust_anchor_verify_email)
+		GETDNS_FREE(context->mf, context->trust_anchor_verify_email);
+	context->trust_anchor_verify_email =
+	    _getdns_strdup(&context->mf, verify_email);
+
+	dispatch_updated( context
+	                , GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL);
 	return GETDNS_RETURN_GOOD;
 }
 
@@ -4914,9 +5008,24 @@ getdns_context_get_trust_anchor_verify_email(
 	if (!verify_email)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*verify_email = context && context->root_anchor_verify_email
-	              ?            context->root_anchor_verify_email
-		      :     _getdns_default_root_anchor_verify_email;
+	*verify_email = context && context->trust_anchor_verify_email
+	              ?            context->trust_anchor_verify_email
+		      :     _getdns_default_trust_anchor_verify_email;
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t
+getdns_context_set_appdata_dir(
+    getdns_context *context, const char *appdata_dir)
+{
+	if (!context)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (context->appdata_dir)
+		GETDNS_FREE(context->mf, context->appdata_dir);
+	context->appdata_dir = _getdns_strdup(&context->mf, appdata_dir);
+
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_APPDATA_DIR);
 	return GETDNS_RETURN_GOOD;
 }
 
diff --git a/src/context.h b/src/context.h
index 8225d10b..e9b05117 100644
--- a/src/context.h
+++ b/src/context.h
@@ -337,14 +337,15 @@ struct getdns_context {
 	tas_connection        aaaa;
 	uint8_t               tas_hdr_spc[512];
 
-	_getdns_property      can_write_appdata;
-
-	const char           *root_anchor_url;
-	const char           *root_anchor_verify_CA;
-	const char           *root_anchor_verify_email;
+	char                 *trust_anchor_url;
+	char                 *trust_anchor_verify_CA;
+	char                 *trust_anchor_verify_email;
 
 	_getdns_ksks          root_ksk;
 
+	char                 *appdata_dir;
+	_getdns_property      can_write_appdata;
+
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index d9612775..97975a67 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -86,6 +86,9 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT "Change related to getdns_context_set_trust_anchor_verify_ca"
 #define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL 627
 #define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT "Change related to getdns_context_set_trust_anchor_verify_email"
+#define GETDNS_CONTEXT_CODE_APPDATA_DIR 628
+#define GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT "Change related to getdns_context_set_appdata_dir"
+
 /** @}
   */
 
@@ -564,6 +567,12 @@ getdns_return_t
 getdns_context_set_trust_anchor_verify_email(
     getdns_context *context, const char *verify_email);
 
+/**
+ *
+ */
+getdns_return_t
+getdns_context_set_appdata_dir(
+    getdns_context *context, const char *appdata_dir);
 
 /**
  * Get the current resolution type setting from this context.
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 0d17b148..c9bda9e7 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -40,6 +40,7 @@ getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
 getdns_context_run
+getdns_context_set_appdata_dir
 getdns_context_set_append_name
 getdns_context_set_context_update_callback
 getdns_context_set_dns_root_servers

From a3bfee7d0ab27e377b76798fdd092253dac25acd Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 11:12:27 +0200
Subject: [PATCH 072/140] Issues from unit tests

---
 Makefile.in                                   |  2 +-
 src/context.c                                 |  4 +-
 src/convert.c                                 | 10 +--
 src/getdns/getdns_extra.h.in                  | 61 +++++++------------
 .../255-yaml-config.tpkg/255-yaml-config.c    |  6 +-
 5 files changed, 34 insertions(+), 49 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index c864d64e..cc216ac4 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -84,7 +84,7 @@ install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
 	@echo "***"
 	@echo "***  - will be preferred and used for DNSSEC validation, however"
 	@echo "***  getdns will fallback to trust-anchors obtained via built-in"
-	@evho "***  trust anchor management when the anchors from the default"
+	@echo "***  trust anchor management when the anchors from the default"
 	@echo "***  location fail to validate the root DNSKEY rrset."
 	@echo "***"
 	@echo "***  To prevent expired DNSSEC trust anchors to be used for"
diff --git a/src/context.c b/src/context.c
index aa102dae..85176c3c 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3635,9 +3635,9 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
 char *
 _getdns_strdup(const struct mem_funcs *mfs, const char *s)
 {
-    size_t sz = strlen(s) + 1;
+    size_t sz;
     char *r;
-    if (!s || !(r = GETDNS_XMALLOC(*mfs, char, sz)))
+    if (!s || !(r = GETDNS_XMALLOC(*mfs, char, (sz = strlen(s) + 1))))
         return NULL;
     else
         return memcpy(r, s, sz);
diff --git a/src/convert.c b/src/convert.c
index aeb02071..deb0762c 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1827,6 +1827,12 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 #endif /* USE_YAML_CONFIG */
 }
 
+/* WT: I am not certain about the value of yaml2list...
+ *     I don't see how yaml2bindata and yaml2int  would be different from
+ *     the str2bindata and str2int ones.
+ */
+#if 0
+
 getdns_return_t
 getdns_yaml2list(const char *str, getdns_list **list)
 {
@@ -1851,10 +1857,6 @@ getdns_yaml2list(const char *str, getdns_list **list)
 #endif /* USE_YAML_CONFIG */
 }
 
-/* WT: I don't see how the two functions below would be different from
- *     the str2bindata and str2int ones.
- */
-#if 0
 getdns_return_t
 getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
 {
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 97975a67..392ab295 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1655,6 +1655,28 @@ getdns_msg_dict2str_scan(
  *  @{
  */
 
+/**
+ * Convert YAML text to a getdns_dict.
+ *
+ * @param  str   A textual representation of a getdns_dict.
+ *               The format is similar, but not precisely YAML.
+ *               - When str contains an IP or IPv6 address, it is converted
+ *                 to an getdns dict representation of that address.  This may contain
+ *                 a port, tls_port, tsig spec or tls authentication name in the same
+ *                 way as may be given with the `getdns_query` tool.  For example:
+ *                 `185.49.140.67:80#443` will result in the following getdns_dict:
+ *
+ *                      { address_type: "IPv4"
+ *                      , address_data: "185.49.140.67"
+ *                      , port: 80
+ *                      , tls_port: 443
+ *                      }
+ * @param  dict The returned getdns_dict.
+ * @return GETDNS_RETURN_GOOD on success or an error code on failure.
+ */
+getdns_return_t
+getdns_yaml2dict(const char *str, getdns_dict **dict);
+
 /**
  * Convert string text to a getdns_dict.
  *
@@ -1744,45 +1766,6 @@ getdns_str2bindata(const char *str, getdns_bindata **bindata);
 getdns_return_t
 getdns_str2int(const char *str, uint32_t *value);
 
-/** @}
- */
-
-/**
- * \defgroup Uyaml2getdns_data Converting YAML input to getdns data structures
- *  @{
- */
-
-/**
- * Convert YAML text to a getdns_dict.
- *
- * @param  str   A textual representation of a getdns_dict.
- *               The format is similar, but not precisely YAML.
- *               - When str contains an IP or IPv6 address, it is converted
- *                 to an getdns dict representation of that address.  This may contain
- *                 a port, tls_port, tsig spec or tls authentication name in the same
- *                 way as may be given with the `getdns_query` tool.  For example:
- *                 `185.49.140.67:80#443` will result in the following getdns_dict:
- *
- *                      { address_type: "IPv4"
- *                      , address_data: "185.49.140.67"
- *                      , port: 80
- *                      , tls_port: 443
- *                      }
- * @param  dict The returned getdns_dict.
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- */
-getdns_return_t
-getdns_yaml2dict(const char *str, getdns_dict **dict);
-
-/**
- * Convert YAML text to a getdns_list.
- *
- * @param  str   A textual representation of a getdns_list.
- * @param  list The returned getdns_list.
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- */
-getdns_return_t
-getdns_yaml2list(const char *str, getdns_list **list);
 
 /** @}
  */
diff --git a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
index 128195c0..4dd335fc 100644
--- a/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
+++ b/src/test/tpkg/255-yaml-config.tpkg/255-yaml-config.c
@@ -56,7 +56,7 @@ int main(int ac, char *av[])
 		goto fail;
 	}
 
-	r = getdns_yaml2list("[\"One\", \"two\", \"three\"]", &list);
+	r = getdns_str2list("[\"One\", \"two\", \"three\"]", &list);
 	if (r) {
 		fprintf(stderr, "Error setting list data: %s", getdns_get_errorstr_by_id(r));
 		goto fail;
@@ -68,7 +68,7 @@ int main(int ac, char *av[])
 		goto fail;
 	}
 
-	r = getdns_yaml2bindata("2001:7fd::1", &bindata);
+	r = getdns_str2bindata("2001:7fd::1", &bindata);
 	if (r) {
 		fprintf(stderr, "Error setting bindata: %s", getdns_get_errorstr_by_id(r));
 		goto fail;
@@ -81,7 +81,7 @@ int main(int ac, char *av[])
 	}
 
 	uint32_t intval;
-	r = getdns_yaml2int("32767", &intval);
+	r = getdns_str2int("32767", &intval);
 	if (r) {
 		fprintf(stderr, "Error setting int: %s", getdns_get_errorstr_by_id(r));
 		goto fail;

From 114b5785f77ba7dd727fef851aeedcb163c3e513 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 12:25:56 +0200
Subject: [PATCH 073/140] Doxygen documentation for Zero configuration DNSSEC

+ rename of getdns_context_(get|set)_trust_anchor_*()
         to getdns_context_(get|set)_trust_anchors_*()
---
 src/anchor.c                 |  14 +-
 src/const-info.c             |  12 +-
 src/context.c                |  96 +++++++-------
 src/context.h                |   6 +-
 src/getdns/getdns_extra.h.in | 240 ++++++++++++++++++++++++++++++-----
 src/libgetdns.symbols        |  13 +-
 6 files changed, 277 insertions(+), 104 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 8da59bba..d37cdec4 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -733,7 +733,7 @@ void _getdns_context_equip_with_anchor(
 	X509 *x = NULL;
 	X509_STORE *store = NULL;
 
-	if ((r = getdns_context_get_trust_anchor_verify_CA(
+	if ((r = getdns_context_get_trust_anchors_verify_CA(
 	    context, &verify_CA)))
 		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 			     " CA: \"%s\"\n", __FUNC__
@@ -743,7 +743,7 @@ void _getdns_context_equip_with_anchor(
 		DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
 		             "disabled by empty verify CA\n");
 
-	else if ((r = getdns_context_get_trust_anchor_verify_email(
+	else if ((r = getdns_context_get_trust_anchors_verify_email(
 	    context, &verify_email)))
 		DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
 		             "address: \"%s\"\n", __FUNC__
@@ -1016,7 +1016,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		p7s_bd.data = a->tcp.read_buf;
 		p7s_bd.size = a->tcp.read_buf_len;
 
-		if ((r = getdns_context_get_trust_anchor_verify_CA(
+		if ((r = getdns_context_get_trust_anchors_verify_CA(
 		    context, (const char **)&verify_CA.data)))
 			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 				     " CA: \"%s\"\n", __FUNC__
@@ -1025,7 +1025,7 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
 		else if (!(verify_CA.size = strlen((const char *)verify_CA.data)))
 			; /* pass */
 
-		else if ((r = getdns_context_get_trust_anchor_verify_email(
+		else if ((r = getdns_context_get_trust_anchors_verify_email(
 		    context, &verify_email)))
 			DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
 				     " email address: \"%s\"\n", __FUNC__
@@ -1264,7 +1264,7 @@ static getdns_return_t _getdns_get_tas_url_hostname(
 	char *next_slash;
 	size_t s;
 
-	if ((r = getdns_context_get_trust_anchor_url(context, &url)))
+	if ((r = getdns_context_get_trust_anchors_url(context, &url)))
 		return r;
 
 	if ((next_slash = strchr(url + 7 /* "http://" */, '/'))) {
@@ -1522,7 +1522,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		            , getdns_get_errorstr_by_id(r));
 		return;
 
-	} else if ((r = getdns_context_get_trust_anchor_verify_CA(
+	} else if ((r = getdns_context_get_trust_anchors_verify_CA(
 	    context, &verify_CA))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get verify CA"
 		             ": \"%s\"", __FUNC__
@@ -1534,7 +1534,7 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 		             "disabled by empty verify CA\n");
 		return;
 
-	} else if ((r = getdns_context_get_trust_anchor_verify_email(
+	} else if ((r = getdns_context_get_trust_anchors_verify_email(
 	    context, &verify_email))) {
 		DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
 		             ": \"%s\"", __FUNC__
diff --git a/src/const-info.c b/src/const-info.c
index df319b4f..2c582ed1 100644
--- a/src/const-info.c
+++ b/src/const-info.c
@@ -82,9 +82,9 @@ static struct const_info consts_info[] = {
 	{     622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
 	{     623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
 	{     624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
-	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL_TEXT },
-	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT },
-	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT },
+	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL_TEXT },
+	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA_TEXT },
+	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL_TEXT },
 	{     628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
 	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
@@ -179,9 +179,9 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
-	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL", 625 },
-	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA", 626 },
-	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL", 627 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", 626 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", 627 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
diff --git a/src/context.c b/src/context.c
index 85176c3c..8f200e8a 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1364,11 +1364,11 @@ static void _getdns_check_expired_pending_netreqs_cb(void *arg)
 	_getdns_check_expired_pending_netreqs((getdns_context *)arg, &now_ms);
 }
 
-static const char *_getdns_default_trust_anchor_url =
+static const char *_getdns_default_trust_anchors_url =
     "http://data.iana.org/root-anchors/root-anchors.xml";
 
 /* The ICANN CA fetched at 24 Sep 2010.  Valid to 2028 */
-static const char *_getdns_default_trust_anchor_verify_CA =
+static const char *_getdns_default_trust_anchors_verify_CA =
 "-----BEGIN CERTIFICATE-----\n"
 "MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
 "TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
@@ -1391,7 +1391,7 @@ static const char *_getdns_default_trust_anchor_verify_CA =
 "j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
 "-----END CERTIFICATE-----\n";
 
-static const char *_getdns_default_trust_anchor_verify_email =
+static const char *_getdns_default_trust_anchors_verify_email =
     "dnssec@iana.org";
 
 
@@ -1496,9 +1496,9 @@ getdns_context_create_with_extended_memory_functions(
 
 	result->trust_anchors_source = GETDNS_TASRC_NONE;
 	result->can_write_appdata = PROP_UNKNOWN;
-	result->trust_anchor_url = NULL;
-	result->trust_anchor_verify_email = NULL;
-	result->trust_anchor_verify_CA = NULL;
+	result->trust_anchors_url = NULL;
+	result->trust_anchors_verify_email = NULL;
+	result->trust_anchors_verify_CA = NULL;
 	result->appdata_dir = NULL;
 
 	(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));
@@ -1766,14 +1766,14 @@ getdns_context_destroy(struct getdns_context *context)
 	getdns_dict_destroy(context->header);
 	getdns_dict_destroy(context->add_opt_parameters);
 
-	if (context->trust_anchor_url)
-		GETDNS_FREE(context->mf, context->trust_anchor_url);
-	if (context->trust_anchor_verify_CA)
+	if (context->trust_anchors_url)
+		GETDNS_FREE(context->mf, context->trust_anchors_url);
+	if (context->trust_anchors_verify_CA)
 		GETDNS_FREE( context->mf
-		           , context->trust_anchor_verify_CA);
-	if (context->trust_anchor_verify_email)
+		           , context->trust_anchors_verify_CA);
+	if (context->trust_anchors_verify_email)
 		GETDNS_FREE( context->mf
-		           , context->trust_anchor_verify_email);
+		           , context->trust_anchors_verify_email);
 	if (context->appdata_dir)
 		GETDNS_FREE(context->mf, context->appdata_dir);
 
@@ -3884,12 +3884,12 @@ _get_context_settings(getdns_context* context)
 	}
 	(void) _getdns_get_appdata(context, appdata_dir);
 	(void) getdns_dict_util_set_string(result, "appdata_dir", appdata_dir);
-	if (!getdns_context_get_trust_anchor_url(context, &str_value) && str_value)
-		(void) getdns_dict_util_set_string(result, "trust_anchor_url", str_value);
-	if (!getdns_context_get_trust_anchor_verify_CA(context, &str_value) && str_value)
-		(void) getdns_dict_util_set_string(result, "trust_anchor_verify_CA", str_value);
-	if (!getdns_context_get_trust_anchor_verify_email(context, &str_value) && str_value)
-		(void) getdns_dict_util_set_string(result, "trust_anchor_verify_email", str_value);
+	if (!getdns_context_get_trust_anchors_url(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchors_url", str_value);
+	if (!getdns_context_get_trust_anchors_verify_CA(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchors_verify_CA", str_value);
+	if (!getdns_context_get_trust_anchors_verify_email(context, &str_value) && str_value)
+		(void) getdns_dict_util_set_string(result, "trust_anchors_verify_email", str_value);
 
 	return result;
 error:
@@ -4582,9 +4582,9 @@ _getdns_context_config_setting(getdns_context *context,
 	CONTEXT_SETTING_INT(tls_backoff_time)
 	CONTEXT_SETTING_INT(tls_connection_retries)
 	CONTEXT_SETTING_INT(tls_query_padding_blocksize)
-	CONTEXT_SETTING_STRING(trust_anchor_url)
-	CONTEXT_SETTING_STRING(trust_anchor_verify_CA)
-	CONTEXT_SETTING_STRING(trust_anchor_verify_email)
+	CONTEXT_SETTING_STRING(trust_anchors_url)
+	CONTEXT_SETTING_STRING(trust_anchors_verify_CA)
+	CONTEXT_SETTING_STRING(trust_anchors_verify_email)
 	CONTEXT_SETTING_STRING(appdata_dir)
 
 	/**************************************/
@@ -4904,7 +4904,7 @@ int _getdns_context_can_write_appdata(getdns_context *context)
 }
 
 getdns_return_t
-getdns_context_set_trust_anchor_url(
+getdns_context_set_trust_anchors_url(
     getdns_context *context, const char *url)
 {
 	const char *path;
@@ -4933,84 +4933,84 @@ getdns_context_set_trust_anchor_url(
 		       || path[path_len - 1] == 'L')))
 			return GETDNS_RETURN_NOT_IMPLEMENTED;
 	}
-	if (context->trust_anchor_url)
-		GETDNS_FREE(context->mf, context->trust_anchor_url);
-	context->trust_anchor_url = _getdns_strdup(&context->mf, url);
+	if (context->trust_anchors_url)
+		GETDNS_FREE(context->mf, context->trust_anchors_url);
+	context->trust_anchors_url = _getdns_strdup(&context->mf, url);
 
-	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL);
+	dispatch_updated(context, GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL);
 	return GETDNS_RETURN_GOOD;
 }
 
 getdns_return_t
-getdns_context_get_trust_anchor_url(
+getdns_context_get_trust_anchors_url(
     getdns_context *context, const char **url)
 {
 	if (!context || !url)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*url = context && context->trust_anchor_url
-	     ?            context->trust_anchor_url
-	     :     _getdns_default_trust_anchor_url;
+	*url = context && context->trust_anchors_url
+	     ?            context->trust_anchors_url
+	     :     _getdns_default_trust_anchors_url;
 	return GETDNS_RETURN_GOOD;
 }
 
 getdns_return_t
-getdns_context_set_trust_anchor_verify_CA(
+getdns_context_set_trust_anchors_verify_CA(
     getdns_context *context, const char *verify_CA)
 {
 	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (context->trust_anchor_verify_CA)
-		GETDNS_FREE(context->mf, context->trust_anchor_verify_CA);
-	context->trust_anchor_verify_CA =
+	if (context->trust_anchors_verify_CA)
+		GETDNS_FREE(context->mf, context->trust_anchors_verify_CA);
+	context->trust_anchors_verify_CA =
 	    _getdns_strdup(&context->mf, verify_CA);
 
 	dispatch_updated( context
-	                , GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA);
+	                , GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA);
 	return GETDNS_RETURN_GOOD;
 }
 
 getdns_return_t
-getdns_context_get_trust_anchor_verify_CA(
+getdns_context_get_trust_anchors_verify_CA(
     getdns_context *context, const char **verify_CA)
 {
 	if (!verify_CA)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*verify_CA = context && context->trust_anchor_verify_CA
-	           ?            context->trust_anchor_verify_CA
-	           :     _getdns_default_trust_anchor_verify_CA;
+	*verify_CA = context && context->trust_anchors_verify_CA
+	           ?            context->trust_anchors_verify_CA
+	           :     _getdns_default_trust_anchors_verify_CA;
 	return GETDNS_RETURN_GOOD;
 }
 
 getdns_return_t
-getdns_context_set_trust_anchor_verify_email(
+getdns_context_set_trust_anchors_verify_email(
     getdns_context *context, const char *verify_email)
 {
 	if (!context)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	if (context->trust_anchor_verify_email)
-		GETDNS_FREE(context->mf, context->trust_anchor_verify_email);
-	context->trust_anchor_verify_email =
+	if (context->trust_anchors_verify_email)
+		GETDNS_FREE(context->mf, context->trust_anchors_verify_email);
+	context->trust_anchors_verify_email =
 	    _getdns_strdup(&context->mf, verify_email);
 
 	dispatch_updated( context
-	                , GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL);
+	                , GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL);
 	return GETDNS_RETURN_GOOD;
 }
 
 getdns_return_t
-getdns_context_get_trust_anchor_verify_email(
+getdns_context_get_trust_anchors_verify_email(
     getdns_context *context, const char **verify_email)
 {
 	if (!verify_email)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	*verify_email = context && context->trust_anchor_verify_email
-	              ?            context->trust_anchor_verify_email
-		      :     _getdns_default_trust_anchor_verify_email;
+	*verify_email = context && context->trust_anchors_verify_email
+	              ?            context->trust_anchors_verify_email
+		      :     _getdns_default_trust_anchors_verify_email;
 	return GETDNS_RETURN_GOOD;
 }
 
diff --git a/src/context.h b/src/context.h
index e9b05117..1be44ed2 100644
--- a/src/context.h
+++ b/src/context.h
@@ -337,9 +337,9 @@ struct getdns_context {
 	tas_connection        aaaa;
 	uint8_t               tas_hdr_spc[512];
 
-	char                 *trust_anchor_url;
-	char                 *trust_anchor_verify_CA;
-	char                 *trust_anchor_verify_email;
+	char                 *trust_anchors_url;
+	char                 *trust_anchors_verify_CA;
+	char                 *trust_anchors_verify_email;
 
 	_getdns_ksks          root_ksk;
 
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 392ab295..2ef7133d 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -80,12 +80,12 @@ extern "C" {
 #define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES 624
 #define GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT "Change related to getdns_context_set_tls_connection_retries"
 
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL 625
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_URL_TEXT "Change related to getdns_context_set_trust_anchor_url"
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA 626
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_CA_TEXT "Change related to getdns_context_set_trust_anchor_verify_ca"
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL 627
-#define GETDNS_CONTEXT_CODE_TRUST_ANCHOR_VERIFY_EMAIL_TEXT "Change related to getdns_context_set_trust_anchor_verify_email"
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL 625
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL_TEXT "Change related to getdns_context_set_trust_anchors_url"
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA 626
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA_TEXT "Change related to getdns_context_set_trust_anchors_verify_ca"
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL 627
+#define GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL_TEXT "Change related to getdns_context_set_trust_anchors_verify_email"
 #define GETDNS_CONTEXT_CODE_APPDATA_DIR 628
 #define GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT "Change related to getdns_context_set_appdata_dir"
 
@@ -541,39 +541,145 @@ typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
     getdns_loglevel_type, const char *, va_list ap);
 
 /**
- *
+ * Register a function that will be called when there is something to log
+ * equally or more severe than the given level for the given system.
+ * @param[in] context The context from which to get the setting
+ * @param[in] userarg A user defined argument to be passed to the
+ *                    log function.
+ * @param[in] system  A bitwise ORed collection of systems for which the log
+ *                    function should be called.  Currently only logging 
+ *                    information about upstream statistics is available;
+ *                    i.e.: GETDNS_LOG_UPSTREAM_STATS
+ * @param[in] level   A severity level.  The log function will be called
+ *                    only for messages with an equal or more severe level.
+ *                    More severe has a lower value.
+ * @param[in] func    The log function to call with the user argument,
+ *                    the system for which the log message, the severity
+ *                    level, a printf style format string and the arguments
+ *                    for the format string, as parameter.
+ * @see getdns_loglevel_type
+ * @see getdns_logfunc_type
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
 getdns_context_set_logfunc(getdns_context *context, void *userarg,
     uint64_t system, getdns_loglevel_type level, getdns_logfunc_type func);
 
 /**
- *
- */
-getdns_return_t
-getdns_context_set_trust_anchor_url(getdns_context *context, const char *url);
-
-/**
- *
- */
-getdns_return_t
-getdns_context_set_trust_anchor_verify_CA(
-    getdns_context *context, const char *verify_CA);
-
-/**
- *
- */
-getdns_return_t
-getdns_context_set_trust_anchor_verify_email(
-    getdns_context *context, const char *verify_email);
-
-/**
- *
+ * Define the location for storing library specific data.  The location should
+ * be writable for the current user using the application with which the
+ * library is linked.  Currently this is only used for storing data concerning
+ * zero configuration dnssec.
+ * @param[in] context     The context from which to get the setting
+ * @param[in] appdata_dir A user writable location in which the library can
+ *                        store data.  The last element of the path is tried
+ *                        to be created if it does not exist.  When NULL is
+ *                        given, the default location is used which is
+ *                        ${HOME}/.getdns/ on Unix line systems (Linux, BSD's,
+ *                        MacOS), and %AppData%\getnds\ on Windows.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
 getdns_context_set_appdata_dir(
     getdns_context *context, const char *appdata_dir);
 
+/**
+ * Sets the url for the location of the XML file from which to fetch the
+ * trust anchors with Zero configuration DNSSEC.  The url should be for
+ * http, and the file should have the .xml extension.
+ *
+ * Alongside the XML file, also the S/MIME signature that will be used to 
+ * validate the XML file, will be fetched from the url with the .xml extension
+ * replaced by .p7s.
+ * 
+ * When successfully validated with the verify Certificate Authority and the
+ * verify email address, the context will be equipped with the DNSSEC trust
+ * anchors defined within the XML file as described in RFC7958.
+ * The XML file will also be stored together with the .p7s file in the
+ * appdata directory with the names "root-anchors.xml" and "root-anchors.p7s"
+ * respectively.
+ *
+ * When the trust-anchors from the XML file are used, the root DNSKEY is
+ * tracked and stored in the appdata directory too as "root.key"
+ *
+ * Trust anchors from the XML file will be tried when:
+ *   - There were no other trust anchors provided, either by the default
+ *     trust anchor file "@TRUST_ANCHOR_FILE@", or set with the
+ *     getdns_context_set_dnssec_trust_anchors() function.
+ *   - or the available trust anchors (from the default location or set by
+ *     the application) caused the root DNSKEY rrset to be BOGUS.
+ *
+ * Trust anchors from the XML file will be read from the root-anchors.xml
+ * file in appdata directory and will only be used when validation with the 
+ * S/MIME signatures in root-anchors.p7s succeeds with the verification
+ * Certificate Authority and the verification email address.
+ *
+ * A (new) version of "root-anchors.xml" and "root-anchors.p7s" will be
+ * fetched when:
+ *   - The appdata directory is writeable by the current used, but the 
+ *     "root-anchors.xml" or "root-anchors.p7s" files were not available.
+ *   - or there is a new root DNSKEY RRset (or signature) and it contains
+ *     key_ids which were not in "root-anchors.xml."
+ *
+ * @see getdns_context_get_trust_anchors_url
+ * @see getdns_context_set_trust_anchors_verify_CA
+ * @see getdns_context_set_trust_anchors_verify_email
+ * @param[in] context     The context to configure
+ * @param[in] url         The url including the XML file from which the
+ *                        trust anchors (and the S/MIME signature) will be
+ *                        fetched.  Default is:
+ *                        http://data.iana.org/root-anchors/root-anchors.xml
+ *                        When NULL is given, the default will be used.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
+getdns_return_t
+getdns_context_set_trust_anchors_url(getdns_context *context, const char *url);
+
+/**
+ * Sets the public certificate for the Certificate Authority with which to
+ * validate the XML file with the S/MIME signatures fetch from the url
+ * given with the getdns_context_set_trust_anchors_url() function.
+ * @see getdns_context_get_trust_anchors_verify_CA
+ * @see getdns_context_set_trust_anchors_url
+ * @see getdns_context_set_trust_anchors_verify_email
+ * @param[in] context     The context to configure
+ * @param[in] verify_CA   The certificate of the Certificate Authority with
+ *                        which to validate the XML trust anchors.
+ *                        The default is the ICANN Root CA, which is valid
+ *                        till Dec 18 2029.
+ *                        When NULL is given, the default will be used.
+ *                        When an empty string is given, Zero configuration
+ *                        DNSSEC will be disabled.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
+getdns_return_t
+getdns_context_set_trust_anchors_verify_CA(
+    getdns_context *context, const char *verify_CA);
+
+/**
+ * Sets the email address for the Subject of the signer's certificate from the
+ * p7s signature file with which to validate the XML file fetched from the url
+ * given with the getdns_context_set_trust_anchors_url() function.
+ * @see getdns_context_get_trust_anchors_verify_email
+ * @see getdns_context_set_trust_anchors_url
+ * @see getdns_context_set_trust_anchors_verify_CA
+ * @param[in] context      The context to configure
+ * @param[in] verify_email Only signatures from this name are allowed.
+ *                         The default dnssec@iana.org.
+ *                         When NULL is given, the default will be used.
+ *                         When an empty string is given, Zero configuration
+ *                         DNSSEC will be disabled.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
+ */
+getdns_return_t
+getdns_context_set_trust_anchors_verify_email(
+    getdns_context *context, const char *verify_email);
+
 /**
  * Get the current resolution type setting from this context.
  * @see getdns_context_set_resolution_type
@@ -939,25 +1045,93 @@ getdns_return_t
 getdns_context_get_update_callback(getdns_context *context, void **userarg,
     void (**value) (getdns_context *, getdns_context_code_t, void *));
 
+
 /**
+ * Gets the url for the location of the XML file from which to fetch the
+ * trust anchors with Zero configuration DNSSEC.
  *
+ * Alongside the XML file, also the S/MIME signature that will be used to 
+ * validate the XML file, will be fetched from the url with the .xml extension
+ * replaced by .p7s.
+ * 
+ * When successfully validated with the verify Certificate Authority and the
+ * verify email address, the context will be equipped with the DNSSEC trust
+ * anchors defined within the XML file as described in RFC7958.
+ * The XML file will also be stored together with the .p7s file in the
+ * appdata directory with the names "root-anchors.xml" and "root-anchors.p7s"
+ * respectively.
+ *
+ * When the trust-anchors from the XML file are used, the root DNSKEY is
+ * tracked and stored in the appdata directory too as "root.key"
+ *
+ * Trust anchors from the XML file will be tried when:
+ *   - There were no other trust anchors provided, either by the default
+ *     trust anchor file "@TRUST_ANCHOR_FILE@", or set with the
+ *     getdns_context_set_dnssec_trust_anchors() function.
+ *   - or the available trust anchors (from the default location or set by
+ *     the application) caused the root DNSKEY rrset to be BOGUS.
+ *
+ * Trust anchors from the XML file will be read from the root-anchors.xml
+ * file in appdata directory and will only be used when validation with the 
+ * S/MIME signatures in root-anchors.p7s succeeds with the verification
+ * Certificate Authority and the verification email address.
+ *
+ * A (new) version of "root-anchors.xml" and "root-anchors.p7s" will be
+ * fetched when:
+ *   - The appdata directory is writeable by the current used, but the 
+ *     "root-anchors.xml" or "root-anchors.p7s" files were not available.
+ *   - or there is a new root DNSKEY RRset (or signature) and it contains
+ *     key_ids which were not in "root-anchors.xml."
+ *
+ * @see getdns_context_set_trust_anchors_url
+ * @see getdns_context_get_trust_anchors_verify_CA
+ * @see getdns_context_get_trust_anchors_verify_email
+ * @param[in]  context     The context to configure
+ * @param[out] url         The url including the XML file, from which the
+ *                         trust anchors (and the S/MIME signature) will be
+ *                         fetched.  Default is:
+ *                         http://data.iana.org/root-anchors/root-anchors.xml
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
-getdns_context_get_trust_anchor_url(
+getdns_context_get_trust_anchors_url(
     getdns_context *context, const char **url);
 
 /**
- *
+ * Gets the public certificate for the Certificate Authority with which to
+ * validate the XML file with the S/MIME signatures fetch from the url
+ * given with the getdns_context_set_trust_anchors_url() function.
+ * @see getdns_context_set_trust_anchors_verify_CA
+ * @see getdns_context_get_trust_anchors_url
+ * @see getdns_context_get_trust_anchors_verify_email
+ * @param[in]  context    The context to configure
+ * @param[out] verify_CA  The certificate of the Certificate Authority with
+ *                        which to validate the XML trust anchors.
+ *                        The default is the ICANN Root CA, which is valid
+ *                        till Dec 18 2029.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
-getdns_context_get_trust_anchor_verify_CA(
+getdns_context_get_trust_anchors_verify_CA(
     getdns_context *context, const char **verify_CA);
 
 /**
- *
+ * Gets the email address for the Subject of the signer's certificate from the
+ * p7s signature file with which to validate the XML file fetched from the url
+ * given with the getdns_context_set_trust_anchors_url() function.
+ * @see getdns_context_set_trust_anchors_verify_email
+ * @see getdns_context_get_trust_anchors_url
+ * @see getdns_context_get_trust_anchors_verify_CA
+ * @param[in]  context      The context to configure
+ * @param[out] verify_email Only signatures from this name are allowed.
+ *                          The default dnssec@iana.org.
+ * @return GETDNS_RETURN_GOOD when successful
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
-getdns_context_get_trust_anchor_verify_email(
+getdns_context_get_trust_anchors_verify_email(
     getdns_context *context, const char **verify_email);
 
 
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index c9bda9e7..9d190406 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -33,9 +33,9 @@ getdns_context_get_tls_authentication
 getdns_context_get_tls_backoff_time
 getdns_context_get_tls_connection_retries
 getdns_context_get_tls_query_padding_blocksize
-getdns_context_get_trust_anchor_url
-getdns_context_get_trust_anchor_verify_CA
-getdns_context_get_trust_anchor_verify_email
+getdns_context_get_trust_anchors_url
+getdns_context_get_trust_anchors_verify_CA
+getdns_context_get_trust_anchors_verify_email
 getdns_context_get_update_callback
 getdns_context_get_upstream_recursive_servers
 getdns_context_process_async
@@ -71,9 +71,9 @@ getdns_context_set_tls_authentication
 getdns_context_set_tls_backoff_time
 getdns_context_set_tls_connection_retries
 getdns_context_set_tls_query_padding_blocksize
-getdns_context_set_trust_anchor_url
-getdns_context_set_trust_anchor_verify_CA
-getdns_context_set_trust_anchor_verify_email
+getdns_context_set_trust_anchors_url
+getdns_context_set_trust_anchors_verify_CA
+getdns_context_set_trust_anchors_verify_email
 getdns_context_set_update_callback
 getdns_context_set_upstream_recursive_servers
 getdns_context_set_use_threads
@@ -167,6 +167,5 @@ getdns_wire2rr_dict
 getdns_wire2rr_dict_buf
 getdns_wire2rr_dict_scan
 getdns_yaml2dict
-getdns_yaml2list
 plain_mem_funcs_user_arg
 priv_getdns_context_mf

From e2f1c8d13c9fb3f9ab06bbe54fa6954451029f17 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 12:28:29 +0200
Subject: [PATCH 074/140] Release today

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index ec48868a..99d35202 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-* 2017-09-??: Version 1.2.0
+* 2017-09-22: Version 1.2.0
   * A function to set the location for library specific data,
     like trust-anchors: getdns_context_set_appdata().
   * Zero configuration DNSSEC - build upon the scheme

From f26669df680cf29390894222cd6cdab02fff6048 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 12:37:40 +0200
Subject: [PATCH 075/140] Make a -rc1 tarball

---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 039a1a78..11ac5e06 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,12 +36,12 @@ sinclude(./m4/acx_getaddrinfo.m4)
 sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
-AC_INIT([getdns], [1.2.0], [users@getdnsapi.net], [rc1], [https://getdnsapi.net])
+AC_INIT([getdns], [1.2.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
 
 # Dont forget to put a dash in front of the release candidate!!!
 # That is how it is done with semantic versioning!
 #
-AC_SUBST(RELEASE_CANDIDATE, [])
+AC_SUBST(RELEASE_CANDIDATE, [-rc1])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],

From 1ebbd8d52d3fd86004666e52c819696ca431fccc Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 12:45:01 +0200
Subject: [PATCH 076/140] Include yaml in build tarball

---
 Makefile.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile.in b/Makefile.in
index cc216ac4..7313454a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -204,6 +204,7 @@ $(distdir):
 	mkdir -p $(distdir)/src/tools
 	mkdir -p $(distdir)/src/jsmn
 	mkdir -p $(distdir)/src/yxml
+	mkdir -p $(distdir)/src/yaml
 	mkdir -p $(distdir)/doc
 	mkdir -p $(distdir)/spec
 	mkdir -p $(distdir)/spec/example
@@ -262,6 +263,7 @@ $(distdir):
 	cp $(srcdir)/src/yxml/*.[ch] $(distdir)/src/yxml
 	cp $(srcdir)/src/yxml/COPYING $(distdir)/src/yxml
 	cp $(srcdir)/src/yxml/yxml.pod $(distdir)/src/yxml
+	cp $(srcdir)/src/yaml/*.[ch] $(distdir)/src/yaml
 	rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
 
 distcheck: $(distdir).tar.gz

From 0eda8e1debb49b6506e2f07ff72ef3e7c31910de Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 22 Sep 2017 14:56:18 +0200
Subject: [PATCH 077/140] Today release candidate, not actual release

---
 ChangeLog | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 99d35202..ec48868a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-* 2017-09-22: Version 1.2.0
+* 2017-09-??: Version 1.2.0
   * A function to set the location for library specific data,
     like trust-anchors: getdns_context_set_appdata().
   * Zero configuration DNSSEC - build upon the scheme

From ca3f28843c990154d08070988e780e95f0baceb6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 25 Sep 2017 09:24:53 +0200
Subject: [PATCH 078/140] Comments from Andreas

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 993cbb35..a6c6ae69 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 993cbb35c1e1c2bcccb49fc0781e94c34c21a5ee
+Subproject commit a6c6ae696cd4c6b1f8650011adaf69c39316e0ea

From bf2e08e2df2f6dd07df8e163abb710f0b2672c78 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 12:45:13 +0200
Subject: [PATCH 079/140] Move yaml config handling to Stubby

---
 Makefile.in                     |   4 +-
 configure.ac                    | 185 ++++++-----
 spec/example/Makefile.in        |  24 +-
 src/Makefile.in                 | 322 +------------------
 src/convert.c                   |   8 +-
 src/getdns/getdns_extra.h.in    |  22 --
 src/mk-symfiles.sh              |   1 +
 src/test/Makefile.in            |  71 ++---
 src/tools/Makefile.in           |   7 +-
 src/tools/getdns_query.c        |   4 +
 src/yaml/convert_yaml_to_json.c | 550 --------------------------------
 src/yaml/convert_yaml_to_json.h |  51 ---
 stubby                          |   2 +-
 13 files changed, 163 insertions(+), 1088 deletions(-)
 delete mode 100644 src/yaml/convert_yaml_to_json.c
 delete mode 100644 src/yaml/convert_yaml_to_json.h

diff --git a/Makefile.in b/Makefile.in
index 7313454a..dfb1899b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -210,6 +210,7 @@ $(distdir):
 	mkdir -p $(distdir)/spec/example
 	mkdir -p $(distdir)/stubby
 	mkdir -p $(distdir)/stubby/src
+	mkdir -p $(distdir)/stubby/src/yaml
 	cp $(srcdir)/configure.ac $(distdir)
 	cp $(srcdir)/configure $(distdir)
 	cp $(srcdir)/AUTHORS $(distdir)
@@ -254,7 +255,8 @@ $(distdir):
 	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
 	cp $(srcdir)/stubby/stubby.yml.example $(distdir)/stubby
 	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
-	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
+	cp $(srcdir)/stubby/src/*.[ch] $(distdir)/stubby/src
+	cp $(srcdir)/stubby/yaml/*.[ch] $(distdir)/stubby/src/yaml
 	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
 	cp $(srcdir)/stubby/README.md $(distdir)/stubby
 	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
diff --git a/configure.ac b/configure.ac
index 11ac5e06..3fe7b5fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -322,6 +322,34 @@ AC_CHECK_FUNCS([strptime],[AC_CHECK_STRPTIME_WORKS],[AC_LIBOBJ([strptime])])
 AC_CHECK_HEADERS([windows.h winsock.h stdio.h winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT])
 ACX_CHECK_GETADDRINFO_WITH_INCLUDES
 
+AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size],
+	[Set maximum file descriptor number that can be used by select]),
+	[], [withval="no"])
+case "$withval" in
+no)
+	;;
+*)
+	AC_DEFINE_UNQUOTED([FD_SETSIZE], [$withval], [Alternate value for the FD_SETSIZE])
+	my_enable_unbound_event_api=1
+	;;
+esac
+
+#---- check for pthreads library
+AC_ARG_WITH(libpthread, AS_HELP_STRING([--without-libpthread],
+	[Disable libpthread (default is autodetect)]),
+	[], [withval="yes"])
+
+case "$withval" in
+yes)
+	AC_SEARCH_LIBS([pthread_mutex_init],[pthread], [
+		AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])
+		LIBS="-lpthread $LIBS"
+	], [AC_MSG_WARN([pthreads not available])])
+	;;
+*)
+	;;
+esac
+
 USE_NSS="no"
 # openssl
 if test $USE_NSS = "no"; then
@@ -614,16 +642,21 @@ case "$enable_stub_only" in
 		;;
 esac
 
-my_with_yaml=1
-AC_ARG_ENABLE(yaml-config, AC_HELP_STRING([--disable-yaml-config], [Remove support for YAML configuration.  Removes the libyaml dependency.]))
+my_with_yaml=0
+AC_ARG_ENABLE(yaml-config,)
 case "$enable_yaml_config" in
-	no)
-		my_with_yaml=0
-		;;
-	yes|*)
+	yes)
 		AC_DEFINE_UNQUOTED([USE_YAML_CONFIG], [1], [Define this to enable YAML config support.])
+		AC_DEFINE_UNQUOTED([HAVE_GETDNS_YAML2DICT], [1], [Define this to enable getdns_yaml2dict function.])
+
+		GETDNS_XTRA_OBJS="convert_yaml_to_json.lo"
+		my_with_yaml=1
+		;;
+	no|*)
+		GETDNS_XTRA_OBJS=""
 		;;
 esac
+AC_SUBST(GETDNS_XTRA_OBJS)
 
 if test "$USE_WINSOCK" = 1; then
 	AC_MSG_NOTICE([ Building on Windows ... YES! ])
@@ -688,30 +721,6 @@ else
 	fi
 fi
 
-if test $my_with_yaml = 1
-then
-	AC_ARG_WITH(libyaml, AS_HELP_STRING([--with-libyaml=pathname],
-		[path to libyaml (default: search /usr/local ..)]),
-		[], [withval="yes"])
-	if test x_$withval = x_yes; then
-		for dir in /usr/local /opt/local /usr/pkg /usr/sfw; do
-			if test -f "$dir/include/yaml.h"; then
-				CFLAGS="$CFLAGS -I$dir/include"
-				LDFLAGS="$LDFLAGS -L$dir/lib"
-				AC_MSG_NOTICE([Found libyaml in $dir])
-				break
-			fi
-		done
-	else
-		if test x_$withval != x_no; then
-			CFLAGS="$CFLAGS -I$withval/include"
-			LDFLAGS="$LDFLAGS -L$withval/lib"
-		else
-			my_with_yaml=0
-		fi
-	fi
-fi
-
 if test $my_with_libunbound = 1
 then
 	# find libunbound
@@ -752,16 +761,6 @@ then
 	])
 fi
 
-if test $my_with_yaml = 1
-then
-	AC_MSG_NOTICE([Checking for dependency libyaml])
-	AC_CHECK_LIB([yaml], [yaml_parser_parse], [], [
-		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libyaml"
-		MISSING_SEP=", "
-		found_all_libs=0
-	])
-fi
-
 AC_ARG_ENABLE(unbound-event-api, AC_HELP_STRING([--disable-unbound-event-api], [Disable usage of libunbounds event API]))
 case "$enable_unbound_event_api" in
 	no)
@@ -795,11 +794,6 @@ then
 	])
 fi
 
-if test $found_all_libs = 0
-then
-    AC_MSG_ERROR([Missing dependencies: $MISSING_DEPS])
-fi
-
 AC_PATH_PROG([DOXYGEN], [doxygen])
 if test -z "$DOXYGEN";
     then AC_MSG_WARN([doxygen not found, continuing without])
@@ -1114,6 +1108,7 @@ AC_SUBST(GETDNS_QUERY)
 AC_SUBST(INSTALL_GETDNS_QUERY)
 AC_SUBST(UNINSTALL_GETDNS_QUERY)
 
+stubby_with_yaml=0
 AC_ARG_WITH(stubby, AS_HELP_STRING([--with-stubby],
 	[Compile and install stubby, the (stub) resolver daemon]),
 	[], [withval="no"])
@@ -1121,49 +1116,89 @@ if test x_$withval = x_yes; then
 	STUBBY="stubby"
 	INSTALL_STUBBY="install-stubby"
 	UNINSTALL_STUBBY="uninstall-stubby"
+	if test $my_with_yaml = 0
+	then
+		STUBBY_XTRA_OBJS="convert_yaml_to_json.lo gbuffer.lo"
+		stubby_with_yaml=1
+		my_with_yaml=1
+	fi
 else
 	STUBBY=""
 	INSTALL_STUBBY=""
 	UNINSTALL_STUBBY=""
+	STUBBY_XTRA_OBJS=""
 fi
 AC_SUBST(STUBBY)
 AC_SUBST(INSTALL_STUBBY)
 AC_SUBST(UNINSTALL_STUBBY)
+AC_SUBST(STUBBY_XTRA_OBJS)
 
-AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size],
-	[Set maximum file descriptor number that can be used by select]),
-	[], [withval="no"])
-case "$withval" in
-	no)
-		;;
-	*)
-		AC_DEFINE_UNQUOTED([FD_SETSIZE], [$withval], [Alternate value for the FD_SETSIZE])
-		my_enable_unbound_event_api=1
-		;;
-esac
+STUBBY_LDFLAGS=""
+STUBBY_LIBS=""
+
+if test $my_with_yaml = 1
+then
+	if test $stubby_with_yaml = 1
+	then
+		getdns_LIBS="$LIBS"
+		getdns_LDFLAGS="$LDFLAGS"
+		LIBS=""
+		LDFLAGS=""
+	fi
+	AC_ARG_WITH(libyaml, AS_HELP_STRING([--with-libyaml=pathname],
+		[path to libyaml (default: search /usr/local ..)]),
+		[], [withval="yes"])
+	if test x_$withval = x_yes; then
+		for dir in /usr/local /opt/local /usr/pkg /usr/sfw; do
+			if test -f "$dir/include/yaml.h"; then
+				CFLAGS="$CFLAGS -I$dir/include"
+				LDFLAGS="$LDFLAGS -L$dir/lib"
+				AC_MSG_NOTICE([Found libyaml in $dir])
+				break
+			fi
+		done
+	else
+		if test x_$withval != x_no; then
+			CFLAGS="$CFLAGS -I$withval/include"
+			LDFLAGS="$LDFLAGS -L$withval/lib"
+		else
+			if test $stubby_with_yaml = 1
+			then
+    				AC_MSG_ERROR([libyaml required for building Stubby])
+			fi
+			my_with_yaml=0
+		fi
+	fi
+	if test $my_with_yaml = 1
+	then
+		AC_MSG_NOTICE([Checking for dependency libyaml])
+		AC_CHECK_LIB([yaml], [yaml_parser_parse], [], [
+			MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libyaml"
+			MISSING_SEP=", "
+			found_all_libs=0
+		])
+	fi
+	if test $stubby_with_yaml = 1
+	then
+		STUBBY_LDFLAGS="$LDFLAGS"
+		STUBBY_LIBS="$LIBS"
+		LIBS="$getdns_LIBS"
+		LDFLAGS="$getdns_LDFLAGS"
+	fi
+fi
+AC_SUBST(STUBBY_LDFLAGS)
+AC_SUBST(STUBBY_LIBS)
+
+if test $found_all_libs = 0
+then
+    AC_MSG_ERROR([Missing dependencies: $MISSING_DEPS])
+fi
 
 AC_CONFIG_FILES([Makefile src/Makefile src/version.c src/getdns/getdns.h src/getdns/getdns_extra.h spec/example/Makefile src/test/Makefile src/tools/Makefile doc/Makefile getdns.pc getdns_ext_event.pc])
 if [ test -n "$DOXYGEN" ]
     then AC_CONFIG_FILES([src/Doxyfile])
 fi
 
-
-#---- check for pthreads library
-AC_ARG_WITH(libpthread, AS_HELP_STRING([--without-libpthread],
-	[Disable libpthread (default is autodetect)]),
-	[], [withval="yes"])
-
-case "$withval" in
-	yes)
-		AC_SEARCH_LIBS([pthread_mutex_init],[pthread], [
-			AC_DEFINE([HAVE_PTHREAD], [1], [Have pthreads library])
-			LIBS="-lpthread $LIBS"
-		], [AC_MSG_WARN([pthreads not available])])
-		;;
-	*)
-		;;
-esac
-
 AC_MSG_CHECKING([whether the C compiler (${CC-cc}) supports the __func__ variable])
 AC_LANG_PUSH(C)
 AC_COMPILE_IFELSE(
@@ -1301,14 +1336,14 @@ AH_BOTTOM([
 # ifndef FD_SETSIZE
 #  define FD_SETSIZE 1024
 # endif
-# define PRIsz "%Iu"
+# define PRIsz "Iu"
 
  /* Windows wants us to use _strdup instead of strdup */
 # ifndef strdup
 #  define strdup _strdup
 # endif
 #else
-# define PRIsz "%zu"
+# define PRIsz "zu"
 #endif
 
 #include <stdint.h>
diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 8ff7f2d1..7bf5e016 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,24 +149,16 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
+ ../../src/config.h ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
+ ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/Makefile.in b/src/Makefile.in
index b4193cbe..b1a2d108 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -55,11 +55,13 @@ stubbysrcdir = $(srcdir)/../stubby
 LIBTOOL = ../libtool
 
 CC=@CC@
-CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
+CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary -I$(stubbysrcdir)/src @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
 WPEDANTICFLAG=@WPEDANTICFLAG@
 WNOERRORFLAG=@WNOERRORFLAG@
 LDFLAGS=@LDFLAGS@ @LIBS@
 
+STUBBY_LDFLAGS=@STUBBY_LDFLAGS@ @STUBBY_LIBS@
+
 EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
 EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
 EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
@@ -94,6 +96,8 @@ JSMN_OBJ=jsmn.lo
 YXML_OBJ=yxml.lo
 
 YAML_OBJ=convert_yaml_to_json.lo
+GETDNS_XTRA_OBJS=@GETDNS_XTRA_OBJS@
+STUBBY_XTRA_OBJS=@STUBBY_XTRA_OBJS@
 
 EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
 
@@ -127,7 +131,7 @@ $(JSMN_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
 
 $(YAML_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/yaml/$(@:.lo=.c) -o $@
+	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(stubbysrcdir)/src/yaml/$(@:.lo=.c) -o $@
 
 $(YXML_OBJ):
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -I$(srcdir)/yxml -DYXML_GETDNS -Wno-unused-parameter -c $(srcdir)/yxml/$(@:.lo=.c) -o $@
@@ -184,8 +188,8 @@ libgetdns_ext_uv.la: libgetdns.la libuv.lo
 libgetdns_ext_ev.la: libgetdns.la libev.lo
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
 
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(YAML_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(YAML_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
+libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
 
 test: default
 	cd test && $(MAKE) $@
@@ -196,8 +200,8 @@ getdns_query: default
 stubby.lo: $(stubbysrcdir)/src/stubby.c
 	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@
 
-stubby: stubby.lo libgetdns.la 
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
+stubby: stubby.lo libgetdns.la $(STUBBY_XTRA_OBJS)
+	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(STUBBY_XTRA_OBJS) $(STUBBY_LDFLAGS) libgetdns.la
 
 install-stubby: stubby $(stubbysrcdir)/stubby.yml.example $(stubbysrcdir)/stubby-setdns-macos.sh
 	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
@@ -265,309 +269,3 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-anchor.lo anchor.o: $(srcdir)/anchor.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/anchor.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/types-internal.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h
-const-info.lo const-info.o: $(srcdir)/const-info.c \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/anchor.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/yaml/convert_yaml_to_json.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/dict.h $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
- $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
- getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/stub.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
- config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
- $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
- config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
- config.h \
- $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
- config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
- config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
- config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
- config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
- config.h
-getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
- config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
- config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
- config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
- config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
- config.h
-strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
- config.h
-locks.lo locks.o: $(srcdir)/util/locks.c \
- config.h \
- $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
- config.h \
- $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
- $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
-jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
-convert_yaml_to_json.lo convert_yaml_to_json.o: $(srcdir)/yaml/convert_yaml_to_json.c \
- config.h \
- $(srcdir)/yaml/../gldns/gbuffer.h $(srcdir)/yaml/convert_yaml_to_json.h
-libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/select_eventloop.h
diff --git a/src/convert.c b/src/convert.c
index deb0762c..d6289ecf 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -1803,10 +1803,10 @@ getdns_str2int(const char *str, uint32_t *value)
 	return GETDNS_RETURN_GOOD;
 }
 
+#ifdef USE_YAML_CONFIG
 getdns_return_t
 getdns_yaml2dict(const char *str, getdns_dict **dict)
 {
-#ifdef USE_YAML_CONFIG
 	char *jsonstr;
 	
 	if (!str || !dict)
@@ -1820,12 +1820,8 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 	} else {
 		return GETDNS_RETURN_GENERIC_ERROR;
 	}	
-#else /* USE_YAML_CONFIG */
-	(void) str;
-	(void) dict;
-	return GETDNS_RETURN_NOT_IMPLEMENTED;
-#endif /* USE_YAML_CONFIG */
 }
+#endif /* USE_YAML_CONFIG */
 
 /* WT: I am not certain about the value of yaml2list...
  *     I don't see how yaml2bindata and yaml2int  would be different from
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 2ef7133d..ca62b2fb 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -1829,28 +1829,6 @@ getdns_msg_dict2str_scan(
  *  @{
  */
 
-/**
- * Convert YAML text to a getdns_dict.
- *
- * @param  str   A textual representation of a getdns_dict.
- *               The format is similar, but not precisely YAML.
- *               - When str contains an IP or IPv6 address, it is converted
- *                 to an getdns dict representation of that address.  This may contain
- *                 a port, tls_port, tsig spec or tls authentication name in the same
- *                 way as may be given with the `getdns_query` tool.  For example:
- *                 `185.49.140.67:80#443` will result in the following getdns_dict:
- *
- *                      { address_type: "IPv4"
- *                      , address_data: "185.49.140.67"
- *                      , port: 80
- *                      , tls_port: 443
- *                      }
- * @param  dict The returned getdns_dict.
- * @return GETDNS_RETURN_GOOD on success or an error code on failure.
- */
-getdns_return_t
-getdns_yaml2dict(const char *str, getdns_dict **dict);
-
 /**
  * Convert string text to a getdns_dict.
  *
diff --git a/src/mk-symfiles.sh b/src/mk-symfiles.sh
index 597657b7..fff7176b 100755
--- a/src/mk-symfiles.sh
+++ b/src/mk-symfiles.sh
@@ -8,6 +8,7 @@ write_symbols() {
 }
 
 write_symbols libgetdns.symbols getdns/getdns.h.in getdns/getdns_extra.h.in
+echo getdns_yaml2dict >> libgetdns.symbols
 echo plain_mem_funcs_user_arg >> libgetdns.symbols
 echo priv_getdns_context_mf >> libgetdns.symbols
 write_symbols extension/libevent.symbols getdns/getdns_ext_libevent.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 9d4dad00..00211237 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -231,13 +231,10 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
- ../getdns/getdns.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
- $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
- $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
+ $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
+ $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -257,58 +254,34 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
- ../getdns/getdns.h \
- ../config.h \
- $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
+ ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+ ../getdns/getdns.h ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
- $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h \
- $(srcdir)/check_getdns_common.h
+ ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h \
- ../config.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
- ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
- ../config.h \
- $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
- ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index 3cba9659..2049229a 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -112,8 +112,5 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
- ../config.h \
- $(srcdir)/../debug.h \
- ../getdns/getdns.h \
- ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
+ ../getdns/getdns.h ../getdns/getdns_extra.h
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 9ab55b19..ce64a679 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -46,6 +46,10 @@ typedef unsigned short in_port_t;
 #include <wincrypt.h>
 #endif
 
+#ifdef HAVE_GETDNS_YAML2DICT
+getdns_return_t getdns_yaml2dict(const char *, getdns_dict **dict);
+#endif
+
 #define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""
 
 static int verbosity = 0;
diff --git a/src/yaml/convert_yaml_to_json.c b/src/yaml/convert_yaml_to_json.c
deleted file mode 100644
index be04725d..00000000
--- a/src/yaml/convert_yaml_to_json.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/*
- * Copyright (c) 2017, NLNet Labs, Verisign, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- *   notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- * * Neither the names of the copyright holders nor the
- *   names of its contributors may be used to endorse or promote products
- *   derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <assert.h>
-
-#include "config.h"
-
-#ifdef USE_YAML_CONFIG
-
-#include <yaml.h>
-
-#include "../gldns/gbuffer.h"
-#include "convert_yaml_to_json.h"
-
-static int process_yaml_stream(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
-
-static int process_yaml_document(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
-
-static int process_yaml_mapping(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
-
-static int process_yaml_sequence(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
-
-static int process_yaml_value(yaml_parser_t *, yaml_event_t *, gldns_buffer *);
-
-static int output_scalar(yaml_event_t *, gldns_buffer *);
-
-static void report_parser_error(yaml_parser_t *);
-
-static char* event_type_string(yaml_event_type_t);
-
-/* public functions */
-
-char *
-yaml_string_to_json_string(const char *instr)
-{
-	assert(instr);
-
-	gldns_buffer *buf;
-	char* json = NULL;
-
-	buf = gldns_buffer_new(8192);
-	if (!buf) {
-		fprintf(stderr, "Could not assign buffer for json output");
-		return NULL;
-	}
-	
-	yaml_parser_t parser;
-	yaml_event_t event;
-
-	memset(&parser, 0, sizeof(parser));
-	memset(&event, 0, sizeof(event));
-
-	if (!yaml_parser_initialize(&parser)) {
-		fprintf(stderr, "Could not initialize the parser object\n");
-		goto return_error;
-	}
-
-	/* Set the parser parameters. */
-	yaml_parser_set_input_string(&parser, (const unsigned char *) instr, strlen(instr));
-
-	/* Get the first event. */
-	if (!yaml_parser_parse(&parser, &event)) {
-		report_parser_error(&parser);
-		goto return_error;
-	}
-
-	/* First event should be stream start. */
-	if (event.type != YAML_STREAM_START_EVENT) {
-		fprintf(stderr, "Event error: wrong type of event: %d\n", event.type);
-		goto return_error;
-	}
-
-	if (process_yaml_stream(&parser, &event, buf) != 0) {
-		goto return_error;
-	}
-
-	yaml_event_delete(&event);
-	yaml_parser_delete(&parser);
-	
-	/*
-	 * gldns_buffer_export() returns a pointer to the data and
-	 * sets a flag to prevent it from being deleted by
-	 * gldns_buffer_free()
-	 */
-	json = (char *) gldns_buffer_export(buf);
-	gldns_buffer_free(buf);
-
-	return json;
-
-return_error:
-
-	yaml_event_delete(&event);
-	yaml_parser_delete(&parser);
-	gldns_buffer_free(buf);
-
-	return NULL;
-}
-
-/* local functions */
-
-int
-process_yaml_stream(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
-{
-	assert(parser);
-	assert(event);
-	assert(buf);
-
-	int done = 0;
-
-	while (!done)
-	{
-		/* Delete the event that brought us here */
-		yaml_event_delete(event);
-
-		/* Get the next event. */
-		if (!yaml_parser_parse(parser, event)) {
-			report_parser_error(parser);
-			return -1;
-		}
-
-		switch (event->type) {
-		case YAML_STREAM_END_EVENT:
-
-			done = 1;
-			break;
-
-		case YAML_DOCUMENT_START_EVENT:
-
-			if (process_yaml_document(parser, event, buf) != 0) {
-				return -1;   
-			}
-			break;
-
-		case YAML_STREAM_START_EVENT:
-		case YAML_DOCUMENT_END_EVENT:
-		case YAML_ALIAS_EVENT:
-		case YAML_SCALAR_EVENT:
-		case YAML_SEQUENCE_START_EVENT:
-		case YAML_SEQUENCE_END_EVENT:
-		case YAML_MAPPING_START_EVENT:
-		case YAML_MAPPING_END_EVENT:
-
-			fprintf(stderr,
-				"Event error: %s. Expected YAML_DOCUMENT_START_EVENT or YAML_STREAM_END_EVENT.\n",
-				event_type_string(event->type));
-			return -1;
-
-		default:
-			/* NOTREACHED */
-			break;
-		}
-	}
-	return 0;
-}
-
-int
-process_yaml_document(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
-{
-	assert(parser);
-	assert(event);
-	assert(buf);
-
-	int done = 0;
-
-	while (!done)
-	{
-		/* Delete the event that brought us here */
-		yaml_event_delete(event);
-
-		/* Get the next event. */
-		if (!yaml_parser_parse(parser, event)) {
-			report_parser_error(parser);
-			return -1;
-		}
-
-		switch (event->type) {
-		case YAML_DOCUMENT_END_EVENT:
-
-			done = 1;
-			break;
-
-		case YAML_MAPPING_START_EVENT:
-			
-			if (process_yaml_mapping(parser, event, buf) != 0) {
-				return -1;
-			}
-			break;
-
-		case YAML_SEQUENCE_START_EVENT:
-			
-			if (process_yaml_sequence(parser, event, buf) != 0) {
-				return -1;   
-			}
-			break;
-
-		case YAML_SCALAR_EVENT:
-			
-			if (output_scalar(event, buf) != 0) {
-				fprintf(stderr, "Value error: Error outputting scalar\n");
-				return -1;
-			}
-			break;
-
-		case YAML_STREAM_START_EVENT:
-		case YAML_STREAM_END_EVENT:
-		case YAML_DOCUMENT_START_EVENT:
-		case YAML_ALIAS_EVENT:
-		case YAML_SEQUENCE_END_EVENT:
-		case YAML_MAPPING_END_EVENT:
-
-			fprintf(stderr,
-				"Event error: %s. Expected YAML_MAPPING_START_EVENT or YAML_DOCUMENT_END_EVENT.\n",
-				event_type_string(event->type));
-			return -1;
-
-		default:
-			/* NOTREACHED */
-			break;
-		}
-	}
-	return 0;
-}
-
-int
-process_yaml_mapping(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
-{
-	assert(parser);
-	assert(event);
-	assert(buf);
-	
-	int done = 0;
-	int members = 0;
-
-	if ( gldns_buffer_printf(buf, "{ ") == -1 )
-		return -1;
-	
-	while (!done)
-	{
-		/* Delete the event that brought us here */
-		yaml_event_delete(event);
-		
-		/* Get the next event. */
-		if (!yaml_parser_parse(parser, event)) {
-			report_parser_error(parser);
-			return -1;
-		}
-
-		if (event->type == YAML_SCALAR_EVENT) {
-			if (members)
-				if (gldns_buffer_printf(buf, ", ") == -1)
-					return -1;
-			
-			if (output_scalar(event, buf) != 0) {
-				fprintf(stderr, "Mapping error: Error outputting key\n");
-				return -1;
-			}
-			if (gldns_buffer_printf(buf, ": ") == -1)
-				return -1;
-			
-			members = 1;
-		} else if (event->type == YAML_MAPPING_END_EVENT) {
-			if (gldns_buffer_printf(buf, " }") == -1)
-				return -1;
-			done = 1;
-			continue;
-		} else {
-			fprintf(stderr,
-				"Event error: %s. Expected YAML_SCALAR_EVENT or YAML_MAPPING_END_EVENT.\n",
-				event_type_string(event->type));
-			return -1;
-		}
-		
-		/* Delete the event that brought us here */
-		yaml_event_delete(event);
-
-		/* Get the next event. */
-		if (!yaml_parser_parse(parser, event)) {
-			report_parser_error(parser);
-			return -1;
-		}
-
-		switch (event->type) {
-		case YAML_SCALAR_EVENT:
-		case YAML_SEQUENCE_START_EVENT:
-		case YAML_MAPPING_START_EVENT:
-			if (process_yaml_value(parser, event, buf) != 0) {
-				return -1;   
-			}
-			break;
-
-		case YAML_STREAM_START_EVENT:
-		case YAML_STREAM_END_EVENT:
-		case YAML_DOCUMENT_START_EVENT:
-		case YAML_DOCUMENT_END_EVENT:
-		case YAML_ALIAS_EVENT:
-		case YAML_SEQUENCE_END_EVENT:
-		case YAML_MAPPING_END_EVENT:
-			fprintf(stderr,
-				"Event error: %s. Expected YAML_MAPPING_START_EVENT, YAML_SEQUENCE_START_EVENT or YAML_SCALAR_EVENT.\n",
-				event_type_string(event->type));
-			return -1;
-
-		default:
-			/* NOTREACHED */
-			break;
-		}
-	}
-	return 0;
-}
-
-int
-process_yaml_sequence(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
-{	
-	assert(parser);
-	assert(event);
-	assert(buf);
-	
-	int done = 0;
-	int elements = 0;
-
-	if ( gldns_buffer_printf(buf, "[ ") == -1 )
-		return -1;
-   
-	while (!done)
-	{
-		/* Delete the event that brought us here */
-		yaml_event_delete(event);
-		
-		/* Get the next event. */
-		if (!yaml_parser_parse(parser, event)) {
-			report_parser_error(parser);
-			return -1;
-		}
-
-		switch (event->type) {
-		case YAML_SCALAR_EVENT:
-		case YAML_SEQUENCE_START_EVENT:
-		case YAML_MAPPING_START_EVENT:
-
-			if (elements)
-				if (gldns_buffer_printf(buf, ", ") == -1)
-					return -1;
-
-			if (process_yaml_value(parser, event, buf) != 0)
-				return -1;   
-
-			elements = 1;
-			break;
-
-		case YAML_SEQUENCE_END_EVENT:
-			if (gldns_buffer_printf(buf, " ]") == -1)
-				return -1;
-			done = 1;
-			break;
-
-		case YAML_STREAM_START_EVENT:
-		case YAML_STREAM_END_EVENT:
-		case YAML_DOCUMENT_START_EVENT:
-		case YAML_DOCUMENT_END_EVENT:
-		case YAML_ALIAS_EVENT:
-		case YAML_MAPPING_END_EVENT:
-			fprintf(stderr,
-				"Event error: %s. Expected YAML_MAPPING_START_EVENT, YAML_SEQUENCE_START_EVENT, YAML_SCALAR_EVENT or YAML_SEQUENCE_END_EVENT.\n",
-				event_type_string(event->type));
-			return -1;
-
-		default:
-			/* NOTREACHED */
-			break;
-		}
-	}
-	return 0;
-}
-
-int
-process_yaml_value(yaml_parser_t *parser, yaml_event_t *event, gldns_buffer *buf)
-{	
-	assert(parser);
-	assert(event);
-	assert(buf);
-	
-	switch (event->type) {
-	case YAML_SCALAR_EVENT:
-		if (output_scalar(event, buf) != 0) {
-			fprintf(stderr, "Value error: Error outputting scalar\n");
-			return -1;
-		}
-		break;
-
-	case YAML_SEQUENCE_START_EVENT:
-		if (process_yaml_sequence(parser, event, buf) != 0) {
-			return -1;   
-		}
-		break;
-
-	case YAML_MAPPING_START_EVENT:
-		if (process_yaml_mapping(parser, event, buf) != 0) {
-			return -1;   
-		}
-		break;
-		
-	default:
-		fprintf(stderr, "Bug: calling process_yaml_value() in the wrong context");
-		return -1;
-	}
-	return 0;
-}
-
-int
-output_scalar(yaml_event_t *event, gldns_buffer *buf)
-{
-	const char *fmt = "%s";
-	
-	assert(event);
-	assert(buf);
-	assert(event->data.scalar.length > 0);
-	
-	if (event->data.scalar.style != YAML_PLAIN_SCALAR_STYLE)
-		fmt = "\"%s\"";
-
-	if ( gldns_buffer_printf(buf, fmt, event->data.scalar.value) == -1 )
-		return -1;
-	return 0;
-}
-
-void report_parser_error(yaml_parser_t *parser)
-{
-	assert(parser);
-
-	/* Display a parser error message. */
-	switch (parser->error) {
-	case YAML_MEMORY_ERROR:
-		fprintf(stderr, "Memory error: Not enough memory for parsing\n");
-		break;
-
-	case YAML_READER_ERROR:
-		if (parser->problem_value != -1) {
-			fprintf(stderr, "Reader error: %s: #%X at %zu\n", parser->problem,
-					parser->problem_value, parser->problem_offset);
-		} else {
-			fprintf(stderr, "Reader error: %s at %zu\n", parser->problem,
-					parser->problem_offset);
-		}
-		break;
-
-	case YAML_SCANNER_ERROR:
-		if (parser->context) {
-			fprintf(stderr, "Scanner error: %s at line "PRIsz", column "PRIsz"\n"
-					"%s at line "PRIsz", column "PRIsz"\n", parser->context,
-					parser->context_mark.line+1, parser->context_mark.column+1,
-					parser->problem, parser->problem_mark.line+1,
-					parser->problem_mark.column+1);
-		} else {
-			fprintf(stderr, "Scanner error: %s at line "PRIsz", column "PRIsz"\n",
-					parser->problem, parser->problem_mark.line+1,
-					parser->problem_mark.column+1);
-		}
-		break;
-
-	case YAML_PARSER_ERROR:
-		if (parser->context) {
-			fprintf(stderr, "Parser error: %s at line "PRIsz", column "PRIsz"\n"
-					"%s at line "PRIsz", column "PRIsz"\n", parser->context,
-					parser->context_mark.line+1, parser->context_mark.column+1,
-					parser->problem, parser->problem_mark.line+1,
-					parser->problem_mark.column+1);
-		} else {
-			fprintf(stderr, "Parser error: %s at line "PRIsz", column "PRIsz"\n",
-					parser->problem, parser->problem_mark.line+1,
-					parser->problem_mark.column+1);
-		}
-		break;
-
-	default:
-		/* Couldn't happen. */
-		fprintf(stderr, "Internal error\n");
-		break;
-	}
-	return;
-}
-
-/* TODO - improve this */
-char*
-event_type_string(yaml_event_type_t type)
-{	
-	switch (type) {
-	case YAML_STREAM_START_EVENT:
-		return "YAML_STREAM_START_EVENT";
-		
-	case YAML_STREAM_END_EVENT:
-		return "YAML_STREAM_END_EVENT";
-		
-	case YAML_DOCUMENT_START_EVENT:
-		return "YAML_DOCUMENT_START_EVENT";
-
-	case YAML_DOCUMENT_END_EVENT:
-		return "YAML_DOCUMENT_END_EVENT";
-
-	case YAML_ALIAS_EVENT:
-		return "YAML_ALIAS_EVENT";
-
-	case YAML_SCALAR_EVENT:
-		return "YAML_SCALAR_EVENT";
-
-	case YAML_SEQUENCE_START_EVENT:
-		return "YAML_SEQUENCE_START_EVENT";
-
-	case YAML_SEQUENCE_END_EVENT:
-		return "YAML_SEQUENCE_END_EVENT";
-
-	case YAML_MAPPING_START_EVENT:
-		return "YAML_MAPPING_START_EVENT";
-
-	case YAML_MAPPING_END_EVENT:
-		return "YAML_MAPPING_END_EVENT";
-
-	default:
-		/* NOTREACHED */
-		return NULL;
-	}
-	return NULL;
-}
-
-#endif /* USE_YAML_CONFIG */
diff --git a/src/yaml/convert_yaml_to_json.h b/src/yaml/convert_yaml_to_json.h
deleted file mode 100644
index 75b652f6..00000000
--- a/src/yaml/convert_yaml_to_json.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (c) 2017, NLNet Labs, Verisign, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright
- *   notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- *   notice, this list of conditions and the following disclaimer in the
- *   documentation and/or other materials provided with the distribution.
- * * Neither the names of the copyright holders nor the
- *   names of its contributors may be used to endorse or promote products
- *   derived from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef _CONVERT_YAML_TO_JSON_H
-#define _CONVERT_YAML_TO_JSON_H
-
-#include <stdio.h>
-
-/**
- * read yaml-syntax data from the string and convert to json-syntax
- * yaml syntax resitrictions imposed for getdns:
- *    the outer-most data structure must be a yaml mapping
- *    mapping keys must be yaml scalars
- *    plain scalars are output to the json string unchanged
- *    non-plain scalars (quoted, double-quoted, wrapped) are output double-quoted
- * TODO Test on yaml data containing yaml tags (these are ignored at present)
- *      The code has only been tested on yaml data using indentation style, so it
- *        should be tested on other styles as well.
- * @param instr the string carrying data in yaml syntax
- * @return a string of data in json syntax on success
- * @return NULL if there is a yaml syntax violation
- *                 the outer-most structure in not a mapping
- *                 a mapping key is complex (a mapping or sequence)
- */
-char * yaml_string_to_json_string(const char *instr);
-
-#endif //_CONVERT_YAML_TO_JSON_H
diff --git a/stubby b/stubby
index a6c6ae69..efdd6fb3 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit a6c6ae696cd4c6b1f8650011adaf69c39316e0ea
+Subproject commit efdd6fb31abb05f03309720e97167c632e5fe381

From a7fc76014196b893f2c8825552ae9b5cabd9ab84 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 12:47:01 +0200
Subject: [PATCH 080/140] Dependencies

---
 spec/example/Makefile.in | 24 +++++++++-----
 src/test/Makefile.in     | 71 +++++++++++++++++++++++++++-------------
 src/tools/Makefile.in    |  7 ++--
 3 files changed, 70 insertions(+), 32 deletions(-)

diff --git a/spec/example/Makefile.in b/spec/example/Makefile.in
index 7bf5e016..8ff7f2d1 100644
--- a/spec/example/Makefile.in
+++ b/spec/example/Makefile.in
@@ -149,16 +149,24 @@ depend:
 
 # Dependencies for the examples
 example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
+example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
 example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h ../../src/getdns/getdns_extra.h
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+ ../../src/getdns/getdns_extra.h
 example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
  ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h ../../src/config.h \
- ../../src/getdns/getdns.h $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
+example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
+ ../../src/config.h \
+ ../../src/getdns/getdns.h \
+ $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
  ../../src/getdns/getdns_extra.h
diff --git a/src/test/Makefile.in b/src/test/Makefile.in
index 00211237..9d4dad00 100644
--- a/src/test/Makefile.in
+++ b/src/test/Makefile.in
@@ -231,10 +231,13 @@ depend:
 .PHONY: clean test
 
 # Dependencies for the unit tests
-check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_address.h \
- $(srcdir)/check_getdns_address_sync.h $(srcdir)/check_getdns_cancel_callback.h \
- $(srcdir)/check_getdns_context_create.h $(srcdir)/check_getdns_context_destroy.h \
+check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c \
+ ../getdns/getdns.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_address.h $(srcdir)/check_getdns_address_sync.h \
+ $(srcdir)/check_getdns_cancel_callback.h $(srcdir)/check_getdns_context_create.h \
+ $(srcdir)/check_getdns_context_destroy.h \
  $(srcdir)/check_getdns_context_set_context_update_callback.h \
  $(srcdir)/check_getdns_context_set_dns_transport.h \
  $(srcdir)/check_getdns_context_set_timeout.h \
@@ -254,34 +257,58 @@ check_getdns.lo check_getdns.o: $(srcdir)/check_getdns.c ../getdns/getdns.h $(sr
  $(srcdir)/check_getdns_list_get_list.h $(srcdir)/check_getdns_pretty_print_dict.h \
  $(srcdir)/check_getdns_service.h $(srcdir)/check_getdns_service_sync.h \
  $(srcdir)/check_getdns_transport.h
-check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c ../getdns/getdns.h \
- ../config.h $(srcdir)/check_getdns_common.h ../getdns/getdns_extra.h \
+check_getdns_common.lo check_getdns_common.o: $(srcdir)/check_getdns_common.c \
+ ../getdns/getdns.h \
+ ../config.h \
+ $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns_extra.h \
  $(srcdir)/check_getdns_eventloop.h
 check_getdns_context_set_timeout.lo check_getdns_context_set_timeout.o: $(srcdir)/check_getdns_context_set_timeout.c \
  $(srcdir)/check_getdns_context_set_timeout.h $(srcdir)/check_getdns_common.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
 check_getdns_libev.lo check_getdns_libev.o: $(srcdir)/check_getdns_libev.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libev.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libev.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_libevent.lo check_getdns_libevent.o: $(srcdir)/check_getdns_libevent.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libevent.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libevent.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_libevent.h $(srcdir)/check_getdns_common.h
 check_getdns_libuv.lo check_getdns_libuv.o: $(srcdir)/check_getdns_libuv.c $(srcdir)/check_getdns_eventloop.h \
- ../config.h ../getdns/getdns.h $(srcdir)/../getdns/getdns_ext_libuv.h \
- ../getdns/getdns_extra.h $(srcdir)/check_getdns_common.h
+ ../config.h \
+ ../getdns/getdns.h \
+ $(srcdir)/../getdns/getdns_ext_libuv.h \
+ ../getdns/getdns_extra.h \
+ $(srcdir)/check_getdns_common.h
 check_getdns_selectloop.lo check_getdns_selectloop.o: $(srcdir)/check_getdns_selectloop.c \
- $(srcdir)/check_getdns_eventloop.h ../config.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_eventloop.h \
+ ../config.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 check_getdns_transport.lo check_getdns_transport.o: $(srcdir)/check_getdns_transport.c \
- $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h ../getdns/getdns.h \
+ $(srcdir)/check_getdns_transport.h $(srcdir)/check_getdns_common.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
-scratchpad.template.lo scratchpad.template.o: scratchpad.template.c ../getdns/getdns.h \
+scratchpad.template.lo scratchpad.template.o: scratchpad.template.c \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
 testmessages.lo testmessages.o: $(srcdir)/testmessages.c $(srcdir)/testmessages.h
-tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h ../getdns/getdns.h
-tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c ../config.h $(srcdir)/testmessages.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
-tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h ../getdns/getdns.h \
+tests_dict.lo tests_dict.o: $(srcdir)/tests_dict.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_list.lo tests_list.o: $(srcdir)/tests_list.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_namespaces.lo tests_namespaces.o: $(srcdir)/tests_namespaces.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h
+tests_stub_async.lo tests_stub_async.o: $(srcdir)/tests_stub_async.c \
+ ../config.h \
+ $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h
+tests_stub_sync.lo tests_stub_sync.o: $(srcdir)/tests_stub_sync.c $(srcdir)/testmessages.h \
+ ../getdns/getdns.h \
  ../getdns/getdns_extra.h
diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in
index 2049229a..3cba9659 100644
--- a/src/tools/Makefile.in
+++ b/src/tools/Makefile.in
@@ -112,5 +112,8 @@ depend:
 .PHONY: clean test
 
 # Dependencies for getdns_query
-getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c ../config.h $(srcdir)/../debug.h ../config.h \
- ../getdns/getdns.h ../getdns/getdns_extra.h
+getdns_query.lo getdns_query.o: $(srcdir)/getdns_query.c \
+ ../config.h \
+ $(srcdir)/../debug.h \
+ ../getdns/getdns.h \
+ ../getdns/getdns_extra.h

From 7ac289f72639c43a70e15b24b263a5f3d3b359d1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 13:07:11 +0200
Subject: [PATCH 081/140] dependencies

---
 src/Makefile.in | 312 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 310 insertions(+), 2 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index b1a2d108..e7519647 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -242,16 +242,16 @@ Makefile: $(srcdir)/Makefile.in ../config.status
 depend:
 	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
 
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iyxml -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yxml/*.c yaml/*.c extension/*.c| \
+	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iyxml -Iutil/auxiliary -I../stubby/src *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yxml/*.c extension/*.c ../stubby/src/*.c | \
 		sed -e "s? $$blddir/? ?g" \
 		    -e 's? gldns/? $$(srcdir)/gldns/?g' \
 		    -e 's? compat/? $$(srcdir)/compat/?g' \
 		    -e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
 		    -e 's? util/? $$(srcdir)/util/?g' \
 		    -e 's? jsmn/? $$(srcdir)/jsmn/?g' \
-		    -e 's? yaml/? $$(srcdir)/yaml/?g' \
 		    -e 's? yxml/? $$(srcdir)/yxml/?g' \
 		    -e 's? extension/? $$(srcdir)/extension/?g' \
+		    -e 's? \.\./stubby/? $$(stubbysrcdir)/?g' \
 		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
 		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
 		    -e 's? \$$(srcdir)/getdns/getdns_extra\.h? getdns/getdns_extra.h?g' \
@@ -269,3 +269,311 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
+anchor.lo anchor.o: $(srcdir)/anchor.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/anchor.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/types-internal.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h
+const-info.lo const-info.o: $(srcdir)/const-info.c \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/const-info.h
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/anchor.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/parseutil.h
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
+ $(srcdir)/dict.h $(srcdir)/mdns.h
+list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/context.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
+request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
+rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
+ $(srcdir)/dict.h
+rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
+ getdns/getdns_extra.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h
+stub.lo stub.o: $(srcdir)/stub.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/stub.h \
+ getdns/getdns.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
+ $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c \
+ getdns/getdns.h \
+ config.h \
+ $(srcdir)/context.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
+ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
+ config.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
+ $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
+ $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
+gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
+ config.h \
+ $(srcdir)/gldns/gbuffer.h
+keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+parse.lo parse.o: $(srcdir)/gldns/parse.c \
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
+ config.h \
+ $(srcdir)/gldns/parseutil.h
+rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
+ config.h
+arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
+ config.h \
+ $(srcdir)/compat/chacha_private.h
+arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
+ config.h
+explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
+ config.h
+getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
+ config.h
+getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
+ config.h
+getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
+ config.h
+getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
+gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
+ config.h
+inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
+ config.h
+inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
+ config.h
+sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
+ config.h
+strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
+ config.h
+strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
+ config.h
+locks.lo locks.o: $(srcdir)/util/locks.c \
+ config.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
+lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/util/orig-headers/lookup3.h
+lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
+rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
+ config.h \
+ $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
+ config.h \
+ $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
+ $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
+ $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
+jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
+yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
+libev.lo libev.o: $(srcdir)/extension/libev.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
+libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
+ config.h \
+ $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
+libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
+poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
+ config.h \
+ $(srcdir)/extension/poll_eventloop.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/select_eventloop.h
+stubby.lo stubby.o: $(stubbysrcdir)/src/stubby.c \
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h

From cefeed2b47e1b40fc16ed2d2f6cf4e2a7dce36f8 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 13:15:12 +0200
Subject: [PATCH 082/140] PRIsz usage like PRIu64 etc.

---
 src/context.c        |  8 ++++----
 src/dnssec.c         | 16 ++++++++--------
 src/pubkey-pinning.c |  6 +++---
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/context.c b/src/context.c
index 8f200e8a..a2df0c0f 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2550,15 +2550,15 @@ getdns_context_set_dns_root_servers(
 		if (addr_bd->size == 16 &&
 		    inet_ntop(AF_INET6, addr_bd->data, dst, sizeof(dst)))
 
-			fprintf(fh,". NS "PRIsz".root-servers.getdnsapi.net.\n"
-			    PRIsz".root-servers.getdnsapi.net. AAAA %s\n",
+			fprintf(fh,". NS %"PRIsz".root-servers.getdnsapi.net.\n"
+			    "%"PRIsz".root-servers.getdnsapi.net. AAAA %s\n",
 			    i, i, dst);
 
 		else if (addr_bd->size == 4 &&
 		    inet_ntop(AF_INET, addr_bd->data, dst, sizeof(dst)))
 
-			fprintf(fh,". NS "PRIsz".root-servers.getdnsapi.net.\n"
-			    PRIsz".root-servers.getdnsapi.net. A %s\n",
+			fprintf(fh,". NS %"PRIsz".root-servers.getdnsapi.net.\n"
+			    "%"PRIsz".root-servers.getdnsapi.net. A %s\n",
 			    i, i, dst);
 	}
 	fclose(fh);
diff --git a/src/dnssec.c b/src/dnssec.c
index 3a2fc866..f65c654b 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -602,7 +602,7 @@ static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
 	dname_len = *labels - last_label[-1] + 1;
 	head_sz = (sizeof(chain_head) + dname_len + 7) / 8 * 8;
 	node_count = last_label - labels - max_labels;
-	DEBUG_SEC( PRIsz" labels in common. "PRIsz" labels to allocate\n"
+	DEBUG_SEC( "%"PRIsz" labels in common. %"PRIsz" labels to allocate\n"
 	         , max_labels, node_count);
 
 	if (! (region = GETDNS_XMALLOC(*mf, uint8_t, head_sz + 
@@ -1424,7 +1424,7 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
 		/* More space needed for val_rrset */
 		val_rrset = GETDNS_XMALLOC(*mf, _getdns_rr_iter, n_rrs);
 	}
-	DEBUG_SEC( "sizes: "PRIsz" rrs, "PRIsz" bytes for validation buffer\n"
+	DEBUG_SEC( "sizes: %"PRIsz" rrs, %"PRIsz" bytes for validation buffer\n"
 	         , n_rrs, valbuf_sz);
 
 	qsort(val_rrset, n_rrs, sizeof(_getdns_rr_iter), _rr_iter_rdata_cmp);
@@ -1481,7 +1481,7 @@ static int _getdns_verify_rrsig(struct mem_funcs *mf,
 		gldns_buffer_write_u16_at(&valbuf, pos, 
 		    (uint16_t)(gldns_buffer_position(&valbuf) - pos - 2));
 	}
-	DEBUG_SEC( "written to valbuf: "PRIsz" bytes\n"
+	DEBUG_SEC( "written to valbuf: %"PRIsz" bytes\n"
 	         , gldns_buffer_position(&valbuf));
 	assert(gldns_buffer_position(&valbuf) <= valbuf_sz);
 
@@ -1903,7 +1903,7 @@ static int ds_authenticates_keys(struct mem_funcs *mf,
 				if (digest_buf != digest_buf_spc)
 					GETDNS_FREE(*mf, digest_buf);
 
-				DEBUG_SEC("HASH length mismatch "PRIsz" != "PRIsz"\n",
+				DEBUG_SEC("HASH length mismatch %"PRIsz" != %"PRIsz"\n",
 					digest_len, ds->rr_i.nxt - ds->rr_i.rr_type-14);
 				continue;
 			}
@@ -1926,7 +1926,7 @@ static int ds_authenticates_keys(struct mem_funcs *mf,
 			max_supported_result = SIGNATURE_VERIFIED | keytag;
 		}
 	}
-	DEBUG_SEC("valid_dsses: "PRIsz", supported_dsses: "PRIsz"\n",
+	DEBUG_SEC("valid_dsses: %"PRIsz", supported_dsses: %"PRIsz"\n",
 			valid_dsses, supported_dsses);
 	if (valid_dsses && !supported_dsses)
 		return NO_SUPPORTED_ALGORITHMS;
@@ -3059,7 +3059,7 @@ static void check_chain_complete(chain_head *chain)
 	_getdns_rrset_iter tas_iter;
 
 	if ((o = count_outstanding_requests(chain)) > 0) {
-		DEBUG_SEC(PRIsz" outstanding requests\n", o);
+		DEBUG_SEC("%"PRIsz" outstanding requests\n", o);
 		return;
 	}
 	DEBUG_SEC("Chain done!\n");
@@ -3561,7 +3561,7 @@ getdns_validate_dnssec2(getdns_list *records_to_validate,
 
 	for (i = 0; !getdns_list_get_dict(records_to_validate,i,&reply); i++) {
 
-		DEBUG_SEC("REPLY "PRIsz", r: %d\n", i, r);
+		DEBUG_SEC("REPLY %"PRIsz", r: %d\n", i, r);
 		if (to_val != to_val_buf)
 			GETDNS_FREE(*mf, to_val);
 		to_val_len = sizeof(to_val_buf);
@@ -3588,7 +3588,7 @@ getdns_validate_dnssec2(getdns_list *records_to_validate,
 			break;
 		}
 	}
-	DEBUG_SEC("REPLY "PRIsz", r: %d\n", i, r);
+	DEBUG_SEC("REPLY %"PRIsz", r: %d\n", i, r);
 
 exit_free_to_val:
 	if (to_val != to_val_buf)
diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c
index a960ab66..1b9674fd 100644
--- a/src/pubkey-pinning.c
+++ b/src/pubkey-pinning.c
@@ -437,14 +437,14 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		/* digest the cert with sha256 */
 		len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
 		if (len > (int)sizeof(raw)) {
-			DEBUG_STUB("%s %-35s: Pubkey %d is larger than "PRIsz" octets\n",
+			DEBUG_STUB("%s %-35s: Pubkey %d is larger than %"PRIsz" octets\n",
 			           STUB_DEBUG_SETUP_TLS, __FUNC__, i, sizeof(raw));
 			continue;
 		}
 		next = raw;
 		i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &next);
 		if (next - raw != len) {
-			DEBUG_STUB("%s %-35s: Pubkey %d claimed it needed %d octets, really needed "PRIsz"\n",
+			DEBUG_STUB("%s %-35s: Pubkey %d claimed it needed %d octets, really needed %"PRIsz"\n",
 			           STUB_DEBUG_SETUP_TLS, __FUNC__, i, len, next - raw);
 			continue;
 		}
@@ -453,7 +453,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
 		/* compare it */
 		for (p = pinset; p; p = p->next)
 			if (0 == memcmp(buf, p->pin, sizeof(p->pin))) {
-				DEBUG_STUB("%s %-35s: Pubkey %d matched pin %p ("PRIsz")\n",
+				DEBUG_STUB("%s %-35s: Pubkey %d matched pin %p (%"PRIsz")\n",
 					   STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void*)p, sizeof(p->pin));
 				return GETDNS_RETURN_GOOD;
 			} else

From 3ab01cf45d9e25d99f35cf0513859668d860b7db Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 13:27:24 +0200
Subject: [PATCH 083/140] Dont do yaml tpkg test

---
 src/test/tpkg/setup-env.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/tpkg/setup-env.sh b/src/test/tpkg/setup-env.sh
index 18cdfbeb..d3269d64 100755
--- a/src/test/tpkg/setup-env.sh
+++ b/src/test/tpkg/setup-env.sh
@@ -36,3 +36,4 @@ export TPKG="${TPKG}"
 export LIBTOOL="${LIBTOOL}"
 END_OF_TPKG_VAR_MASTER
 
+${TPKG} f 255-yaml-config.tpkg

From b9260f8fca5ae4b6edb3f9fff292c223b2f33dc1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 27 Sep 2017 16:24:32 +0200
Subject: [PATCH 084/140] Install Windows format stubby.yml on Windows

---
 configure.ac    | 11 +++++++++++
 src/Makefile.in | 22 +++++++++++++++++-----
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3fe7b5fe..2ce963da 100644
--- a/configure.ac
+++ b/configure.ac
@@ -101,7 +101,18 @@ AC_PROG_CC
 AC_PROG_CPP
 
 # Checks for programs.
+HOSTOS="unix"
 AC_CANONICAL_HOST
+case "${host_os}" in
+cygwin*|mingw*)
+	HOSTOS=windows
+	;;
+darwin*)
+	HOSTOS=macos
+	;;
+esac
+AC_SUBST(HOSTOS)
+
 
 CFLAGS="$CFLAGS"
 WPEDANTICFLAG=""
diff --git a/src/Makefile.in b/src/Makefile.in
index e7519647..6f8a56a6 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -203,15 +203,27 @@ stubby.lo: $(stubbysrcdir)/src/stubby.c
 stubby: stubby.lo libgetdns.la $(STUBBY_XTRA_OBJS)
 	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(STUBBY_XTRA_OBJS) $(STUBBY_LDFLAGS) libgetdns.la
 
-install-stubby: stubby $(stubbysrcdir)/stubby.yml.example $(stubbysrcdir)/stubby-setdns-macos.sh
-	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
-	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
+install-stubby-files-unix: $(stubbysrcdir)/stubby.yml.example
 	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
 	test -f $(DESTDIR)$(stubbyconfdir)/stubby.yml || \
 		$(INSTALL_DATA) $(stubbysrcdir)/stubby.yml.example $(DESTDIR)$(stubbyconfdir)/stubby.yml
 
+install-stubby-files-macos: $(stubbysrcdir)/stubby-setdns-macos.sh install-stubby-files-unix
+	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
+	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
+
+stubby.yml.windows: $(stubbysrcdir)/stubby.yml.example
+	sed 's/$$'"/`echo \\\r`/" $(stubbysrcdir)/stubby.yml.example > stubby.yml.windows
+
+install-stubby-files-windows: stubby.yml.windows
+	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
+	test -f $(DESTDIR)$(stubbyconfdir)/stubby.yml || \
+		$(INSTALL_DATA) stubby.yml.windows $(DESTDIR)$(stubbyconfdir)/stubby.yml
+
+install-stubby: stubby install-stubby-files-@HOSTOS@
+	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
+	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
+
 uninstall-stubby:
 	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
 	rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh

From 078c50f1b214ed5eb3442fcde2fab6604318c06c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 15:09:16 +0200
Subject: [PATCH 085/140] fread with mingw32 compiled can return < file sz,

because it automatically converts \r\n into \n
---
 src/tools/getdns_query.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index ce64a679..380a21c7 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -543,6 +543,7 @@ int parse_config_file(const char *fn, int report_open_failure)
 	FILE *fh;
 	char *config_file = NULL;
 	long config_file_sz;
+	size_t read_sz;
 
 	if (!(fh = fopen(fn, "r"))) {
 		if (report_open_failure)
@@ -567,13 +568,14 @@ int parse_config_file(const char *fn, int report_open_failure)
 		return GETDNS_RETURN_MEMORY_ERROR;
 	}
 	rewind(fh);
-	if (fread(config_file, 1, config_file_sz, fh) != (size_t)config_file_sz) {
+	read_sz = fread(config_file, 1, config_file_sz + 1, fh);
+	if (read_sz > config_file_sz || ferror(fh) || !feof(fh)) {
 		fprintf( stderr, "An error occurred while reading \"%s\": %s\n"
 		       , fn, strerror(errno));
 		fclose(fh);
 		return GETDNS_RETURN_MEMORY_ERROR;
 	}
-	config_file[config_file_sz] = 0;
+	config_file[read_sz] = 0;
 	fclose(fh);
 	parse_config(config_file, strstr(fn, ".yml") != NULL);
 	free(config_file);

From 15eec724a5a4fe01351ae53f1820e5cc2f372ce0 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 15:09:55 +0200
Subject: [PATCH 086/140] Portable CR to CRLF conversion

---
 src/Makefile.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index 6f8a56a6..02b81f40 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -213,7 +213,7 @@ install-stubby-files-macos: $(stubbysrcdir)/stubby-setdns-macos.sh install-stubb
 	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
 
 stubby.yml.windows: $(stubbysrcdir)/stubby.yml.example
-	sed 's/$$'"/`echo \\\r`/" $(stubbysrcdir)/stubby.yml.example > stubby.yml.windows
+	awk "{sub(/$$/,\"\r\")}1" $(stubbysrcdir)/stubby.yml.example > stubby.yml.windows
 
 install-stubby-files-windows: stubby.yml.windows
 	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)

From 52a4500792e6b13b110698174d4de920d0c79192 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 15:13:57 +0200
Subject: [PATCH 087/140] Signedness error

---
 src/tools/getdns_query.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index 380a21c7..eff84136 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -569,7 +569,7 @@ int parse_config_file(const char *fn, int report_open_failure)
 	}
 	rewind(fh);
 	read_sz = fread(config_file, 1, config_file_sz + 1, fh);
-	if (read_sz > config_file_sz || ferror(fh) || !feof(fh)) {
+	if (read_sz > (size_t)config_file_sz || ferror(fh) || !feof(fh)) {
 		fprintf( stderr, "An error occurred while reading \"%s\": %s\n"
 		       , fn, strerror(errno));
 		fclose(fh);

From a86e21b48accea4adffce9018308282e8bd6c451 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 15:19:07 +0200
Subject: [PATCH 088/140] Fix reading files on windows with stubby too

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index efdd6fb3..b309b8cf 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit efdd6fb31abb05f03309720e97167c632e5fe381
+Subproject commit b309b8cfa332fe7767ad63d27230d28341a50b15

From c3df13b27cd7405c2c35c94b3e240f60fb336be4 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 19:45:16 +0200
Subject: [PATCH 089/140] PATH_MAX can be in sys/limits.h too..

and must have a fallback value
---
 configure.ac  | 16 +++++++++++++++-
 src/context.c | 12 ++++++------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 2ce963da..f6adc6cf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1224,7 +1224,7 @@ dnl ----- Start of "Things needed for gldns" section
 dnl -----
 dnl ---------------------------------------------------------------------------
 
-AC_CHECK_HEADERS([stdarg.h stdint.h netinet/in.h arpa/inet.h netdb.h sys/socket.h time.h sys/time.h sys/select.h endian.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdint.h netinet/in.h arpa/inet.h netdb.h sys/socket.h time.h sys/time.h sys/select.h endian.h limits.h sys/limits.h],,, [AC_INCLUDES_DEFAULT])
 
 dnl Check the printf-format attribute (if any)
 dnl result in HAVE_ATTR_FORMAT.  
@@ -1498,6 +1498,20 @@ static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *fo
 #include <inttypes.h>
 #endif
 
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifdef HAVE_SYS_LIMITS_H
+#include <sys/limits.h>
+#endif
+
+#ifdef PATH_MAX
+#define _GETDNS_PATH_MAX PATH_MAX
+#else
+#define _GETDNS_PATH_MAX 2048
+#endif
+
 #ifndef PRIu64
 #define PRIu64 "llu"
 #endif
diff --git a/src/context.c b/src/context.c
index a2df0c0f..750150d5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3777,7 +3777,7 @@ _get_context_settings(getdns_context* context)
 	getdns_list *list;
 	size_t       i;
 	const char  *str_value;
-	char         appdata_dir[PATH_MAX] = "";
+	char         appdata_dir[_GETDNS_PATH_MAX] = "";
 
 	if (!result)
 		return NULL;
@@ -4691,7 +4691,7 @@ static size_t _getdns_get_appdata(getdns_context *context, char *path)
 		DEBUG_ANCHOR("ERROR %s(): Could not get %%AppData%% directory\n"
 		            , __FUNC__);
 
-	else if ((len = strlen(path)) + sizeof(APPDATA_SUBDIR) + 2 >= PATH_MAX)
+	else if ((len = strlen(path)) + sizeof(APPDATA_SUBDIR) + 2 >= _GETDNS_PATH_MAX)
 		DEBUG_ANCHOR("ERROR %s(): Home path too long for appdata\n"
 		            , __FUNC__);
 #else
@@ -4708,7 +4708,7 @@ static size_t _getdns_get_appdata(getdns_context *context, char *path)
 		DEBUG_ANCHOR("ERROR %s(): Could not get home directory\n"
 		            , __FUNC__);
 
-	else if ((len = strlen(home)) + sizeof(APPDATA_SUBDIR) + 2 >= PATH_MAX)
+	else if ((len = strlen(home)) + sizeof(APPDATA_SUBDIR) + 2 >= _GETDNS_PATH_MAX)
 		DEBUG_ANCHOR("ERROR %s(): Home path too long for appdata\n"
 		            , __FUNC__);
 
@@ -4748,7 +4748,7 @@ static size_t _getdns_get_appdata(getdns_context *context, char *path)
 
 FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn)
 {
-	char path[PATH_MAX];
+	char path[_GETDNS_PATH_MAX];
 	FILE *f = NULL;
 	size_t len;
 
@@ -4814,7 +4814,7 @@ uint8_t *_getdns_context_get_priv_file(getdns_context *context,
 int _getdns_context_write_priv_file(getdns_context *context,
     const char *fn, getdns_bindata *content)
 {
-	char path[PATH_MAX], tmpfn[PATH_MAX];
+	char path[_GETDNS_PATH_MAX], tmpfn[_GETDNS_PATH_MAX];
 	int fd = -1;
 	FILE *f = NULL;
 	size_t len;
@@ -4870,7 +4870,7 @@ int _getdns_context_write_priv_file(getdns_context *context,
 
 int _getdns_context_can_write_appdata(getdns_context *context)
 {
-	char test_fn[30], path[PATH_MAX];
+	char test_fn[30], path[_GETDNS_PATH_MAX];
 	size_t len;
 	getdns_bindata test_content = { 4, (void *)"TEST" };
 

From e75cf0b7a3a38e4b51e4ae62530e29612dacab56 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 20:21:10 +0200
Subject: [PATCH 090/140] A missing symbol fails on macos

---
 src/libgetdns.symbols | 1 -
 src/mk-symfiles.sh    | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 9d190406..3f26578a 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -166,6 +166,5 @@ getdns_wire2msg_dict_scan
 getdns_wire2rr_dict
 getdns_wire2rr_dict_buf
 getdns_wire2rr_dict_scan
-getdns_yaml2dict
 plain_mem_funcs_user_arg
 priv_getdns_context_mf
diff --git a/src/mk-symfiles.sh b/src/mk-symfiles.sh
index fff7176b..099181e6 100755
--- a/src/mk-symfiles.sh
+++ b/src/mk-symfiles.sh
@@ -8,7 +8,7 @@ write_symbols() {
 }
 
 write_symbols libgetdns.symbols getdns/getdns.h.in getdns/getdns_extra.h.in
-echo getdns_yaml2dict >> libgetdns.symbols
+#echo getdns_yaml2dict >> libgetdns.symbols
 echo plain_mem_funcs_user_arg >> libgetdns.symbols
 echo priv_getdns_context_mf >> libgetdns.symbols
 write_symbols extension/libevent.symbols getdns/getdns_ext_libevent.h

From a9ba50dff1fcab6799d84f962f0f060b1e66ca22 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 22:17:06 +0200
Subject: [PATCH 091/140] Fail transport test on failures

---
 src/test/tpkg/290-transports.tpkg/290-transports.test | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/test/tpkg/290-transports.tpkg/290-transports.test b/src/test/tpkg/290-transports.tpkg/290-transports.test
index 54f1639e..701dd461 100644
--- a/src/test/tpkg/290-transports.tpkg/290-transports.test
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.test
@@ -198,3 +198,8 @@ done
 echo
 echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures"
 echo
+if [[ $FAIL_COUNT -gt 0 ]]
+then
+	exit 1
+fi
+

From 23daf9aac3a0da1d891887cb60407ef84d826e51 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 22:17:36 +0200
Subject: [PATCH 092/140] Fix TLS authentication

---
 src/context.c          | 34 ++++++----------------------------
 src/context.h          |  4 +---
 src/dnssec.c           |  2 +-
 src/general.c          |  8 +++++---
 src/request-internal.c |  7 ++++++-
 5 files changed, 19 insertions(+), 36 deletions(-)

diff --git a/src/context.c b/src/context.c
index 750150d5..ada3e7bd 100644
--- a/src/context.c
+++ b/src/context.c
@@ -3521,16 +3521,13 @@ _getdns_ns_dns_setup(struct getdns_context *context)
 }
 
 getdns_return_t
-_getdns_context_prepare_for_resolution(struct getdns_context *context,
-    int usenamespaces)
+_getdns_context_prepare_for_resolution(getdns_context *context)
 {
-	size_t i;
 	getdns_return_t r;
 
 	RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
-    if (context->destroying) {
-        return GETDNS_RETURN_BAD_CONTEXT;
-    }
+	if (context->destroying)
+		return GETDNS_RETURN_BAD_CONTEXT;
 
 	/* Transport can in theory be set per query in stub mode */
 	if (context->resolution_type == GETDNS_RESOLUTION_STUB && 
@@ -3607,28 +3604,9 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
 	 */
 
 
-	if (! usenamespaces) {
-		r = _getdns_ns_dns_setup(context);
-		if (r == GETDNS_RETURN_GOOD)
-			context->resolution_type_set = context->resolution_type;
-		return r;
-	}
-
-	r = GETDNS_RETURN_GOOD;
-	for (i = 0; i < context->namespace_count; i++) {
-		switch (context->namespaces[i]) {
-		case GETDNS_NAMESPACE_DNS:
-			r = _getdns_ns_dns_setup(context);
-			break;
-
-		default:
-			r = GETDNS_RETURN_BAD_CONTEXT;
-			break;
-		}
-		if (r != GETDNS_RETURN_GOOD)
-			return r; /* try again later (resolution_type_set) */
-	}
-	context->resolution_type_set = context->resolution_type;
+	r = _getdns_ns_dns_setup(context);
+	if (r == GETDNS_RETURN_GOOD)
+		context->resolution_type_set = context->resolution_type;
 	return r;
 } /* _getdns_context_prepare_for_resolution */
 
diff --git a/src/context.h b/src/context.h
index 1be44ed2..46f000c0 100644
--- a/src/context.h
+++ b/src/context.h
@@ -495,11 +495,9 @@ void _getdns_context_log(getdns_context *context, uint64_t system,
  * Sets up the unbound contexts with stub or recursive behavior
  * if needed.
  * @param context previously initialized getdns_context
- * @param usenamespaces if 0 then only use the DNS, else use context namespace list
  * @return GETDNS_RETURN_GOOD on success
  */
-getdns_return_t _getdns_context_prepare_for_resolution(struct getdns_context *context,
- int usenamespaces);
+getdns_return_t _getdns_context_prepare_for_resolution(getdns_context *context);
 
 /* Register a getdns_dns_req with context.
  * - Without pluggable unbound event API,
diff --git a/src/dnssec.c b/src/dnssec.c
index f65c654b..92282ddb 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -3284,7 +3284,7 @@ void _getdns_ta_notify_dnsreqs(getdns_context *context)
 			getdns_network_req *netreq, **netreq_p;
 			int r = GETDNS_RETURN_GOOD;
 
-			 (void) _getdns_context_prepare_for_resolution(context, 0);
+			 (void) _getdns_context_prepare_for_resolution(context);
 
 			*dnsreq_p = dnsreq->ta_notify;
 			for ( netreq_p = dnsreq->netreqs
diff --git a/src/general.c b/src/general.c
index d8a2bdf8..23d9b735 100644
--- a/src/general.c
+++ b/src/general.c
@@ -609,10 +609,11 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			context->ta_notify = req;
 			return GETDNS_RETURN_GOOD;
 		}
-		(void) _getdns_context_prepare_for_resolution(context, 0);
+		if ((r = _getdns_context_prepare_for_resolution(context)))
+			; /* pass */
 
 		/* issue all network requests */
-		for ( netreq_p = req->netreqs
+		else for ( netreq_p = req->netreqs
 		    ; !r && (netreq = *netreq_p)
 		    ; netreq_p++) {
 			if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
@@ -667,7 +668,8 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 				context->ta_notify = req;
 				return GETDNS_RETURN_GOOD;
 			}
-			(void) _getdns_context_prepare_for_resolution(context, 0);
+			if ((r =  _getdns_context_prepare_for_resolution(context)))
+				break;
 
 			/* TODO: We will get a good return code here even if
 			   the name is not found (NXDOMAIN). We should consider
diff --git a/src/request-internal.c b/src/request-internal.c
index c5a5b0a9..26bd3df2 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -170,7 +170,12 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->transport_count = owner->context->dns_transport_count;
 	memcpy(net_req->transports, owner->context->dns_transports,
 	    net_req->transport_count * sizeof(getdns_transport_list_t));
-	net_req->tls_auth_min = owner->context->tls_auth_min;
+	net_req->tls_auth_min =
+	       owner->context->tls_auth == GETDNS_AUTHENTICATION_REQUIRED
+	    && owner->context->dns_transport_count == 1
+	    && owner->context->dns_transports[0] == GETDNS_TRANSPORT_TLS
+	    ? GETDNS_AUTHENTICATION_REQUIRED
+	    : GETDNS_AUTHENTICATION_NONE;
 
 	net_req->follow_redirects = owner->context->follow_redirects;
 

From 6b04ed85512550a14571e8710ce6082001021888 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 28 Sep 2017 22:28:39 +0200
Subject: [PATCH 093/140] Bumb version

---
 ChangeLog    | 5 ++---
 configure.ac | 6 +++---
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ec48868a..56550026 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
-* 2017-09-??: Version 1.2.0
+* 2017-09-28: Version 1.2.0
+  * Bugfix of rc1: authentication of first query with TLS
   * A function to set the location for library specific data,
     like trust-anchors: getdns_context_set_appdata().
   * Zero configuration DNSSEC - build upon the scheme
@@ -11,8 +12,6 @@
     with the ICANN CA.
   * Update of Stubby with yaml configuration file and
     logging from a certain severity support.
-  * Conversion of yaml to getdns_dict and getdns_list with
-    getdns_yaml2dict() and getdns_yaml2list() functions
   * Fix tpkg exit status on test failure. Thanks Jim Hague.
   * Refined logging levels for upstream statistics
   * Reuse (best behaving) backed-off TLS upstreams when non are usable.
diff --git a/configure.ac b/configure.ac
index f6adc6cf..1c1d6453 100644
--- a/configure.ac
+++ b/configure.ac
@@ -41,7 +41,7 @@ AC_INIT([getdns], [1.2.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
 # Dont forget to put a dash in front of the release candidate!!!
 # That is how it is done with semantic versioning!
 #
-AC_SUBST(RELEASE_CANDIDATE, [-rc1])
+AC_SUBST(RELEASE_CANDIDATE, [])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -51,7 +51,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010103c1])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01020000])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@@ -86,7 +86,7 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-1.1.1 had libversion 6:1:0
 # getdns-1.1.2 had libversion 7:0:1
 # getdns-1.1.3 had libversion 7:1:1
-# getdns-1.2.0 will have libversion 8:0:2
+# getdns-1.2.0 has libversion 8:0:2
 #
 GETDNS_LIBVERSION=8:0:2
 

From d1aebd3c24eb5da337d1713d41bdf58a501156d1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 29 Sep 2017 11:07:43 +0200
Subject: [PATCH 094/140] Don't test hostname auth without support in libssl

---
 .../290-transports.tpkg/290-transports.dsc    |  2 +-
 .../290-transports.tpkg/290-transports.test   | 47 +++++++++++++------
 2 files changed, 34 insertions(+), 15 deletions(-)

diff --git a/src/test/tpkg/290-transports.tpkg/290-transports.dsc b/src/test/tpkg/290-transports.tpkg/290-transports.dsc
index 8508f07a..acc5f398 100644
--- a/src/test/tpkg/290-transports.tpkg/290-transports.dsc
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.dsc
@@ -6,7 +6,7 @@ Maintainer: Hoda Rohani
 Category: 
 Component:
 CmdDepends: 
-Depends: 110-link.tpkg
+Depends: 210-stub-only-link.tpkg
 Help:
 Pre: 
 Post: 
diff --git a/src/test/tpkg/290-transports.tpkg/290-transports.test b/src/test/tpkg/290-transports.tpkg/290-transports.test
index 701dd461..ce3730e2 100644
--- a/src/test/tpkg/290-transports.tpkg/290-transports.test
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.test
@@ -4,6 +4,12 @@
 # use .tpkg.var.test for in test variable passing
 [ -f .tpkg.var.test ] && source .tpkg.var.test
 
+if grep -q '^#define HAVE_SSL_HN_AUTH 1' "${BUILDDIR}/build-stub-only/src/config.h"
+then
+	HAVE_SSL_HN_AUTH=1
+else
+	HAVE_SSL_HN_AUTH=0
+fi
 SERVER_IP="8.8.8.8"
 SERVER_IPv6="2001:4860:4860::8888"
 
@@ -126,17 +132,30 @@ for (( ii = 0; ii < 1; ii++)); do
 	SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}`
 	SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}`
 
-	NUM_GOOD_QUERIES=9
-	GOOD_QUERIES=(
-	"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
-	"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
-	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
-	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
-	"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
-	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
-	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
-	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
-	"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
+	if [[ $HAVE_SSL_HN_AUTH = 1 ]]
+	then
+		NUM_GOOD_QUERIES=9
+		GOOD_QUERIES=(
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
+		"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+		"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
+		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
+		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+		"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
+	else
+		NUM_GOOD_QUERIES=7
+		GOOD_QUERIES=(
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
+		"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+		"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+		"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
+		"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+		"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
+	fi
 #"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
 
 	NUM_GOOD_FB_QUERIES=6
@@ -173,21 +192,21 @@ for (( ii = 0; ii < 1; ii++)); do
 		fi
 		echo "*Success cases:"
 		for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
-		  check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
+		  check_good "`"${GETDNS_STUB_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
 		  echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
 		  (( COUNT++ ))
 		done
 		
 		echo "*Success fallback cases:"
 		for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
-		    check_good "`"${GETDNS_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+		    check_good "`"${GETDNS_STUB_QUERY}" -V +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
 		    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
 		    (( COUNT++ ))
 		done
 		
 		echo "*Transport not available cases:"
 		for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
-			check_bad "`"${GETDNS_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
+			check_bad "`"${GETDNS_STUB_QUERY}" -V $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
 			echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
 			(( COUNT++ ))
 		done

From 6aa73c9374032af9b49ec93b38afa27295fab433 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 29 Sep 2017 11:41:58 +0200
Subject: [PATCH 095/140] Thank Travis Burtrum for finding the auth bug

---
 ChangeLog | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog b/ChangeLog
index 56550026..52b477c7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 * 2017-09-28: Version 1.2.0
   * Bugfix of rc1: authentication of first query with TLS
+    Thanks Travis Burtrum
   * A function to set the location for library specific data,
     like trust-anchors: getdns_context_set_appdata().
   * Zero configuration DNSSEC - build upon the scheme

From 3f05242bce7c0e9bf5c88a3add9095d2c0b8367b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 29 Sep 2017 11:47:15 +0200
Subject: [PATCH 096/140] yaml dir has moved

---
 Makefile.in | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Makefile.in b/Makefile.in
index dfb1899b..1096dc3b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -204,7 +204,6 @@ $(distdir):
 	mkdir -p $(distdir)/src/tools
 	mkdir -p $(distdir)/src/jsmn
 	mkdir -p $(distdir)/src/yxml
-	mkdir -p $(distdir)/src/yaml
 	mkdir -p $(distdir)/doc
 	mkdir -p $(distdir)/spec
 	mkdir -p $(distdir)/spec/example
@@ -256,7 +255,7 @@ $(distdir):
 	cp $(srcdir)/stubby/stubby.yml.example $(distdir)/stubby
 	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
 	cp $(srcdir)/stubby/src/*.[ch] $(distdir)/stubby/src
-	cp $(srcdir)/stubby/yaml/*.[ch] $(distdir)/stubby/src/yaml
+	cp $(srcdir)/stubby/src/yaml/*.[ch] $(distdir)/stubby/src/yaml
 	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
 	cp $(srcdir)/stubby/README.md $(distdir)/stubby
 	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
@@ -265,7 +264,6 @@ $(distdir):
 	cp $(srcdir)/src/yxml/*.[ch] $(distdir)/src/yxml
 	cp $(srcdir)/src/yxml/COPYING $(distdir)/src/yxml
 	cp $(srcdir)/src/yxml/yxml.pod $(distdir)/src/yxml
-	cp $(srcdir)/src/yaml/*.[ch] $(distdir)/src/yaml
 	rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
 
 distcheck: $(distdir).tar.gz

From 7509f691f3913c0729054aff4f5084c3ab698c3c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 29 Sep 2017 22:16:16 +0200
Subject: [PATCH 097/140] Update Stubby README.md

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index b309b8cf..d541e605 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit b309b8cfa332fe7767ad63d27230d28341a50b15
+Subproject commit d541e60530717f590d4a4a9d458f987cbe90fc59

From 8ddab4813b326a62ed4e4add781ee0bb7e3c507e Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 29 Sep 2017 22:46:31 +0200
Subject: [PATCH 098/140] Date and README.md update

---
 ChangeLog |  2 +-
 README.md | 27 +++++++++++++--------------
 2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 52b477c7..e6e66951 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-* 2017-09-28: Version 1.2.0
+* 2017-09-29: Version 1.2.0
   * Bugfix of rc1: authentication of first query with TLS
     Thanks Travis Burtrum
   * A function to set the location for library specific data,
diff --git a/README.md b/README.md
index 65af0d07..aacfc289 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,6 @@ External dependencies are linked outside the getdns API build tree (we rely on c
 * [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
 * [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1.  (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.)
 * [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
-* [libyaml](http://pyyaml.org/wiki/LibYAML) version 0.1.6 or later.
 * Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
 
 For example, to build on a recent version of Ubuntu, you would need the following packages:
@@ -88,7 +87,7 @@ If you are building from git, you need to do the following before building:
     # autoreconf -fi
 
 
-As well as building the getdns library 2 other tools are installed by default by the above process:
+As well as building the getdns library two other tools may be installed:
 
 * getdns_query: a command line test script wrapper for getdns
 * stubby: an experimental DNS Privacy enabled client
@@ -100,7 +99,6 @@ Note: If you only want to build stubby, then use the `--with-stubby` option when
 
 * getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure.  This removes the dependency on `libunbound`.
 * Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
-* getdns can be configured to not support YAML configuration with the `--disable-yaml-config` option to configure. This removes the dependency on `libyaml`.
 * When both `--enable-stub-only` and `--without-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
 
 ## Extensions and Event loop dependencies
@@ -114,7 +112,7 @@ The implementation works with a variety of event loops, each built as a separate
 ## Stubby
 
 * Stubby is an experimental implementation of a DNS Privacy enabled stub resolver than encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome! 
-* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://getdnsapi.net/blog/dns-privacy-daemon-stubby).
+* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://dnsprivacy.org/wiki/x/JYAT).
 * Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy.
 
 ## Regression Tests
@@ -123,8 +121,6 @@ A suite of regression tests are included with the library, if you make changes o
 want to sanity check things on your system take a look at src/test.  You will need
 to install [libcheck](https://libcheck.github.io/check/).  The check library is also available from many of the package repositories for the more popular operating systems.
 
-The regression tests do not work with --enable-stub-only.
-
 ## DNSSEC dependencies
 
 For the library to be DNSSEC capable, it needs to know the root trust anchor.
@@ -133,13 +129,16 @@ The library will try to load the root trust anchor from
 or more `DS` or `DNSKEY` resource records in presentation (i.e. zone file)
 format.  Note that this is different than the format of BIND.keys.
 
-The best way to setup or update the root trust anchor is by using
-[`unbound-anchor`](https://www.unbound.net/documentation/unbound-anchor.html).
-To setup the library with the root trust anchor at the default location,
-execute the following steps as root:
+##$ Zero configuration DNSSEC
 
-    # mkdir -p /etc/unbound
-    # unbound-anchor -a /etc/unbound/getdns-root.key
+When the root trust anchor is not installed in the default location and a DNSSEC query is done, getdns will try to use the trust anchors published here: http://data.iana.org/root-anchors/root-anchors.xml .
+It will validate these anchors with the ICANN Certificate Authority certificate following the procedure described in [RFC7958].
+The `root-anchors.xml` and `root-anchors.p7s` S/MIME signature will be cached in the `$HOME/.getdns` directory.
+
+When using trust-anchors from the `root-anchors.xml` file, getdns will track the keys in the root DNSKEY rrset and store a copy in $HOME/.getdns/root.key.
+Only when the KSK DNSKEY's change, a new version of `root-anchors.xml` is tried to be retrieved from [data.iana.org](https://data.iana.org/root-anchors/).
+
+A installed trust-anchor from the default location (`/etc/unbound/getdns-root.key`) that fails to validate the root DNSKEY RRset, will also trigger the "Zero configuration DNSSEC" procedure described above.
 
 Support
 =======
@@ -208,7 +207,7 @@ The primary platforms targeted are Linux and FreeBSD, other platform are support
 
 * RHEL/CentOS 6.4
 * OSX 10.8
-* Ubuntu 14.04
+* Ubuntu 16.04
 * Microsoft Windows 8.1
 
 We intend to add Android and other platforms to future releases as we have time to port it.
@@ -274,7 +273,7 @@ To install the [event loop integration libraries](https://getdnsapi.net/doxygen/
 
 Note that in order to compile the examples, the `--with-libevent` switch is required.
 
-As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key`.  Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
+Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
 
 ### Microsoft Windows 8.1
 

From 4acce42720275c463eebc0416aa01f019ed39816 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Mon, 2 Oct 2017 14:15:16 +0100
Subject: [PATCH 099/140] Check for implementations of sigemptyset, sigfillset
 and sigaddset and add if not present.

mingw64 doesn't have them and compilation fails at link time.
---
 configure.ac | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/configure.ac b/configure.ac
index 1c1d6453..769879ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -699,6 +699,8 @@ AC_CHECK_TYPE([sigset_t], [
 #endif
 ])
 
+AC_CHECK_FUNCS(sigemptyset sigfillset sigaddset)
+
 my_with_libidn=1
 AC_ARG_WITH(libidn, AS_HELP_STRING([--with-libidn=pathname],
 	[path to libidn (default: search /usr/local ..)]),
@@ -1544,12 +1546,26 @@ static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *fo
 # endif
 #endif
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
 #define strptime unbound_strptime
 struct tm;
 char *strptime(const char *s, const char *format, struct tm *tm);
 #endif
 
+#if !defined(HAVE_SIGEMPTYSET)
+#  define sigemptyset(pset)    (*(pset) = 0)
+#endif
+#if !defined(HAVE_SIGFILLSET)
+#  define sigfillset(pset)     (*(pset) = (_sigset_t)-1)
+#endif
+#if !defined(HAVE_SIGADDSET)
+#  define sigaddset(pset, num) (*(pset) |= (1L<<(num)))
+#endif
+
 #ifdef HAVE_LIBUNBOUND
 # include <unbound.h>
 # ifdef HAVE_UNBOUND_EVENT_H
@@ -1567,6 +1583,10 @@ int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
 #  endif
 # endif
 #endif
+
+#ifdef __cplusplus
+}
+#endif
 ])
 
 dnl ---------------------------------------------------------------------------

From b22666d66755f9c36b7eb0a4502d6f1fd5176454 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 2 Oct 2017 16:34:12 +0200
Subject: [PATCH 100/140] Bump version

---
 configure.ac | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1c1d6453..83715747 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,12 +36,12 @@ sinclude(./m4/acx_getaddrinfo.m4)
 sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
-AC_INIT([getdns], [1.2.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
+AC_INIT([getdns], [1.2.1], [users@getdnsapi.net], [], [https://getdnsapi.net])
 
 # Dont forget to put a dash in front of the release candidate!!!
 # That is how it is done with semantic versioning!
 #
-AC_SUBST(RELEASE_CANDIDATE, [])
+AC_SUBST(RELEASE_CANDIDATE, [rc1])
 
 # Set current date from system if not set
 AC_ARG_WITH([current-date],
@@ -51,7 +51,7 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01020000])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010200C1])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@@ -86,9 +86,10 @@ GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRE
 # getdns-1.1.1 had libversion 6:1:0
 # getdns-1.1.2 had libversion 7:0:1
 # getdns-1.1.3 had libversion 7:1:1
-# getdns-1.2.0 has libversion 8:0:2
+# getdns-1.2.0 had libversion 8:0:2
+# getdns-1.2.1 will have libversion 8:1:2
 #
-GETDNS_LIBVERSION=8:0:2
+GETDNS_LIBVERSION=8:1:2
 
 AC_SUBST(GETDNS_COMPILATION_COMMENT)
 AC_SUBST(GETDNS_LIBVERSION)

From 3e221ebed587d303c0d7ebaca02430f94a80a51b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 2 Oct 2017 16:36:07 +0200
Subject: [PATCH 101/140] Fix parallel make install's

---
 ChangeLog       | 4 ++++
 src/Makefile.in | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e6e66951..189c3da3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+* 2017-1?-??: Version 1.2.1
+  * Fix Makefile dependencies for parallel install.
+    Thanks ilovezfs
+
 * 2017-09-29: Version 1.2.0
   * Bugfix of rc1: authentication of first query with TLS
     Thanks Travis Burtrum
diff --git a/src/Makefile.in b/src/Makefile.in
index 02b81f40..f77b7447 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -160,7 +160,7 @@ install-headers: getdns/getdns.h getdns/getdns_extra.h
 uninstall-headers:
 	rm -rf $(DESTDIR)$(includedir)/getdns
 
-install-libs: libgetdns.la
+install-libs: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB)
 	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
 	$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
 	if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi

From ffc72ff2537dcab85a97b370df36514deb3e5de7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 3 Oct 2017 17:09:33 +0200
Subject: [PATCH 102/140] Rearrange includes for finding inet_ntop on Windows

+ make sure stubby is linked with initial LDFLAGS (i.e. static) as well
---
 configure.ac  | 73 +++++++++++++++++++++++++++++----------------------
 src/convert.c |  2 +-
 src/dict.c    |  2 +-
 3 files changed, 43 insertions(+), 34 deletions(-)

diff --git a/configure.ac b/configure.ac
index 1552bb39..ca8c6d81 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1147,8 +1147,8 @@ AC_SUBST(INSTALL_STUBBY)
 AC_SUBST(UNINSTALL_STUBBY)
 AC_SUBST(STUBBY_XTRA_OBJS)
 
-STUBBY_LDFLAGS=""
 STUBBY_LIBS=""
+STUBBY_LDFLAGS=""
 
 if test $my_with_yaml = 1
 then
@@ -1156,8 +1156,8 @@ then
 	then
 		getdns_LIBS="$LIBS"
 		getdns_LDFLAGS="$LDFLAGS"
-		LIBS=""
-		LDFLAGS=""
+		LIBS="$initial_LIBS"
+		LDFLAGS="$initial_LDFLAGS"
 	fi
 	AC_ARG_WITH(libyaml, AS_HELP_STRING([--with-libyaml=pathname],
 		[path to libyaml (default: search /usr/local ..)]),
@@ -1350,7 +1350,44 @@ AH_BOTTOM([
 # ifndef FD_SETSIZE
 #  define FD_SETSIZE 1024
 # endif
-# define PRIsz "Iu"
+
+/* the version of the windows API enabled */
+# ifndef WINVER
+#  define WINVER 0x0600 // 0x0502
+# endif
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0600 // 0x0502
+# endif
+# ifdef HAVE_WS2TCPIP_H
+#  include <ws2tcpip.h>
+# endif
+
+# ifdef _MSC_VER
+#  if _MSC_VER >= 1800
+#   define PRIsz "zu"
+#  else
+#   define PRIsz "Iu"
+#  endif
+# else
+#  define PRIsz "Iu"
+# endif
+
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
+# endif
+
+# ifndef USE_WINSOCK
+#  define ARG_LL "%ll"
+# else
+#  define ARG_LL "%I64"
+# endif
+
+/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
+# ifdef HAVE_WINSOCK2_H
+#  define FD_SET_T (u_int)
+# else
+#  define FD_SET_T 
+# endif
 
  /* Windows wants us to use _strdup instead of strdup */
 # ifndef strdup
@@ -1366,34 +1403,6 @@ AH_BOTTOM([
 #include <assert.h>
 #include <string.h>
 
-/* the version of the windows API enabled */
-#ifndef WINVER
-#define WINVER 0x0600 // 0x0502
-#endif
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0600 // 0x0502
-#endif
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-
-#ifdef HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
-#endif
-
-#ifndef USE_WINSOCK
-#define ARG_LL "%ll"
-#else
-#define ARG_LL "%I64"
-#endif
-
-/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
-#ifdef HAVE_WINSOCK2_H
-#define FD_SET_T (u_int)
-#else
-#define FD_SET_T 
-#endif
-
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/src/convert.c b/src/convert.c
index d6289ecf..71f25491 100644
--- a/src/convert.c
+++ b/src/convert.c
@@ -32,10 +32,10 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "config.h"
 #include <stdio.h>
 #include <string.h>
 #include <locale.h>
-#include "config.h"
 #ifndef USE_WINSOCK
 #include <arpa/inet.h>
 #endif
diff --git a/src/dict.c b/src/dict.c
index d6986788..99e347ad 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -34,8 +34,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <ctype.h>
 #include "config.h"
+#include <ctype.h>
 #ifndef USE_WINSOCK
 #include <sys/types.h>
 #include <sys/socket.h>

From a0c313412dbc5c152fe78eb93cf092f99d109ef9 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 4 Oct 2017 17:31:33 +0100
Subject: [PATCH 103/140] Adjust Unix socket/Winsock handling.

Centralise it into util-internal.h, remove duplicate definitions from mdns, and add new pseudo-functions _getdns_closesocket(), _getdns_poll() and _getdns_socketerror(). Convert error values to simple values and convert error checking to use _getdns_socketerror() and the simple values. The simple values can also be used with the result from getsockopt() with SO_ERROR in stub.c.
---
 src/anchor.c                   |  8 ++--
 src/context.c                  | 12 +----
 src/extension/poll_eventloop.c | 12 +----
 src/mdns.c                     | 72 +++++------------------------
 src/mdns.h                     |  5 +-
 src/server.c                   | 31 +++----------
 src/stub.c                     | 84 ++++++++--------------------------
 src/util-internal.h            | 42 ++++++++++++++---
 8 files changed, 81 insertions(+), 185 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index d37cdec4..6872ab18 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -1198,7 +1198,7 @@ static void tas_read_cb(void *userarg)
 				return;
 			}
 		}
-	} else if (_getdns_EWOULDBLOCK)
+	} else if (_getdns_socketerror() == _getdns_EWOULDBLOCK)
 		return;
 
 	DEBUG_ANCHOR("Read error: %d %s\n", (int)n, strerror(errno));
@@ -1248,7 +1248,7 @@ static void tas_write_cb(void *userarg)
 		    tas_read_cb, NULL, tas_timeout_cb));
 		return;
 
-	} else if (_getdns_EWOULDBLOCK || _getdns_EINPROGRESS)
+	} else if (_getdns_socketerror() == _getdns_EWOULDBLOCK || _getdns_socketerror() == _getdns_EINPROGRESS)
 		return;
 
 	DEBUG_ANCHOR("Write error: %s\n", strerror(errno));
@@ -1348,8 +1348,8 @@ static void tas_connect(getdns_context *context, tas_connection *a)
 		addr.sin6_scope_id = 0;
 		r = connect(a->fd, (struct sockaddr *)&addr, sizeof(addr));
 	}
-	if (r == 0 || (r == -1 && (_getdns_EINPROGRESS ||
-	                           _getdns_EWOULDBLOCK))) {
+	if (r == 0 || (r == -1 && (_getdns_socketerror() == _getdns_EINPROGRESS ||
+	                           _getdns_socketerror() == _getdns_EWOULDBLOCK))) {
 		char tas_hostname[256];
 		const char *path = "", *fmt;
 		getdns_return_t R;
diff --git a/src/context.c b/src/context.c
index ada3e7bd..9b43ff76 100644
--- a/src/context.c
+++ b/src/context.c
@@ -704,11 +704,7 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 		}
 		if (upstream->fd != -1)
 		{
-#ifdef USE_WINSOCK
-			closesocket(upstream->fd);
-#else
-			close(upstream->fd);
-#endif
+			_getdns_closesocket(upstream->fd);
 		}
 		while (pin) {
 			sha256_pin_t *nextpin = pin->next;
@@ -809,11 +805,7 @@ _getdns_upstream_reset(getdns_upstream *upstream)
 		upstream->tls_obj = NULL;
 	}
 	if (upstream->fd != -1) {
-#ifdef USE_WINSOCK
-		closesocket(upstream->fd);
-#else
-		close(upstream->fd);
-#endif
+		_getdns_closesocket(upstream->fd);
 		upstream->fd = -1;
 	}
 	/* Set connection ready for use again*/
diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index b4f204b1..b0793e7c 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -27,13 +27,7 @@
 
 #include "config.h"
 
-#ifdef HAVE_SYS_POLL_H
-#include <sys/poll.h>
-#else
-#ifndef USE_WINSOCK
-#include <poll.h>
-#endif
-#endif
+#include "util-internal.h"
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
@@ -411,10 +405,8 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
     {
         Sleep(poll_timeout);
     } else
-	if (WSAPoll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
-#else	
-	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #endif
+	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
diff --git a/src/mdns.c b/src/mdns.c
index 073c48cb..3d5efe6e 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -30,24 +30,6 @@
 
 #ifdef HAVE_MDNS_SUPPORT
 
-#ifdef USE_WINSOCK
-typedef u_short sa_family_t;
-#define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
-                             WSAGetLastError() == WSAEWOULDBLOCK)
-#define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
-#else
-#define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
-#define _getdns_EINPROGRESS (errno == EINPROGRESS)
-#define SOCKADDR struct sockaddr
-#define SOCKADDR_IN struct sockaddr_in
-#define SOCKADDR_IN6 struct sockaddr_in6
-#define SOCKET int
-#define IP_MREQ struct ip_mreq
-#define IPV6_MREQ struct ipv6_mreq
-#define BOOL int
-#define TRUE 1
-#endif
-
 /* Define IPV6_ADD_MEMBERSHIP for FreeBSD and Mac OS X */
 #ifndef IPV6_ADD_MEMBERSHIP
 #define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP
@@ -1148,7 +1130,8 @@ mdns_udp_multicast_read_cb(void *userarg)
 		sizeof(cnx->response), 0, NULL, NULL);
 
 
-	if (read == -1 && _getdns_EWOULDBLOCK)
+	if (read == -1 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
+		           _getdns_socketerror() == _getdns_ECONNRESET)
 		return; /* TODO: this will stop the receive loop! */
 
 	if (read >= GLDNS_HEADER_SIZE)
@@ -1353,11 +1336,7 @@ static int mdns_open_ipv4_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 
 	if (ret != 0 && fd4 != -1)
 	{
-#ifdef USE_WINSOCK
-			closesocket(fd4);
-#else
-			close(fd4);
-#endif
+			_getdns_closesocket(fd4);
 			fd4 = -1;
 	}
 
@@ -1428,11 +1407,7 @@ static int mdns_open_ipv6_multicast(SOCKADDR_STORAGE* mcast_dest, int* mcast_des
 
 	if (ret != 0 && fd6 != -1)
 	{
-#ifdef USE_WINSOCK
-		closesocket(fd6);
-#else
-		close(fd6);
-#endif
+		_getdns_closesocket(fd6);
 		fd6 = -1;
 	}
 
@@ -1514,11 +1489,7 @@ static getdns_return_t mdns_delayed_network_init(struct getdns_context *context)
 
 							GETDNS_CLEAR_EVENT(context->extension
 								, &context->mdns_connection[i].event);
-#ifdef USE_WINSOCK
-							closesocket(context->mdns_connection[i].fd);
-#else
-							close(context->mdns_connection[i].fd);
-#endif
+							_getdns_closesocket(context->mdns_connection[i].fd);
 						}
 					}
 
@@ -1657,11 +1628,7 @@ void _getdns_mdns_context_destroy(struct getdns_context *context)
 			/* suppress the receive event */
 			GETDNS_CLEAR_EVENT(context->extension, &context->mdns_connection[i].event);
 			/* close the socket */
-#ifdef USE_WINSOCK
-			closesocket(context->mdns_connection[i].fd);
-#else
-			close(context->mdns_connection[i].fd);
-#endif
+			_getdns_closesocket(context->mdns_connection[i].fd);
 		}
 
 		GETDNS_FREE(context->mf, context->mdns_connection);
@@ -1686,11 +1653,7 @@ _getdns_cancel_mdns_request(getdns_network_req *netreq)
 {
 	mdns_cleanup(netreq);
 	if (netreq->fd >= 0) {
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
-#endif
+		_getdns_closesocket(netreq->fd);
 	}
 }
 
@@ -1706,11 +1669,7 @@ mdns_timeout_cb(void *userarg)
 	/* Check the required cleanup */
 	mdns_cleanup(netreq);
 	if (netreq->fd >= 0)
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
-#endif
+		_getdns_closesocket(netreq->fd);
 	_getdns_netreq_change_state(netreq, NET_REQ_TIMED_OUT);
 	if (netreq->owner->user_callback) {
 		netreq->debug_end_time = _getdns_get_time_as_uintt64();
@@ -1745,7 +1704,8 @@ mdns_udp_read_cb(void *userarg)
 										  * i.e. overflow
 										  */
 		0, NULL, NULL);
-	if (read == -1 && _getdns_EWOULDBLOCK)
+	if (read == -1 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
+		           _getdns_socketerror() == _getdns_ECONNRESET)
 		return;
 
 	if (read < GLDNS_HEADER_SIZE)
@@ -1759,11 +1719,7 @@ mdns_udp_read_cb(void *userarg)
 	// TODO: check that the source address originates from the local network.
 	// TODO: check TTL = 255
 
-#ifdef USE_WINSOCK
-	closesocket(netreq->fd);
-#else
-	close(netreq->fd);
-#endif
+	_getdns_closesocket(netreq->fd);
 	/* 
 	 * TODO: how to handle an MDNS response with TC bit set?
 	 * Ignore it for now, as we do not support any kind of TCP fallback
@@ -1814,11 +1770,7 @@ mdns_udp_write_cb(void *userarg)
 		netreq->fd, (const void *)netreq->query, pkt_len, 0,
 		(struct sockaddr *)&mdns_mcast_v4,
 		sizeof(mdns_mcast_v4))) {
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
-#endif
+		_getdns_closesocket(netreq->fd);
 		return;
 	}
 	GETDNS_SCHEDULE_EVENT(
diff --git a/src/mdns.h b/src/mdns.h
index b7c7d20c..e53f79a1 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -24,13 +24,10 @@
 #ifdef HAVE_MDNS_SUPPORT
 #include "getdns/getdns.h"
 #include "types-internal.h"
+#include "util-internal.h"
 #include "util/lruhash.h"
 #include "config.h"
 
-#ifndef USE_WINSOCK
-#define SOCKADDR_STORAGE struct sockaddr_storage
-#endif
-
 getdns_return_t
 _getdns_submit_mdns_request(getdns_network_req *netreq);
 
diff --git a/src/server.c b/src/server.c
index ab986a41..68b6d09d 100644
--- a/src/server.c
+++ b/src/server.c
@@ -39,6 +39,7 @@
 #include "types-internal.h"
 #include "debug.h"
 #include "util/rbtree.h"
+#include "util-internal.h"
 #include "server.h"
 
 #define DNS_REQUEST_SZ          4096
@@ -135,11 +136,7 @@ static void tcp_connection_destroy(tcp_connection *conn)
 		loop->vmt->clear(loop, &conn->event);
 
 	if (conn->fd >= 0)
-#ifdef USE_WINSOCK
-		(void) closesocket(conn->fd);
-#else
-		(void) close(conn->fd);
-#endif
+		(void) _getdns_closesocket(conn->fd);
 	GETDNS_FREE(*mf, conn->read_buf);
 
 	for (cur = conn->to_write; cur; cur = next) {
@@ -285,11 +282,7 @@ getdns_reply(
 		    (struct sockaddr *)&conn->remote_in, conn->addrlen) == -1) {
 			/* IO error, cleanup this listener */
 			loop->vmt->clear(loop, &conn->l->event);
-#ifdef USE_WINSOCK
-			closesocket(conn->l->fd);
-#else
-			close(conn->l->fd);
-#endif
+			_getdns_closesocket(conn->l->fd);
 			conn->l->fd = -1;
 		}
 		/* Unlink this connection */
@@ -483,11 +476,7 @@ static void tcp_accept_cb(void *userarg)
 	    &conn->super.remote_in, &conn->super.addrlen)) == -1) {
 		/* IO error, cleanup this listener */
 		loop->vmt->clear(loop, &l->event);
-#ifdef USE_WINSOCK
-		closesocket(l->fd);
-#else
-		close(l->fd);
-#endif
+		_getdns_closesocket(l->fd);
 		l->fd = -1;
 		GETDNS_FREE(*mf, conn);
 		return;
@@ -557,11 +546,7 @@ static void udp_read_cb(void *userarg)
 	    (struct sockaddr *)&conn->remote_in, &conn->addrlen)) == -1) {
 		/* IO error, cleanup this listener. */
 		loop->vmt->clear(loop, &l->event);
-#ifdef USE_WINSOCK
-		closesocket(l->fd);
-#else
-		close(l->fd);
-#endif
+		_getdns_closesocket(l->fd);
 		l->fd = -1;
 
 #if 0 && defined(SERVER_DEBUG) && SERVER_DEBUG
@@ -710,11 +695,7 @@ static void remove_listeners(listen_set *set)
 			continue;
 
 		loop->vmt->clear(loop, &l->event);
-#ifdef USE_WINSOCK
-		closesocket(l->fd);
-#else
-		close(l->fd);
-#endif
+		_getdns_closesocket(l->fd);
 		l->fd = -1;
 
 		if (l->transport != GETDNS_TRANSPORT_TCP)
diff --git a/src/stub.c b/src/stub.c
index 1d16c4bb..4674356c 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -38,17 +38,6 @@
  */
 #define INTERCEPT_COM_DS 0
 
-#ifdef USE_POLL_DEFAULT_EVENTLOOP
-# ifdef HAVE_SYS_POLL_H
-#  include <sys/poll.h>
-# else
-#ifdef USE_WINSOCK
-#define poll(fdarray, nbsockets, timer) WSAPoll(fdarray, nbsockets, timer)
-#else
-#  include <poll.h>
-#endif
-# endif
-#endif
 #include "debug.h"
 #include <openssl/err.h>
 #include <openssl/conf.h>
@@ -426,13 +415,10 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
 #endif
 	if (connect(fd, (struct sockaddr *)&upstream->addr,
 	    upstream->addr_len) == -1) {
-		if (_getdns_EINPROGRESS || _getdns_EWOULDBLOCK)
+		if (_getdns_socketerror() == _getdns_EINPROGRESS ||
+		    _getdns_socketerror() == _getdns_EWOULDBLOCK)
 			return fd;
-#ifdef USE_WINSOCK
-		closesocket(fd);
-#else
-		close(fd);
-#endif
+		_getdns_closesocket(fd);
 		return -1;
 	}
 	return fd;
@@ -443,22 +429,13 @@ tcp_connected(getdns_upstream *upstream) {
 	int error = 0;
 	socklen_t len = (socklen_t)sizeof(error);
 	getsockopt(upstream->fd, SOL_SOCKET, SO_ERROR, (void*)&error, &len);
-#ifdef USE_WINSOCK
-	if (error == WSAEINPROGRESS)
+	if (error == _getdns_EINPROGRESS)
 		return STUB_TCP_AGAIN;
-	else if (error == WSAEWOULDBLOCK) 
-		return STUB_TCP_WOULDBLOCK;
-	else if (error != 0)
-		return STUB_SETUP_ERROR;
-#else
-	if (error == EINPROGRESS)
-		return STUB_TCP_AGAIN;
-	else if (error == EWOULDBLOCK || error == EAGAIN) 
+	else if (error == _getdns_EWOULDBLOCK || error == _getdns_EAGAIN) 
 		return STUB_TCP_WOULDBLOCK;
 	else if (error != 0) {
 		return STUB_SETUP_ERROR;
 	}
-#endif
 	if (upstream->transport == GETDNS_TRANSPORT_TCP &&
 	    upstream->queries_sent == 0) {
 			upstream->conn_state = GETDNS_CONN_OPEN;
@@ -570,11 +547,7 @@ _getdns_cancel_stub_request(getdns_network_req *netreq)
 	           STUB_DEBUG_CLEANUP, __FUNC__, (void*)netreq);
 	stub_cleanup(netreq);
 	if (netreq->fd >= 0) {
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
-#endif
+		_getdns_closesocket(netreq->fd);
 		netreq->fd = -1;
 	}
 }
@@ -589,11 +562,7 @@ stub_timeout_cb(void *userarg)
 	_getdns_netreq_change_state(netreq, NET_REQ_TIMED_OUT);
 	/* Handle upstream*/
 	if (netreq->fd >= 0) {
-#ifdef USE_WINSOCK
-		closesocket(netreq->fd);
-#else
-		close(netreq->fd);
-#endif
+		_getdns_closesocket(netreq->fd);
 		netreq->fd = -1;
 		netreq->upstream->udp_timeouts++;
 		if (netreq->upstream->udp_timeouts % 100 == 0)
@@ -650,7 +619,7 @@ upstream_setup_timeout_cb(void *userarg)
 #ifdef USE_POLL_DEFAULT_EVENTLOOP
 	fds.fd = upstream->fd;
 	fds.events = POLLOUT;
-	ret = poll(&fds, 1, 0);
+	ret = _getdns_poll(&fds, 1, 0);
 #else
 	FD_ZERO(&fds);
 	FD_SET((int)(upstream->fd), &fds);
@@ -690,7 +659,7 @@ stub_tcp_read(int fd, getdns_tcp_state *tcp, struct mem_funcs *mf)
 	}
 	read = recv(fd, (void *)tcp->read_pos, tcp->to_read, 0);
 	if (read < 0) {
-		if (_getdns_EWOULDBLOCK)
+		if (_getdns_socketerror() == _getdns_EWOULDBLOCK)
 			return STUB_TCP_WOULDBLOCK;
 		else
 			return STUB_TCP_ERROR;
@@ -807,11 +776,11 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		    (struct sockaddr *)&(netreq->upstream->addr),
 		    netreq->upstream->addr_len);
 #endif
-		if ((written < 0 && (_getdns_EWOULDBLOCK ||
+		if ((written < 0 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
 		/* Add the error case where the connection is in progress which is when
 		   a cookie is not available (e.g. when doing the first request to an
 		   upstream). We must let the handshake complete since non-blocking. */
-		                       _getdns_EINPROGRESS)) ||
+				     _getdns_socketerror() == _getdns_EINPROGRESS)) ||
 		     (size_t)written < pkt_len + 2) {
 
 			/* We couldn't write the whole packet.
@@ -847,7 +816,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		                    tcp->write_buf_len - tcp->written);
 #endif
 		if (written == -1) {
-			if (_getdns_EWOULDBLOCK)
+			if (_getdns_socketerror() == _getdns_EWOULDBLOCK)
 				return STUB_TCP_WOULDBLOCK;
 			else {
 				DEBUG_STUB("%s %-35s: MSG: %p error while writing to TCP socket:"
@@ -1386,7 +1355,8 @@ stub_udp_read_cb(void *userarg)
 	                                       * i.e. overflow
 	                                       */
 	    0, NULL, NULL);
-	if (read == -1 && _getdns_EWOULDBLOCK)
+	if (read == -1 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
+		           _getdns_socketerror() == _getdns_ECONNRESET))
 		return; /* Try again later */
 
 	if (read == -1) {
@@ -1398,11 +1368,7 @@ stub_udp_read_cb(void *userarg)
 		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		/* Handle upstream*/
 		if (netreq->fd >= 0) {
-#ifdef USE_WINSOCK
-			closesocket(netreq->fd);
-#else
-			close(netreq->fd);
-#endif
+			_getdns_closesocket(netreq->fd);
 			netreq->fd = -1;
 			stub_next_upstream(netreq);
 		}
@@ -1422,11 +1388,7 @@ stub_udp_read_cb(void *userarg)
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
-#ifdef USE_WINSOCK
-	closesocket(netreq->fd);
-#else
-	close(netreq->fd);
-#endif
+	_getdns_closesocket(netreq->fd);
 	netreq->fd = -1;
 	while (GLDNS_TC_WIRE(netreq->response)) {
 		DEBUG_STUB("%s %-35s: MSG: %p TC bit set in response \n", STUB_DEBUG_READ, 
@@ -1519,11 +1481,7 @@ stub_udp_write_cb(void *userarg)
 		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		/* Handle upstream*/
 		if (netreq->fd >= 0) {
-#ifdef USE_WINSOCK
-			closesocket(netreq->fd);
-#else
-			close(netreq->fd);
-#endif
+			_getdns_closesocket(netreq->fd);
 			netreq->fd = -1;
 			stub_next_upstream(netreq);
 		}
@@ -2055,11 +2013,7 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 			if (upstream->tls_obj == NULL) {
 				upstream_failed(upstream, 1);
 				_getdns_upstream_reset(upstream);
-#ifdef USE_WINSOCK
-				closesocket(fd);
-#else
-				close(fd);
-#endif
+				_getdns_closesocket(fd);
 				return -1;
 			}
 			upstream->tls_hs_state = GETDNS_HS_WRITE;
@@ -2128,7 +2082,7 @@ upstream_find_for_netreq(getdns_network_req *netreq)
 			continue;
 
 		if (fd == -1) {
-			if (_getdns_EMFILE)
+			if (_getdns_socketerror() == _getdns_EMFILE)
 				return STUB_TRY_AGAIN_LATER;
 			return -1;
 		}
diff --git a/src/util-internal.h b/src/util-internal.h
index 1ef007bc..faab07b0 100644
--- a/src/util-internal.h
+++ b/src/util-internal.h
@@ -221,14 +221,42 @@ INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
 
 #ifdef USE_WINSOCK
 typedef u_short sa_family_t;
-#define _getdns_EWOULDBLOCK (WSAGetLastError() == WSATRY_AGAIN ||\
-		                             WSAGetLastError() == WSAEWOULDBLOCK)
-#define _getdns_EINPROGRESS (WSAGetLastError() == WSAEINPROGRESS)
-#define _getdns_EMFILE      (WSAGetLastError() == WSAEMFILE)
+#define _getdns_EAGAIN      (WSATRY_AGAIN)
+#define _getdns_EWOULDBLOCK (WSAEWOULDBLOCK)
+#define _getdns_EINPROGRESS (WSAEINPROGRESS)
+#define _getdns_EMFILE      (WSAEMFILE)
+#define _getdns_ECONNRESET  (WSAECONNRESET)
+
+#define _getdns_closesocket(fd) closesocket(fd)
+#define _getdns_poll(fdarray, nsockets, timer) WSAPoll(fdarray, nsockets, timer)
+#define _getdns_socketerror() (WSAGetLastError())
 #else
-#define _getdns_EWOULDBLOCK (errno == EAGAIN || errno == EWOULDBLOCK)
-#define _getdns_EINPROGRESS (errno == EINPROGRESS)
-#define _getdns_EMFILE      (errno == EMFILE)
+#ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+#else
+# include <poll.h>
+#endif
+
+#define _getdns_EAGAIN      (EAGAIN)
+#define _getdns_EWOULDBLOCK (EWOULDBLOCK)
+#define _getdns_EINPROGRESS (EINPROGRESS)
+#define _getdns_EMFILE      (EMFILE)
+#define _getdns_ECONNRESET  (ECONNRESET)
+
+#define SOCKADDR struct sockaddr
+#define SOCKADDR_IN struct sockaddr_in
+#define SOCKADDR_IN6 struct sockaddr_in6
+#define SOCKADDR_STORAGE struct sockaddr_storage
+#define SOCKET int
+
+#define IP_MREQ struct ip_mreq
+#define IPV6_MREQ struct ipv6_mreq
+#define BOOL int
+#define TRUE 1
+
+#define _getdns_closesocket(fd) close(fd)
+#define _getdns_poll(fdarray, nsockets, timer) poll(fdarray, nsockets, timer)
+#define _getdns_socketerror() (errno)
 #endif
 
 #endif

From 757becc81201875f7e6c2872cbe25231033c9bbc Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 4 Oct 2017 17:32:52 +0100
Subject: [PATCH 104/140] write() on a socket is equivalent to send() with flag
 value of 0.

---
 src/stub.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 4674356c..5d472f72 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -808,13 +808,8 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 
 		/* Coming back from an earlier unfinished write or handshake.
 		 * Try to send remaining data */
-#ifdef USE_WINSOCK
 		written = send(fd, (void *)(tcp->write_buf + tcp->written),
 			tcp->write_buf_len - tcp->written, 0);
-#else
-		written = write(fd, tcp->write_buf     + tcp->written,
-		                    tcp->write_buf_len - tcp->written);
-#endif
 		if (written == -1) {
 			if (_getdns_socketerror() == _getdns_EWOULDBLOCK)
 				return STUB_TCP_WOULDBLOCK;

From 1eae1ad96bc78437e9baf540949231d7958bbedd Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Wed, 4 Oct 2017 17:42:06 +0100
Subject: [PATCH 105/140] Fix problem where Stubby stops listening to UDP on
 Win10.

Winsock can return ECONNRESET when receiving UDP via recvfrom() if an ICMP Port Unreachable has been received. Rather than treat the socket as being in error and closing it, just ignore the error.
---
 src/server.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/server.c b/src/server.c
index 68b6d09d..319991da 100644
--- a/src/server.c
+++ b/src/server.c
@@ -544,6 +544,14 @@ static void udp_read_cb(void *userarg)
 	conn->addrlen = sizeof(conn->remote_in);
 	if ((len = recvfrom(l->fd, (void *)buf, sizeof(buf), 0,
 	    (struct sockaddr *)&conn->remote_in, &conn->addrlen)) == -1) {
+		if (_getdns_socketerror() == _getdns_ECONNRESET) {
+			/*
+			 * WINSOCK gives ECONNRESET on ICMP Port Unreachable
+			 * being received. Ignore it.
+			 * */
+			GETDNS_FREE(*mf, conn);
+			return;
+		}
 		/* IO error, cleanup this listener. */
 		loop->vmt->clear(loop, &l->event);
 		_getdns_closesocket(l->fd);

From a70efd118d5fd372d7ed891eb75cadd9fd39eb90 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Thu, 5 Oct 2017 12:36:03 +0100
Subject: [PATCH 106/140] Fix build warnings about inet_ntop() not being
 declared on Win10/MinGW.

---
 configure.ac | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index ca8c6d81..d08beefb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1274,7 +1274,7 @@ CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
 ],[
 AC_MSG_WARN([libbsd not found or usable; using embedded code instead])
 ])
-AC_CHECK_DECLS([strlcpy,arc4random,arc4random_uniform])
+AC_CHECK_DECLS([inet_pton,inet_ntop,strlcpy,arc4random,arc4random_uniform])
 AC_REPLACE_FUNCS(inet_pton)
 AC_REPLACE_FUNCS(inet_ntop)
 AC_REPLACE_FUNCS(strlcpy)
@@ -1449,11 +1449,11 @@ void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
 unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
 #endif /* COMPAT_SHA512 */
 
-#ifndef HAVE_INET_PTON
+#ifndef HAVE_DECL_INET_PTON
 int inet_pton(int af, const char* src, void* dst);
 #endif /* HAVE_INET_PTON */
 
-#ifndef HAVE_INET_NTOP
+#ifndef HAVE_DECL_INET_NTOP
 const char *inet_ntop(int af, const void *src, char *dst, size_t size);
 #endif
 

From ff7c85ab20a7c386ef1ab0e141f17628524013de Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Thu, 5 Oct 2017 12:43:35 +0100
Subject: [PATCH 107/140] Fix build errors introduced by a0c3134.

---
 src/mdns.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mdns.c b/src/mdns.c
index 3d5efe6e..7578a262 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -1131,7 +1131,7 @@ mdns_udp_multicast_read_cb(void *userarg)
 
 
 	if (read == -1 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
-		           _getdns_socketerror() == _getdns_ECONNRESET)
+		           _getdns_socketerror() == _getdns_ECONNRESET))
 		return; /* TODO: this will stop the receive loop! */
 
 	if (read >= GLDNS_HEADER_SIZE)
@@ -1705,7 +1705,7 @@ mdns_udp_read_cb(void *userarg)
 										  */
 		0, NULL, NULL);
 	if (read == -1 && (_getdns_socketerror() == _getdns_EWOULDBLOCK ||
-		           _getdns_socketerror() == _getdns_ECONNRESET)
+		           _getdns_socketerror() == _getdns_ECONNRESET))
 		return;
 
 	if (read < GLDNS_HEADER_SIZE)

From 59e6ec80fe4041e89f674c74af0bc0b8dc79a0f1 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Thu, 5 Oct 2017 15:04:40 +0100
Subject: [PATCH 108/140] Fix configure runtime error.

Error was:
checking for DSA_SIG_new... yes
../configure: line 13315: test: too many arguments
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index d08beefb..49fa72d5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -589,7 +589,7 @@ case "$enable_ed25519" in
     no)
       ;;
     *)
-      if test $USE_NSS = "no" -a $USE_NETTLE = "no"; then
+      if test "$USE_NSS" = "no" -a "$USE_NETTLE" = "no"; then
               AC_CHECK_DECLS([NID_ED25519], [
                 AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.])
                 use_ed25519="yes"

From 8a291d4dce4fb50887924f0b89702ecf276386f4 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Thu, 5 Oct 2017 19:15:41 +0100
Subject: [PATCH 109/140] Revise autoconf checking for sigset_t.

The previous strategy for Windows of checking for sigset_t and if it failed repeating the check with -D_POSIX did not work as expected. Autoconf found the second instance of the test, thought it was the same as the first, and used the cached result from the first. It was only because a typo did not reset CFLAGS back, so always adding _POSIX, that this worked with mingw.

Change instead to checking for sigset_t and if that fails for _sigset_t, and in config.h if sigset_t does not exist but _sigset_t does then typedef _sigset_t to sigset_t. Also amend the implementation of sigfillset() to cast to sigset_t not _sigset_t; it may not be just mingw that doesn't have sigfilleset().

Also, ensure signal.h is one of the headers included when checking for sigset_t. It's the header Posix says sigset_t is defined in...
---
 configure.ac | 39 +++++++++++++++++++++------------------
 1 file changed, 21 insertions(+), 18 deletions(-)

diff --git a/configure.ac b/configure.ac
index 49fa72d5..b2c92692 100644
--- a/configure.ac
+++ b/configure.ac
@@ -254,7 +254,7 @@ esac
 
 
 DEFAULT_EVENTLOOP=select_eventloop
-AC_CHECK_HEADERS([sys/poll.h poll.h sys/resource.h sys/types.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([signal.h sys/poll.h poll.h sys/resource.h sys/types.h],,, [AC_INCLUDES_DEFAULT])
 AC_ARG_ENABLE(poll-eventloop, AC_HELP_STRING([--disable-poll-eventloop], [Disable default eventloop based on poll (default=enabled if available)]))
 case "$enable_poll_eventloop" in
 	no)
@@ -677,29 +677,29 @@ if test "$USE_WINSOCK" = 1; then
 	LIBS="$LIBS -lgdi32 -liphlpapi"
 fi
 
-dnl Check if -D_POSIX is needed for sigset_t
-
-AC_CHECK_TYPE([sigset_t], [
-	AC_MSG_NOTICE(-D_POSIX is NOT needed for the sigset_t type)
-], [
-	BACKCFLAGS="$CFLAGS"
-	CFLAGS="-D_POSIX $CFLAGS"
-	AC_CHECK_TYPE([sigset_t], [
-		AC_MSG_NOTICE(-D_POSIX is needed for the sigset_t type)
-	], [
-		AC_MSG_NOTICE(Unclear whether -D_POSIX is needed for the sigset_t type)
-		BACKCFLAGS="$CFLAGS"
-	], [AC_INCLUDES_DEFAULT
+dnl sigset_t or _sigset_t? MinGW is latter by default.
+AC_CHECK_TYPES([sigset_t],
+               [],
+               [AC_CHECK_TYPES([_sigset_t],
+                               [],
+                               [AC_MSG_ERROR([Can't find type `sigset_t' or type `_sigset_t'])],
+                               [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
-	])
-], [AC_INCLUDES_DEFAULT
+                               ])
+              ],
+              [AC_INCLUDES_DEFAULT
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 ])
-
 AC_CHECK_FUNCS(sigemptyset sigfillset sigaddset)
 
 my_with_libidn=1
@@ -1566,11 +1566,14 @@ struct tm;
 char *strptime(const char *s, const char *format, struct tm *tm);
 #endif
 
+#if !defined(HAVE_SIGSET_T) && defined(HAVE__SIGSET_T)
+typedef _sigset_t sigset_t;
+#endif
 #if !defined(HAVE_SIGEMPTYSET)
 #  define sigemptyset(pset)    (*(pset) = 0)
 #endif
 #if !defined(HAVE_SIGFILLSET)
-#  define sigfillset(pset)     (*(pset) = (_sigset_t)-1)
+#  define sigfillset(pset)     (*(pset) = (sigset_t)-1)
 #endif
 #if !defined(HAVE_SIGADDSET)
 #  define sigaddset(pset, num) (*(pset) |= (1L<<(num)))

From 0874a0a4722818510588c12972744794147af488 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Thu, 5 Oct 2017 19:17:12 +0100
Subject: [PATCH 110/140] Use PRI format strings in wire2str.c and remove
 ARG_LL.

---
 configure.ac         |  6 ------
 src/gldns/wire2str.c | 15 +++------------
 2 files changed, 3 insertions(+), 18 deletions(-)

diff --git a/configure.ac b/configure.ac
index b2c92692..1c7dc8e1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1376,12 +1376,6 @@ AH_BOTTOM([
 #  include <winsock2.h>
 # endif
 
-# ifndef USE_WINSOCK
-#  define ARG_LL "%ll"
-# else
-#  define ARG_LL "%I64"
-# endif
-
 /* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
 # ifdef HAVE_WINSOCK2_H
 #  define FD_SET_T (u_int)
diff --git a/src/gldns/wire2str.c b/src/gldns/wire2str.c
index 2718925e..f6fda2e5 100644
--- a/src/gldns/wire2str.c
+++ b/src/gldns/wire2str.c
@@ -1059,11 +1059,7 @@ int gldns_wire2str_tsigtime_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	d4 = (*d)[4];
 	d5 = (*d)[5];
 	tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5;
-#ifndef USE_WINSOCK
-	w = gldns_str_print(s, sl, "%llu", (long long)tsigtime);
-#else
-	w = gldns_str_print(s, sl, "%I64u", (long long)tsigtime);
-#endif
+	w = gldns_str_print(s, sl, "%"PRIu64, (uint64_t)tsigtime);
 	(*d)+=6;
 	(*dl)-=6;
 	return w;
@@ -1746,13 +1742,8 @@ int gldns_wire2str_edns_llq_print(char** s, size_t* sl, uint8_t* data,
 	if(error_code < llq_errors_num)
 		w += gldns_str_print(s, sl, " %s", llq_errors[error_code]);
 	else	w += gldns_str_print(s, sl, " error %d", (int)error_code);
-#ifndef USE_WINSOCK
-	w += gldns_str_print(s, sl, " id %llx lease-life %lu",
-		(unsigned long long)llq_id, (unsigned long)lease_life);
-#else
-	w += gldns_str_print(s, sl, " id %I64x lease-life %lu",
-		(unsigned long long)llq_id, (unsigned long)lease_life);
-#endif
+	w += gldns_str_print(s, sl, " id %"PRIx64" lease-life %lu",
+		(uint64_t)llq_id, (unsigned long)lease_life);
 	return w;
 }
 

From dc7daede40138d3359cd217998463b2a0efc5e2f Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 12:07:15 +0100
Subject: [PATCH 111/140] Move Windows/Unix functions into new platform.h.

---
 src/anchor.c                   |  1 +
 src/context.c                  |  1 +
 src/extension/poll_eventloop.c |  1 +
 src/mdns.c                     |  1 +
 src/server.c                   |  1 +
 src/stub.c                     |  1 +
 src/util-internal.h            | 41 ----------------------------------
 7 files changed, 6 insertions(+), 41 deletions(-)

diff --git a/src/anchor.c b/src/anchor.c
index 6872ab18..a5a31b2e 100644
--- a/src/anchor.c
+++ b/src/anchor.c
@@ -50,6 +50,7 @@
 #include "gldns/keyraw.h"
 #include "general.h"
 #include "util-internal.h"
+#include "platform.h"
 
 /* get key usage out of its extension, returns 0 if no key_usage extension */
 static unsigned long
diff --git a/src/context.c b/src/context.c
index 9b43ff76..3456bfa0 100644
--- a/src/context.c
+++ b/src/context.c
@@ -80,6 +80,7 @@ typedef unsigned short in_port_t;
 #include "context.h"
 #include "types-internal.h"
 #include "util-internal.h"
+#include "platform.h"
 #include "dnssec.h"
 #include "stub.h"
 #include "list.h"
diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index b0793e7c..f6fdddda 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -28,6 +28,7 @@
 #include "config.h"
 
 #include "util-internal.h"
+#include "platform.h"
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
diff --git a/src/mdns.c b/src/mdns.c
index 7578a262..30bdab6e 100644
--- a/src/mdns.c
+++ b/src/mdns.c
@@ -26,6 +26,7 @@
 #include "gldns/pkthdr.h"
 #include "gldns/rrdef.h"
 #include "util-internal.h"
+#include "platform.h"
 #include "mdns.h"
 
 #ifdef HAVE_MDNS_SUPPORT
diff --git a/src/server.c b/src/server.c
index 319991da..f29cb603 100644
--- a/src/server.c
+++ b/src/server.c
@@ -40,6 +40,7 @@
 #include "debug.h"
 #include "util/rbtree.h"
 #include "util-internal.h"
+#include "platform.h"
 #include "server.h"
 
 #define DNS_REQUEST_SZ          4096
diff --git a/src/stub.c b/src/stub.c
index 5d472f72..ebcb2527 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -52,6 +52,7 @@
 #include "rr-iter.h"
 #include "context.h"
 #include "util-internal.h"
+#include "platform.h"
 #include "general.h"
 #include "pubkey-pinning.h"
 
diff --git a/src/util-internal.h b/src/util-internal.h
index faab07b0..3d768de1 100644
--- a/src/util-internal.h
+++ b/src/util-internal.h
@@ -218,46 +218,5 @@ INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
 	return *now_ms >= expires ? 0 : expires - *now_ms;
 }
 
-
-#ifdef USE_WINSOCK
-typedef u_short sa_family_t;
-#define _getdns_EAGAIN      (WSATRY_AGAIN)
-#define _getdns_EWOULDBLOCK (WSAEWOULDBLOCK)
-#define _getdns_EINPROGRESS (WSAEINPROGRESS)
-#define _getdns_EMFILE      (WSAEMFILE)
-#define _getdns_ECONNRESET  (WSAECONNRESET)
-
-#define _getdns_closesocket(fd) closesocket(fd)
-#define _getdns_poll(fdarray, nsockets, timer) WSAPoll(fdarray, nsockets, timer)
-#define _getdns_socketerror() (WSAGetLastError())
-#else
-#ifdef HAVE_SYS_POLL_H
-# include <sys/poll.h>
-#else
-# include <poll.h>
-#endif
-
-#define _getdns_EAGAIN      (EAGAIN)
-#define _getdns_EWOULDBLOCK (EWOULDBLOCK)
-#define _getdns_EINPROGRESS (EINPROGRESS)
-#define _getdns_EMFILE      (EMFILE)
-#define _getdns_ECONNRESET  (ECONNRESET)
-
-#define SOCKADDR struct sockaddr
-#define SOCKADDR_IN struct sockaddr_in
-#define SOCKADDR_IN6 struct sockaddr_in6
-#define SOCKADDR_STORAGE struct sockaddr_storage
-#define SOCKET int
-
-#define IP_MREQ struct ip_mreq
-#define IPV6_MREQ struct ipv6_mreq
-#define BOOL int
-#define TRUE 1
-
-#define _getdns_closesocket(fd) close(fd)
-#define _getdns_poll(fdarray, nsockets, timer) poll(fdarray, nsockets, timer)
-#define _getdns_socketerror() (errno)
-#endif
-
 #endif
 /* util-internal.h */

From eb6da94e257f87827e71b79eabec9b36fd5d938b Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 12:07:47 +0100
Subject: [PATCH 112/140] Convert one more poll() to _getdns_poll().

---
 src/extension/poll_eventloop.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index f6fdddda..7d6bb99c 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -407,7 +407,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
         Sleep(poll_timeout);
     } else
 #endif
-	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
+	if (_getdns_poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 		perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}

From 74eaf4b03e0283fd8d55d762986f234a8a7eb7e1 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 14:38:59 +0100
Subject: [PATCH 113/140] Previous commit omitted platform.h.

---
 src/platform.h | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 src/platform.h

diff --git a/src/platform.h b/src/platform.h
new file mode 100644
index 00000000..0cd4c9f6
--- /dev/null
+++ b/src/platform.h
@@ -0,0 +1,81 @@
+/**
+ *
+ * /brief general functions with platform-dependent implementations
+ *
+ */
+
+/*
+ * Copyright (c) 2017, NLnet Labs, Sinodun
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef PLATFORM_H
+#define PLATFORM_H
+
+#include "config.h"
+
+#ifdef USE_WINSOCK
+typedef u_short sa_family_t;
+#define _getdns_EAGAIN      (WSATRY_AGAIN)
+#define _getdns_EWOULDBLOCK (WSAEWOULDBLOCK)
+#define _getdns_EINPROGRESS (WSAEINPROGRESS)
+#define _getdns_EMFILE      (WSAEMFILE)
+#define _getdns_ECONNRESET  (WSAECONNRESET)
+
+#define _getdns_closesocket(fd) closesocket(fd)
+#define _getdns_poll(fdarray, nsockets, timer) WSAPoll(fdarray, nsockets, timer)
+#define _getdns_socketerror() (WSAGetLastError())
+
+#else /* USE_WINSOCK */
+
+#ifdef HAVE_SYS_POLL_H
+# include <sys/poll.h>
+#else
+# include <poll.h>
+#endif
+
+#define _getdns_EAGAIN      (EAGAIN)
+#define _getdns_EWOULDBLOCK (EWOULDBLOCK)
+#define _getdns_EINPROGRESS (EINPROGRESS)
+#define _getdns_EMFILE      (EMFILE)
+#define _getdns_ECONNRESET  (ECONNRESET)
+
+#define SOCKADDR struct sockaddr
+#define SOCKADDR_IN struct sockaddr_in
+#define SOCKADDR_IN6 struct sockaddr_in6
+#define SOCKADDR_STORAGE struct sockaddr_storage
+#define SOCKET int
+
+#define IP_MREQ struct ip_mreq
+#define IPV6_MREQ struct ipv6_mreq
+#define BOOL int
+#define TRUE 1
+
+#define _getdns_closesocket(fd) close(fd)
+#define _getdns_poll(fdarray, nsockets, timer) poll(fdarray, nsockets, timer)
+#define _getdns_socketerror() (errno)
+#endif
+
+#endif

From 5e415b60b6a9cfb9762c504da9b328435ec2ea69 Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 15:04:49 +0100
Subject: [PATCH 114/140] Add missing platform.h include.

---
 src/mdns.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mdns.h b/src/mdns.h
index e53f79a1..79ec05fe 100644
--- a/src/mdns.h
+++ b/src/mdns.h
@@ -25,6 +25,7 @@
 #include "getdns/getdns.h"
 #include "types-internal.h"
 #include "util-internal.h"
+#include "platform.h"
 #include "util/lruhash.h"
 #include "config.h"
 

From 34f4e138332b16fed2d4dfbbfd469a2e0983c95d Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 16:24:56 +0100
Subject: [PATCH 115/140] Have separate Windows DEBUG_NL() similar to
 DEBUG_ON().

This removes a build warning.
---
 src/debug.h | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/debug.h b/src/debug.h
index 8f3c2c33..d048def5 100644
--- a/src/debug.h
+++ b/src/debug.h
@@ -59,6 +59,20 @@
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
+
+#define DEBUG_NL(...) do {		    \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
+		time_t tsec_dEbUgSyM; \
+		\
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
+		fprintf(stderr, __VA_ARGS__); \
+	} while (0)
 #else
 #define DEBUG_ON(...) do { \
 		struct timeval tv_dEbUgSyM; \
@@ -71,9 +85,8 @@
 		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
-#endif
 
-#define DEBUG_NL(...) do { \
+#define DEBUG_NL(...) do {		    \
 		struct timeval tv_dEbUgSyM; \
 		struct tm tm_dEbUgSyM; \
 		char buf_dEbUgSyM[10]; \
@@ -85,7 +98,7 @@
 		fprintf(stderr, __VA_ARGS__); \
 		fprintf(stderr, "\n"); \
 	} while (0)
-
+#endif
 
 #define DEBUG_OFF(...) do {} while (0)
 

From 4ca8ee008b40b2785fa02aded51179b9f22bc3eb Mon Sep 17 00:00:00 2001
From: Jim Hague <jim@sinodun.com>
Date: Fri, 6 Oct 2017 18:15:18 +0100
Subject: [PATCH 116/140] Add _getdns_perror(). On Windows this reports Winsock
 errors.

---
 src/Makefile.in                  | 189 ++++++++++++++-----------------
 src/extension/poll_eventloop.c   |   2 +-
 src/extension/select_eventloop.c |   3 +-
 src/platform.c                   |  69 +++++++++++
 src/platform.h                   |   5 +-
 5 files changed, 162 insertions(+), 106 deletions(-)
 create mode 100644 src/platform.c

diff --git a/src/Makefile.in b/src/Makefile.in
index f77b7447..bccaac04 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -77,7 +77,7 @@ C99COMPATFLAGS=@C99COMPATFLAGS@
 DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
 
 GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
-	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
+	list.lo request-internal.lo platform.lo pubkey-pinning.lo rr-dict.lo \
 	rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
 	mdns.lo
 
@@ -281,8 +281,7 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-anchor.lo anchor.o: $(srcdir)/anchor.c \
- config.h \
+anchor.lo anchor.o: $(srcdir)/anchor.c config.h \
  $(srcdir)/debug.h $(srcdir)/anchor.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -293,15 +292,13 @@ anchor.lo anchor.o: $(srcdir)/anchor.c \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
  $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h
+ $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/platform.h
 const-info.lo const-info.o: $(srcdir)/const-info.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/anchor.h \
- getdns/getdns.h \
+context.lo context.o: $(srcdir)/context.c config.h \
+ $(srcdir)/anchor.h getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
@@ -309,36 +306,33 @@ context.lo context.o: $(srcdir)/context.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/dnssec.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+convert.lo convert.o: $(srcdir)/convert.c config.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
  $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h $(srcdir)/convert.h \
+ $(srcdir)/debug.h
+dict.lo dict.o: $(srcdir)/dict.c config.h \
  $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h \
+ $(srcdir)/debug.h getdns/getdns.h \
  $(srcdir)/context.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
@@ -350,31 +344,28 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
+general.lo general.o: $(srcdir)/general.c config.h \
+ $(srcdir)/general.h getdns/getdns.h \
  $(srcdir)/types-internal.h \
  getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/dict.h $(srcdir)/mdns.h
+ $(srcdir)/dict.h $(srcdir)/mdns.h $(srcdir)/platform.h $(srcdir)/debug.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ config.h $(srcdir)/context.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
+mdns.lo mdns.o: $(srcdir)/mdns.c config.h \
  $(srcdir)/debug.h $(srcdir)/context.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -383,14 +374,13 @@ mdns.lo mdns.o: $(srcdir)/mdns.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h \
+ $(srcdir)/platform.h $(srcdir)/mdns.h $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
  $(srcdir)/util/orig-headers/lookup3.h
+platform.lo platform.o: $(srcdir)/platform.c
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
+ config.h $(srcdir)/debug.h \
+ getdns/getdns.h $(srcdir)/context.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
@@ -399,17 +389,16 @@ pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
+ config.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
+ $(srcdir)/dict.h $(srcdir)/debug.h $(srcdir)/convert.h $(srcdir)/general.h
 rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  config.h \
  getdns/getdns.h \
@@ -417,7 +406,7 @@ rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
  $(srcdir)/dict.h
@@ -425,18 +414,16 @@ rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.
  config.h \
  getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
+server.lo server.o: $(srcdir)/server.c config.h \
  getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ getdns/getdns.h $(srcdir)/context.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h
+stub.lo stub.o: $(srcdir)/stub.c config.h \
  $(srcdir)/debug.h $(srcdir)/stub.h \
  getdns/getdns.h \
  $(srcdir)/types-internal.h \
@@ -447,58 +434,51 @@ stub.lo stub.o: $(srcdir)/stub.c \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
+ $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h \
+ config.h $(srcdir)/context.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
 ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+ config.h
 util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
  config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
+ getdns/getdns.h $(srcdir)/dict.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h $(srcdir)/list.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
  $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
 gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
- $(srcdir)/gldns/gbuffer.h
+ config.h $(srcdir)/gldns/gbuffer.h
 keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
+ config.h $(srcdir)/gldns/keyraw.h \
+ $(srcdir)/gldns/rrdef.h
 parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+ config.h $(srcdir)/gldns/parse.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
 parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
+ config.h $(srcdir)/gldns/parseutil.h
 rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
+ config.h $(srcdir)/gldns/rrdef.h \
+ $(srcdir)/gldns/parseutil.h
 str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
+ config.h $(srcdir)/gldns/str2wire.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h \
+ $(srcdir)/gldns/parseutil.h
 wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+ config.h $(srcdir)/gldns/wire2str.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h \
+ $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
 arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
  config.h
 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
@@ -527,8 +507,7 @@ strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
  config.h
 strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
  config.h
-locks.lo locks.o: $(srcdir)/util/locks.c \
- config.h \
+locks.lo locks.o: $(srcdir)/util/locks.c config.h \
  $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
 lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
  config.h \
@@ -540,10 +519,10 @@ lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
+ config.h $(srcdir)/util/auxiliary/log.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/fptr_wlist.h \
+ $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/util/orig-headers/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
  config.h \
  $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
@@ -555,37 +534,41 @@ val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
 yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
 libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
+ config.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
 libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
+ config.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
 libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ config.h $(srcdir)/debug.h \
+ $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
 poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
+ config.h $(srcdir)/util-internal.h \
+ $(srcdir)/context.h getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/platform.h
 select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
+ config.h $(srcdir)/debug.h \
+ $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/select_eventloop.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/platform.h \
+ $(srcdir)/extension/select_eventloop.h
 stubby.lo stubby.o: $(stubbysrcdir)/src/stubby.c \
  config.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h
+version.lo version.o: $(stubbysrcdir)/src/version.c
diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 7d6bb99c..7cd80cd9 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -408,7 +408,7 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
     } else
 #endif
 	if (_getdns_poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
-		perror("poll() failed");
+		_getdns_perror("poll() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = get_now_plus(0);
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 6f6d0f75..0350f1d5 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -29,6 +29,7 @@
 
 #include "debug.h"
 #include "types-internal.h"
+#include "platform.h"
 #include "extension/select_eventloop.h"
 
 static uint64_t get_now_plus(uint64_t amount)
@@ -244,7 +245,7 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 #endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
 	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
-		perror("select() failed");
+		_getdns_perror("select() failed");
 		exit(EXIT_FAILURE);
 	}
 #ifdef USE_WINSOCK
diff --git a/src/platform.c b/src/platform.c
new file mode 100644
index 00000000..61f2bdb6
--- /dev/null
+++ b/src/platform.c
@@ -0,0 +1,69 @@
+/**
+ *
+ * \file platform.c
+ * @brief general functions with platform-dependent implementations
+ *
+ */
+
+/*
+ * Copyright (c) 2017, NLnet Labs, Sinodun
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "platform.h"
+
+#include <stdio.h>
+
+#ifdef USE_WINSOCK
+
+void _getdns_perror(const char *str)
+{
+        char msg[256];
+        int errid = WSAGetLastError();
+
+        *msg = '\0';
+        FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
+                          FORMAT_MESSAGE_IGNORE_INSERTS,
+                      NULL,
+                      errid,
+                      MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+                      msg,
+                      sizeof(msg),
+                      NULL);
+        if (*msg == '\0')
+                sprintf(msg, "Unknown error: %d", errid);
+        if (str && *str != '\0')
+                fprintf(stderr, "%s: ", str);
+        fputs(msg, stderr);
+}
+
+#else
+
+void _getdns_perror(const char *str)
+{
+        perror(str);
+}
+
+#endif
diff --git a/src/platform.h b/src/platform.h
index 0cd4c9f6..e0ec5454 100644
--- a/src/platform.h
+++ b/src/platform.h
@@ -1,6 +1,7 @@
 /**
  *
- * /brief general functions with platform-dependent implementations
+ * \file platform.h
+ * @brief general functions with platform-dependent implementations
  *
  */
 
@@ -78,4 +79,6 @@ typedef u_short sa_family_t;
 #define _getdns_socketerror() (errno)
 #endif
 
+void _getdns_perror(const char *str);
+
 #endif

From 968d94d2bed26e4d93ac5664d932ed3e9bace898 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 16 Oct 2017 14:17:49 +0200
Subject: [PATCH 117/140] atomic netreq removal from write_queue in
 upstream_write_cb

---
 src/stub.c | 54 ++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 36 insertions(+), 18 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index ebcb2527..cf63e3de 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -462,6 +462,36 @@ stub_next_upstream(getdns_network_req *netreq)
 		dnsreq->upstreams->current_udp = 0;
 }
 
+static void
+remove_from_write_queue(getdns_upstream *upstream, getdns_network_req * netreq)
+{
+	getdns_network_req *r, *prev_r;
+
+	for ( r = upstream->write_queue, prev_r = NULL
+	    ; r
+	    ; prev_r = r, r = r->write_queue_tail) {
+
+		if (r != netreq)
+			continue;
+
+		if (prev_r)
+			prev_r->write_queue_tail = r->write_queue_tail;
+		else
+			upstream->write_queue = r->write_queue_tail;
+
+		if (r == upstream->write_queue_last) {
+			/* If r was the last netreq,
+			 * its write_queue tail MUST be NULL
+			 */
+			assert(r->write_queue_tail == NULL);
+			upstream->write_queue_last = prev_r ? prev_r : NULL;
+		}
+
+		netreq->write_queue_tail = NULL;
+		break; /* netreq found and removed */
+	}
+}
+
 static void
 stub_cleanup(getdns_network_req *netreq)
 {
@@ -481,22 +511,7 @@ stub_cleanup(getdns_network_req *netreq)
 	(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
 	    (void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
 
-	/* Delete from upstream->write_queue (if present) */
-	for (prev_r = NULL, r = upstream->write_queue; r;
-	     prev_r = r, r = r->write_queue_tail)
-
-		if (r == netreq) {
-			if (prev_r)
-				prev_r->write_queue_tail = r->write_queue_tail;
-			else
-				upstream->write_queue = r->write_queue_tail;
-
-			if (r == upstream->write_queue_last)
-				upstream->write_queue_last =
-				    prev_r ? prev_r : NULL;
-			netreq->write_queue_tail = NULL;
-			break;
-		}
+	remove_from_write_queue(upstream, netreq);
 	upstream_reschedule_events(upstream, upstream->keepalive_timeout);
 }
 
@@ -1706,8 +1721,11 @@ upstream_write_cb(void *userarg)
 		upstream->queries_sent++;
 
 		/* Unqueue the netreq from the write_queue */
-		if (!(upstream->write_queue = netreq->write_queue_tail)) {
-			upstream->write_queue_last = NULL;
+		remove_from_write_queue(upstream, netreq);
+
+		/* Empty write_queue?, then deschedule upstream write_cb */
+		if (upstream->write_queue == NULL) {
+			assert(upstream->write_queue_last == NULL);
 			GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 			upstream->event.write_cb = NULL;
 			/* Reschedule (if already reading) to clear writable */

From ce4c44830d0587dd129b2c7a3e990ef9968177da Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 16 Oct 2017 15:26:00 +0200
Subject: [PATCH 118/140] Unused variables

---
 src/stub.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/stub.c b/src/stub.c
index cf63e3de..46f0056a 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -498,7 +498,6 @@ stub_cleanup(getdns_network_req *netreq)
 	DEBUG_STUB("%s %-35s: MSG: %p\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, (void*)netreq);
 	getdns_dns_req *dnsreq = netreq->owner;
-	getdns_network_req *r, *prev_r;
 	getdns_upstream *upstream;
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);

From 11e4635f2be0bb0c74b6a347f31e1b7ecd293aaf Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 13:32:41 +0200
Subject: [PATCH 119/140] Dependencies

---
 src/Makefile.in | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index f77b7447..f20a7a90 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -293,7 +293,7 @@ anchor.lo anchor.o: $(srcdir)/anchor.c \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
  $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h
+ $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/platform.h
 const-info.lo const-info.o: $(srcdir)/const-info.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -309,8 +309,8 @@ context.lo context.o: $(srcdir)/context.c \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/dnssec.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
 convert.lo convert.o: $(srcdir)/convert.c \
  config.h \
  getdns/getdns.h \
@@ -362,7 +362,7 @@ general.lo general.o: $(srcdir)/general.c \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/dict.h $(srcdir)/mdns.h
+ $(srcdir)/dict.h $(srcdir)/mdns.h $(srcdir)/platform.h
 list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -383,8 +383,8 @@ mdns.lo mdns.o: $(srcdir)/mdns.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h $(srcdir)/mdns.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h \
+ $(srcdir)/platform.h $(srcdir)/mdns.h $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
  $(srcdir)/util/orig-headers/lookup3.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
  config.h \
@@ -434,7 +434,7 @@ server.lo server.o: $(srcdir)/server.c \
  $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/platform.h
 stub.lo stub.o: $(srcdir)/stub.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/stub.h \
@@ -447,7 +447,7 @@ stub.lo stub.o: $(srcdir)/stub.c \
  $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
+ $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
 sync.lo sync.o: $(srcdir)/sync.c \
  getdns/getdns.h \
  config.h \
@@ -574,10 +574,15 @@ libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
 poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
  config.h \
- $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/util-internal.h $(srcdir)/context.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
+ $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/platform.h
 select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
  config.h \
  $(srcdir)/debug.h $(srcdir)/types-internal.h \

From ee4feb0cc68ed32f666c100f0bc6ad6259565d44 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 13:32:56 +0200
Subject: [PATCH 120/140] Clean parallel builds too

---
 src/test/tpkg/clean.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/tpkg/clean.sh b/src/test/tpkg/clean.sh
index 60e4ef42..a405d5b0 100755
--- a/src/test/tpkg/clean.sh
+++ b/src/test/tpkg/clean.sh
@@ -3,5 +3,5 @@
 export SRCDIR=`dirname $0`
 (	cd $SRCDIR
 	./tpkg clean
-	rm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info
+	rm -fr build build-stub-only build-event-loops build-static-analysis install scan-build-reports .tpkg.var.master *.info Makefile
 )

From f83c8e217e38ff3052f9b966dc12b41593697dd8 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 13:47:29 +0200
Subject: [PATCH 121/140] Decrease assumptions based on network_by_query_id

---
 src/request-internal.c |  17 ++++++
 src/stub.c             | 119 +++++++++++++++++------------------------
 src/types-internal.h   |   4 +-
 3 files changed, 68 insertions(+), 72 deletions(-)

diff --git a/src/request-internal.c b/src/request-internal.c
index 26bd3df2..c9f27db0 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -107,6 +107,12 @@ network_req_cleanup(getdns_network_req *net_req)
 {
 	assert(net_req);
 
+	if (net_req->query_id_registered) {
+		(void) _getdns_rbtree_delete(
+		    net_req->query_id_registered, net_req->node.key);
+		net_req->query_id_registered = NULL;
+		net_req->node.key = NULL;
+	}
 	if (net_req->response && (net_req->response < net_req->wire_data ||
 	    net_req->response > net_req->wire_data+ net_req->wire_data_sz))
 		GETDNS_FREE(net_req->owner->my_mf, net_req->response);
@@ -123,6 +129,12 @@ netreq_reset(getdns_network_req *net_req)
 	 */
 	net_req->unbound_id = -1;
 	_getdns_netreq_change_state(net_req, NET_REQ_NOT_SENT);
+	if (net_req->query_id_registered) {
+		(void) _getdns_rbtree_delete(net_req->query_id_registered,
+		    (void *)(intptr_t)GLDNS_ID_WIRE(net_req->query));
+		net_req->query_id_registered = NULL;
+		net_req->node.key = NULL;
+	}
 	net_req->dnssec_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->tsig_status = GETDNS_DNSSEC_INDETERMINATE;
 	net_req->response_len = 0;
@@ -196,6 +208,11 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	/* Scheduling, touch only via _getdns_netreq_change_state!
 	 */
 	net_req->state = NET_REQ_NOT_SENT;
+	/* A registered netreq (on a statefull transport)
+	 * Deregister on reset and cleanup.
+	 */
+	net_req->query_id_registered = NULL;
+	net_req->node.key = NULL;
 
 	if (max_query_sz == 0) {
 		net_req->query    = NULL;
diff --git a/src/stub.c b/src/stub.c
index 46f0056a..31bfb786 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -83,8 +83,7 @@ static void upstream_write_cb(void *userarg);
 static void upstream_idle_timeout_cb(void *userarg);
 static void upstream_schedule_netreq(getdns_upstream *upstream, 
                                      getdns_network_req *netreq);
-static void upstream_reschedule_events(getdns_upstream *upstream, 
-                                     uint64_t idle_timeout);
+static void upstream_reschedule_events(getdns_upstream *upstream);
 static int  upstream_working_ok(getdns_upstream *upstream);
 static int  upstream_auth_status_ok(getdns_upstream *upstream, 
                                     getdns_network_req *netreq);
@@ -498,20 +497,20 @@ stub_cleanup(getdns_network_req *netreq)
 	DEBUG_STUB("%s %-35s: MSG: %p\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, (void*)netreq);
 	getdns_dns_req *dnsreq = netreq->owner;
-	getdns_upstream *upstream;
 
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
-	/* Nothing globally scheduled? Then nothing queued */
-	if (!netreq->upstream || !(upstream = netreq->upstream)->event.ev)
-		return;
-
-	/* Delete from upstream->netreq_by_query_id (if present) */
-	(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
-	    (void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
-
-	remove_from_write_queue(upstream, netreq);
-	upstream_reschedule_events(upstream, upstream->keepalive_timeout);
+	if (netreq->query_id_registered) {
+		(void) _getdns_rbtree_delete(
+		    netreq->query_id_registered, netreq->node.key);
+		netreq->query_id_registered = NULL;
+		netreq->node.key = NULL;
+	}
+	if (netreq->upstream) {
+		remove_from_write_queue(netreq->upstream, netreq);
+		if (netreq->upstream->event.ev)
+			upstream_reschedule_events(netreq->upstream);
+	}
 }
 
 static void
@@ -528,14 +527,6 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 	if (during_setup) {
 		/* Reset timeout on setup failure to trigger fallback handling.*/
 		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
-		/* Need this check because if the setup failed because the interface is
-		   not up we get -1 and then a seg fault. Found when using IPv6 address
-		   but IPv6 interface not enabled.*/
-		if (upstream->fd != -1) {
-			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, TIMEOUT_FOREVER,
-			    getdns_eventloop_event_init(&upstream->event, upstream,
-			     NULL, upstream_write_cb, NULL));
-		}
 		/* Special case if failure was due to authentication issues since this
 		   upstream could be used oppotunistically with no problem.*/
 		if (!(upstream->transport == GETDNS_TRANSPORT_TLS &&
@@ -545,6 +536,14 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 		upstream->conn_shutdowns++;
 		/* [TLS1]TODO: Re-try these queries if possible.*/
 	}
+	upstream->conn_state = GETDNS_CONN_TEARDOWN;
+
+	if (upstream->write_queue) {
+		if (!during_setup)
+			during_setup = -1;
+		while (upstream->write_queue)
+			upstream_write_cb(upstream);
+	}
 	while (upstream->netreq_by_query_id.count) {
 		netreq = (getdns_network_req *)
 		    _getdns_rbtree_first(&upstream->netreq_by_query_id);
@@ -552,7 +551,13 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		_getdns_check_dns_req_complete(netreq->owner);
 	}
-	upstream->conn_state = GETDNS_CONN_TEARDOWN;
+	if (during_setup == 0)
+		return;
+
+	else if (during_setup > 0)
+		_getdns_upstream_reset(upstream);
+	else
+		_getdns_upstream_shutdown(upstream);
 }
 
 void
@@ -613,42 +618,12 @@ upstream_idle_timeout_cb(void *userarg)
 static void
 upstream_setup_timeout_cb(void *userarg)
 {
-	int ret;
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
-#ifdef USE_POLL_DEFAULT_EVENTLOOP
-	struct pollfd fds;
-#else
-	fd_set fds;
-	struct timeval tval;
-#endif
 
 	DEBUG_STUB("%s %-35s: FD:  %d\n",
 	           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
-	/* Clean up and trigger a write to let the fallback code to its job */
-	upstream_failed(upstream, 1);
 
-	/* Need to handle the case where the far end doesn't respond to a
-	 * TCP SYN and doesn't do a reset (as is the case with e.g. 8.8.8.8@853).
-	 * For that case the socket never becomes writable so doesn't trigger any
-	 * callbacks. If so then clear out the queue in one go.*/
-#ifdef USE_POLL_DEFAULT_EVENTLOOP
-	fds.fd = upstream->fd;
-	fds.events = POLLOUT;
-	ret = _getdns_poll(&fds, 1, 0);
-#else
-	FD_ZERO(&fds);
-	FD_SET((int)(upstream->fd), &fds);
-	tval.tv_sec = 0;
-	tval.tv_usec = 0;
-	ret = select(upstream->fd+1, NULL, &fds, NULL, &tval);
-#endif
-	if (ret == 0) {
-		DEBUG_STUB("%s %-35s: FD:  %d Cleaning up dangling queue\n",
-		           STUB_DEBUG_CLEANUP, __FUNC__, upstream->fd);
-		while (upstream->write_queue)
-			upstream_write_cb(upstream);
-	}
-	_getdns_upstream_reset(upstream);
+	upstream_failed(upstream, 1);
 }
 
 
@@ -748,6 +723,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 
 		} while (!_getdns_rbtree_insert(
 		    &netreq->upstream->netreq_by_query_id, &netreq->node));
+		netreq->query_id_registered = &netreq->upstream->netreq_by_query_id;
 
 		GLDNS_ID_SET(netreq->query, query_id);
 
@@ -1241,6 +1217,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
 
 		} while (!_getdns_rbtree_insert(
 		    &netreq->upstream->netreq_by_query_id, &netreq->node));
+		netreq->query_id_registered = &netreq->upstream->netreq_by_query_id;
 
 		GLDNS_ID_SET(netreq->query, query_id);
 
@@ -1555,12 +1532,9 @@ upstream_read_cb(void *userarg)
 	case STUB_SETUP_ERROR:  /* Can happen for TLS HS*/
 	case STUB_TCP_ERROR:
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1) );
-		if (!upstream->write_queue)
-			_getdns_upstream_shutdown(upstream);
 		return;
 
 	default:
-
 		/* Lookup netreq */
 		query_id = (uint16_t) q;
 		query_id_intptr = (intptr_t) query_id;
@@ -1572,7 +1546,16 @@ upstream_read_cb(void *userarg)
 			upstream->tcp.to_read = 2;
 			return;
 		}
+		if (netreq->query_id_registered == &upstream->netreq_by_query_id) {
+			netreq->query_id_registered = NULL;
+			netreq->node.key = NULL;
 
+		} else if (netreq->query_id_registered) {
+			(void) _getdns_rbtree_delete(
+			    netreq->query_id_registered, netreq->node.key);
+			netreq->query_id_registered = NULL;
+			netreq->node.key = NULL;
+		}
 		DEBUG_STUB("%s %-35s: MSG: %p (read)\n",
 		    STUB_DEBUG_READ, __FUNC__, (void*)netreq);
 		_getdns_netreq_change_state(netreq, NET_REQ_FINISHED);
@@ -1685,10 +1668,8 @@ upstream_write_cb(void *userarg)
 		/* Could not complete the set up. Need to fallback.*/
 		DEBUG_STUB("%s %-35s: Upstream: %p ERROR = %d\n", STUB_DEBUG_WRITE,
 		             __FUNC__, (void*)userarg, q);
-		(void) _getdns_rbtree_delete(&upstream->netreq_by_query_id,
-		    (void *)(intptr_t)GLDNS_ID_WIRE(netreq->query));
 		upstream_failed(upstream, (q == STUB_TCP_ERROR ? 0:1));
-		/* Fall through */
+		return;
 	case STUB_CONN_GONE:
 	case STUB_NO_AUTH:
 		/* Cleaning up after connection or auth check failure. Need to fallback. */
@@ -1702,11 +1683,12 @@ upstream_write_cb(void *userarg)
 			_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 			_getdns_check_dns_req_complete(netreq->owner);
 		}
-		if (!upstream->write_queue)
-			_getdns_upstream_shutdown(upstream);
 		return;
 
 	default:
+		/* Unqueue the netreq from the write_queue */
+		remove_from_write_queue(upstream, netreq);
+
 		if (netreq->owner->return_call_reporting &&
 		    netreq->upstream->tls_obj &&
 		    netreq->debug_tls_peer_cert.data == NULL &&
@@ -1719,9 +1701,6 @@ upstream_write_cb(void *userarg)
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
 		upstream->queries_sent++;
 
-		/* Unqueue the netreq from the write_queue */
-		remove_from_write_queue(upstream, netreq);
-
 		/* Empty write_queue?, then deschedule upstream write_cb */
 		if (upstream->write_queue == NULL) {
 			assert(upstream->write_queue_last == NULL);
@@ -2015,7 +1994,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 		fd = tcp_connect(upstream, transport);
 		if (fd == -1) {
 			upstream_failed(upstream, 1);
-			_getdns_upstream_reset(upstream);
 			return -1;
 		}
 		upstream->loop = dnsreq->loop;
@@ -2025,7 +2003,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
 			upstream->tls_obj = tls_create_object(dnsreq, fd, upstream);
 			if (upstream->tls_obj == NULL) {
 				upstream_failed(upstream, 1);
-				_getdns_upstream_reset(upstream);
 				_getdns_closesocket(fd);
 				return -1;
 			}
@@ -2137,7 +2114,7 @@ fallback_on_write(getdns_network_req *netreq)
 }
 
 static void
-upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
+upstream_reschedule_events(getdns_upstream *upstream) {
 
 	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_SCHEDULE, 
 	             __FUNC__, upstream->fd);
@@ -2159,7 +2136,8 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 		    upstream->fd, TIMEOUT_FOREVER, &upstream->event);
 	else {
 		DEBUG_STUB("%s %-35s: FD:  %d Connection idle - timeout is %d\n", 
-			    STUB_DEBUG_SCHEDULE, __FUNC__, upstream->fd, (int)idle_timeout);
+			    STUB_DEBUG_SCHEDULE, __FUNC__, upstream->fd,
+			    (int)upstream->keepalive_timeout);
 		/* TODO: Schedule a read also anyway,
 		 *       to digest timed out answers.
 		 *       Dont forget to schedule with upstream->fd then!
@@ -2167,10 +2145,9 @@ upstream_reschedule_events(getdns_upstream *upstream, uint64_t idle_timeout) {
 		 * upstream->event.read_cb = upstream_read_cb;
 		 */
 		upstream->event.timeout_cb = upstream_idle_timeout_cb;
-		if (upstream->conn_state != GETDNS_CONN_OPEN)
-			idle_timeout = 0;
 		GETDNS_SCHEDULE_EVENT(upstream->loop, -1, 
-		    idle_timeout, &upstream->event);
+		    ( upstream->conn_state == GETDNS_CONN_OPEN
+		    ? upstream->keepalive_timeout : 0), &upstream->event);
 	}
 }
 
diff --git a/src/types-internal.h b/src/types-internal.h
index 56b7a2f0..05589f4a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -188,7 +188,9 @@ typedef struct getdns_tcp_state {
 typedef struct getdns_network_req
 {
 	/* For storage in upstream->netreq_by_query_id */
-	_getdns_rbnode_t node;
+	_getdns_rbnode_t  node;
+	/* The netreq_by_query_id tree in which this netreq was registered */
+	_getdns_rbtree_t *query_id_registered;
 #ifdef HAVE_MDNS_SUPPORT
 	/*
 	 * for storage of continuous query context in hash table of cached results. 

From dc5a78b154183d42148277d8d7fd55f84d4c111c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 14:19:59 +0200
Subject: [PATCH 122/140] Printing something which is not on stack

(causing segfault in some cases)
---
 src/stub.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 31bfb786..5eb1705a 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1907,8 +1907,8 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		upstream->conn_state = GETDNS_CONN_CLOSED;
 		upstream->conn_backoff_interval = 1;
 		_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
-		    "%-40s : No valid upstreams... promoting backed-off upstream %s for re-try...\n",
-	            upstreams->upstreams[i].addr_str);
+		    "%-40s : No valid upstreams... promoting this backed-off upstream for re-try...\n",
+		    upstream->addr_str);
 		return upstream;
 	}
 

From fa597399e2d214685163d025809c67245769dd37 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 15:14:09 +0200
Subject: [PATCH 123/140] Update stubby

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index d541e605..c9e89293 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit d541e60530717f590d4a4a9d458f987cbe90fc59
+Subproject commit c9e89293beac4fe599024bfb021cb2ae832cc93f

From eedd1a14482393505e2dfc1c0f6b80f76d851b5d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 17 Oct 2017 16:58:01 +0200
Subject: [PATCH 124/140] Eat incoming garbage on statefull transports

Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
---
 src/context.c            | 15 +++++++++++----
 src/stub.c               | 26 ++++++++++++--------------
 src/sync.c               | 34 ++++++++++++++--------------------
 src/tools/getdns_query.c | 17 ++++++++++++-----
 4 files changed, 49 insertions(+), 43 deletions(-)

diff --git a/src/context.c b/src/context.c
index 3456bfa0..ccbb52a1 100644
--- a/src/context.c
+++ b/src/context.c
@@ -800,6 +800,10 @@ _getdns_upstream_reset(getdns_upstream *upstream)
 
 	/* Now TLS stuff*/
 	upstream->tls_auth_state = GETDNS_AUTH_NONE;
+	if (upstream->event.ev && upstream->loop) {
+		upstream->loop->vmt->clear(
+		    upstream->loop, &upstream->event);
+	}
 	if (upstream->tls_obj != NULL) {
 		SSL_shutdown(upstream->tls_obj);
 		SSL_free(upstream->tls_obj);
@@ -2769,11 +2773,14 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
 	struct addrinfo hints;
 
 	RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
-	RETURN_IF_NULL(upstream_list, GETDNS_RETURN_INVALID_PARAMETER);
 
-	r = getdns_list_get_length(upstream_list, &count);
-	if (count == 0 || r != GETDNS_RETURN_GOOD) {
-		return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
+	if (  !upstream_list
+	   || (r = getdns_list_get_length(upstream_list, &count))
+	   || count == 0) {
+		_getdns_upstreams_dereference(context->upstreams);
+		context->upstreams = NULL;
+		dispatch_updated(context,
+			GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS);
 	}
 	memset(&hints, 0, sizeof(struct addrinfo));
 	hints.ai_family    = AF_UNSPEC;      /* Allow IPv4 or IPv6 */
diff --git a/src/stub.c b/src/stub.c
index 5eb1705a..fda8df8f 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -551,10 +551,7 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		_getdns_check_dns_req_complete(netreq->owner);
 	}
-	if (during_setup == 0)
-		return;
-
-	else if (during_setup > 0)
+	if (during_setup > 0)
 		_getdns_upstream_reset(upstream);
 	else
 		_getdns_upstream_shutdown(upstream);
@@ -2118,7 +2115,13 @@ upstream_reschedule_events(getdns_upstream *upstream) {
 
 	DEBUG_STUB("%s %-35s: FD:  %d \n", STUB_DEBUG_SCHEDULE, 
 	             __FUNC__, upstream->fd);
-	GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
+	if (upstream->event.ev)
+		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
+
+	if (upstream->fd == -1 || !(  upstream->conn_state == GETDNS_CONN_SETUP
+	                           || upstream->conn_state == GETDNS_CONN_OPEN ))
+		return;
+
 	if (!upstream->write_queue && upstream->event.write_cb) {
 		upstream->event.write_cb = NULL;
 	}
@@ -2138,16 +2141,11 @@ upstream_reschedule_events(getdns_upstream *upstream) {
 		DEBUG_STUB("%s %-35s: FD:  %d Connection idle - timeout is %d\n", 
 			    STUB_DEBUG_SCHEDULE, __FUNC__, upstream->fd,
 			    (int)upstream->keepalive_timeout);
-		/* TODO: Schedule a read also anyway,
-		 *       to digest timed out answers.
-		 *       Dont forget to schedule with upstream->fd then!
-		 *
-		 * upstream->event.read_cb = upstream_read_cb;
-		 */
+
+		upstream->event.read_cb = upstream_read_cb;
 		upstream->event.timeout_cb = upstream_idle_timeout_cb;
-		GETDNS_SCHEDULE_EVENT(upstream->loop, -1, 
-		    ( upstream->conn_state == GETDNS_CONN_OPEN
-		    ? upstream->keepalive_timeout : 0), &upstream->event);
+		GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, 
+		    upstream->keepalive_timeout, &upstream->event);
 	}
 }
 
diff --git a/src/sync.c b/src/sync.c
index c618b0e4..debf904b 100644
--- a/src/sync.c
+++ b/src/sync.c
@@ -116,30 +116,24 @@ getdns_sync_data_cleanup(getdns_sync_data *data)
 		upstream = &ctxt->upstreams->upstreams[i];
 		if (upstream->loop != &data->context->sync_eventloop.loop)
 			continue;
-		if (upstream->event.read_cb || upstream->event.write_cb) {
-			GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
-
-		} else if (upstream->event.timeout_cb) {
-			/* Timeout's at upstream are idle-timeouts only.
-			 * They should be fired on completion of the
-			 * synchronous request.
-			 */
-			GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
-			if (upstream->conn_state != GETDNS_CONN_OPEN ||
-			    upstream->keepalive_timeout == 0)
-				(*upstream->event.timeout_cb)(upstream->event.userarg);
+		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
+		if (upstream->event.timeout_cb &&
+		    (  upstream->conn_state != GETDNS_CONN_OPEN
+		    || upstream->keepalive_timeout == 0)) {
+			(*upstream->event.timeout_cb)(upstream->event.userarg);
+			upstream->event.timeout_cb = NULL;
 		}
 		upstream->loop = data->context->extension;
 		upstream->is_sync_loop = 0;
-		if (upstream->event.read_cb || upstream->event.write_cb)
-			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
-			    TIMEOUT_FOREVER, &upstream->event);
 
-		else if (upstream->event.timeout_cb &&
-		    upstream->conn_state == GETDNS_CONN_OPEN &&
-		    upstream->keepalive_timeout != 0) {
-			GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
-			    upstream->keepalive_timeout, &upstream->event);
+		if (  upstream->event.read_cb || upstream->event.write_cb
+		   || upstream->event.timeout_cb) {
+			GETDNS_SCHEDULE_EVENT(upstream->loop,
+			    (  upstream->event.read_cb
+			    || upstream->event.write_cb ? upstream->fd : -1),
+			    (  upstream->event.timeout_cb
+			    ?  upstream->keepalive_timeout : TIMEOUT_FOREVER ),
+			    &upstream->event);
 		}
 	}
 }
diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index eff84136..b886ae59 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1279,7 +1279,8 @@ void read_line_cb(void *userarg)
 		if (listen_count)
 			(void) getdns_context_set_listen_addresses(
 			    context, NULL, NULL, NULL);
-		(void) getdns_context_set_idle_timeout(context, 0);
+		(void) getdns_context_set_upstream_recursive_servers(
+		    context, NULL);
 		return;
 	}
 	if (query_file && verbosity)
@@ -1678,16 +1679,22 @@ static void stubby_log(void *userarg, uint64_t system,
 #ifdef GETDNS_ON_WINDOWS
 	time_t tsec;
 
+	if (!verbosity)
+		return;
+
 	gettimeofday(&tv, NULL);
 	tsec = (time_t) tv.tv_sec;
 	gmtime_s(&tm, (const time_t *) &tsec);
 #else
+	if (!verbosity)
+		return;
+
 	gettimeofday(&tv, NULL);
 	gmtime_r(&tv.tv_sec, &tm);
 #endif
 	strftime(buf, 10, "%H:%M:%S", &tm);
 	(void)userarg; (void)system; (void)level;
-	(void) fprintf(stderr, "[%s.%.6d] STUBBY: ", buf, (int)tv.tv_usec);
+	(void) fprintf(stderr, "[%s.%.6d] UPSTREAM ", buf, (int)tv.tv_usec);
 	(void) vfprintf(stderr, fmt, ap);
 }
 
@@ -1741,10 +1748,10 @@ main(int argc, char **argv)
 			(void) parse_config_file(home_stubby_conf_fn, 0);
 		}
 		clear_listen_list_on_arg = 1;
-
-		(void) getdns_context_set_logfunc(context, NULL,
-		    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, stubby_log);
 	}
+	(void) getdns_context_set_logfunc(context, NULL,
+	    GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG, stubby_log);
+
 	if ((r = parse_args(argc, argv)))
 		goto done_destroy_context;
 	clear_listen_list_on_arg = 0;

From 87879783ec9d348698903f7ad02109c424ade752 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 18 Oct 2017 14:33:59 +0200
Subject: [PATCH 125/140] Postpone dealing with upstream derenferencing issue

---
 src/tools/getdns_query.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c
index b886ae59..53e546e2 100644
--- a/src/tools/getdns_query.c
+++ b/src/tools/getdns_query.c
@@ -1279,8 +1279,9 @@ void read_line_cb(void *userarg)
 		if (listen_count)
 			(void) getdns_context_set_listen_addresses(
 			    context, NULL, NULL, NULL);
-		(void) getdns_context_set_upstream_recursive_servers(
-		    context, NULL);
+		if (interactive && !query_file)
+			(void) getdns_context_set_upstream_recursive_servers(
+			    context, NULL);
 		return;
 	}
 	if (query_file && verbosity)

From 8886c5317dc18576e9dec8928ccda1b499d73bcb Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Thu, 19 Oct 2017 10:36:46 +0100
Subject: [PATCH 126/140] Fix 2 bugs: - backoff time was not incrementing
 correctly - best authentication information state was not being kept for
 shutdowns during setup (needed if e.g. hostname authentication failed during
 handshake).

---
 src/context.c |  3 ++-
 src/stub.c    | 11 +++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/context.c b/src/context.c
index ccbb52a1..01688105 100644
--- a/src/context.c
+++ b/src/context.c
@@ -754,8 +754,9 @@ upstream_backoff(getdns_upstream *upstream) {
 	upstream->conn_shutdowns = 0;
 	upstream->conn_backoffs++;
 	_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
-	    "%-40s : !Backing off this upstream    - Will retry again at %s",
+	    "%-40s : !Backing off this upstream    - Will retry again in %ds at %s",
 	            upstream->addr_str,
+	            upstream->conn_backoff_interval,
 	            asctime(gmtime(&upstream->conn_retry_time)));
 }
 
diff --git a/src/stub.c b/src/stub.c
index fda8df8f..3a114712 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -551,10 +551,7 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 		_getdns_netreq_change_state(netreq, NET_REQ_ERRORED);
 		_getdns_check_dns_req_complete(netreq->owner);
 	}
-	if (during_setup > 0)
-		_getdns_upstream_reset(upstream);
-	else
-		_getdns_upstream_shutdown(upstream);
+	_getdns_upstream_shutdown(upstream);
 }
 
 void
@@ -957,8 +954,11 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
 		X509_VERIFY_PARAM_set1_host(param, upstream->tls_auth_name, 0);
 #else
 		if (dnsreq->netreqs[0]->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED) {
-			DEBUG_STUB("%s %-35s: ERROR: TLS Authentication functionality not available\n",
+			DEBUG_STUB("%s %-35s: ERROR: Hostname Authentication not available from TLS library (check library version)\n",
 		           STUB_DEBUG_SETUP_TLS, __FUNC__);
+			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR, 
+			    "%-40s : ERROR: Hostname Authentication not available from TLS library (check library version)\n",
+			    upstream->addr_str);
 			upstream->tls_hs_state = GETDNS_HS_FAILED;
 			return NULL;
 		}
@@ -1843,7 +1843,6 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
 		if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
 		    upstreams->upstreams[i].conn_retry_time < now) {
 			upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
-			upstreams->upstreams[i].conn_backoff_interval = 1;
 			_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
 			    "%-40s : Re-instating upstream\n",
 		            upstreams->upstreams[i].addr_str);

From 272d0cf0efbae3b03bd02e29bdf20bb0e5b2d550 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 19 Oct 2017 12:35:10 +0200
Subject: [PATCH 127/140] Allow clearing of upstreams

---
 src/test/check_getdns_context_set_upstream_recursive_servers.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/check_getdns_context_set_upstream_recursive_servers.h b/src/test/check_getdns_context_set_upstream_recursive_servers.h
index e1bb359f..85089e3c 100644
--- a/src/test/check_getdns_context_set_upstream_recursive_servers.h
+++ b/src/test/check_getdns_context_set_upstream_recursive_servers.h
@@ -65,7 +65,7 @@
       CONTEXT_CREATE(TRUE);
 
       ASSERT_RC(getdns_context_set_upstream_recursive_servers(context, NULL),
-        GETDNS_RETURN_INVALID_PARAMETER, "Return code from getdns_context_set_upstream_recursive_servers()");
+        GETDNS_RETURN_GOOD, "Return code from getdns_context_set_upstream_recursive_servers()");
 
 
       CONTEXT_DESTROY;        

From f8e1ed78b8e249963d0d63becd84bb3a76709b6d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 19 Oct 2017 12:48:58 +0200
Subject: [PATCH 128/140] Make upstream_reset static (and not shared between .c
 files)

---
 src/context.c | 4 ++--
 src/context.h | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/context.c b/src/context.c
index 01688105..994a9ac4 100644
--- a/src/context.c
+++ b/src/context.c
@@ -733,7 +733,7 @@ void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
 	va_end(args);
 }
 
-void
+static void
 upstream_backoff(getdns_upstream *upstream) {
 	upstream->conn_state = GETDNS_CONN_BACKOFF;
 	/* Increase the backoff interval incrementally up to the tls_backoff_time*/
@@ -760,7 +760,7 @@ upstream_backoff(getdns_upstream *upstream) {
 	            asctime(gmtime(&upstream->conn_retry_time)));
 }
 
-void
+static void
 _getdns_upstream_reset(getdns_upstream *upstream)
 {
 	/* Back off connections that never got up service at all (probably no
diff --git a/src/context.h b/src/context.h
index 46f000c0..1a6d93a4 100644
--- a/src/context.h
+++ b/src/context.h
@@ -557,6 +557,4 @@ int _getdns_context_write_priv_file(getdns_context *context,
 
 int _getdns_context_can_write_appdata(getdns_context *context);
 
-void _getdns_upstream_reset(getdns_upstream *upstream);
-
 #endif /* _GETDNS_CONTEXT_H_ */

From fc073267f1d37f964a6f694eb2b640812ee91153 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 19 Oct 2017 14:14:37 +0200
Subject: [PATCH 129/140] Dead assignment

---
 src/stub.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 3a114712..49af9d8c 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -524,9 +524,8 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 	   when idle.*/
 	/* [TLS1]TODO: Work out how to re-open the connection and re-try
 	   the queries if there is only one upstream.*/
+	GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 	if (during_setup) {
-		/* Reset timeout on setup failure to trigger fallback handling.*/
-		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
 		/* Special case if failure was due to authentication issues since this
 		   upstream could be used oppotunistically with no problem.*/
 		if (!(upstream->transport == GETDNS_TRANSPORT_TLS &&
@@ -538,12 +537,9 @@ upstream_failed(getdns_upstream *upstream, int during_setup)
 	}
 	upstream->conn_state = GETDNS_CONN_TEARDOWN;
 
-	if (upstream->write_queue) {
-		if (!during_setup)
-			during_setup = -1;
-		while (upstream->write_queue)
-			upstream_write_cb(upstream);
-	}
+	while (upstream->write_queue)
+		upstream_write_cb(upstream);
+
 	while (upstream->netreq_by_query_id.count) {
 		netreq = (getdns_network_req *)
 		    _getdns_rbtree_first(&upstream->netreq_by_query_id);

From 971d876c70ec354c948d782a0414b3b83043d7a1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 20 Oct 2017 15:59:42 +0200
Subject: [PATCH 130/140] Dependencies

---
 src/Makefile.in | 146 +++++++++++++++++++++++++++---------------------
 1 file changed, 83 insertions(+), 63 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index a10d04c8..594f714b 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -281,7 +281,8 @@ depend:
 FORCE:
 
 # Dependencies for gldns, utils, the extensions and compat functions
-anchor.lo anchor.o: $(srcdir)/anchor.c config.h \
+anchor.lo anchor.o: $(srcdir)/anchor.c \
+ config.h \
  $(srcdir)/debug.h $(srcdir)/anchor.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -297,8 +298,10 @@ const-info.lo const-info.o: $(srcdir)/const-info.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c config.h \
- $(srcdir)/anchor.h getdns/getdns.h \
+context.lo context.o: $(srcdir)/context.c \
+ config.h \
+ $(srcdir)/anchor.h \
+ getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
@@ -314,26 +317,28 @@ convert.lo convert.o: $(srcdir)/convert.c \
  getdns/getdns_extra.h \
  $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
  $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
  $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h $(srcdir)/convert.h \
- $(srcdir)/debug.h
-dict.lo dict.o: $(srcdir)/dict.c config.h \
+ $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h $(srcdir)/convert.h
+dict.lo dict.o: $(srcdir)/dict.c \
+ config.h \
  $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
  $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h \
- $(srcdir)/debug.h getdns/getdns.h \
+dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
  $(srcdir)/context.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
@@ -345,13 +350,15 @@ dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h \
  $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
  $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
  $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c config.h \
- $(srcdir)/general.h getdns/getdns.h \
+general.lo general.o: $(srcdir)/general.c \
+ config.h \
+ $(srcdir)/general.h \
+ getdns/getdns.h \
  $(srcdir)/types-internal.h \
  getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
@@ -360,13 +367,14 @@ list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ config.h \
+ $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c config.h \
+mdns.lo mdns.o: $(srcdir)/mdns.c \
+ config.h \
  $(srcdir)/debug.h $(srcdir)/context.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
@@ -378,10 +386,13 @@ mdns.lo mdns.o: $(srcdir)/mdns.c config.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h \
  $(srcdir)/platform.h $(srcdir)/mdns.h $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
  $(srcdir)/util/orig-headers/lookup3.h
-platform.lo platform.o: $(srcdir)/platform.c
+platform.lo platform.o: $(srcdir)/platform.c $(srcdir)/platform.h \
+ config.h
 pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h $(srcdir)/debug.h \
- getdns/getdns.h $(srcdir)/context.h \
+ config.h \
+ $(srcdir)/debug.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
@@ -390,16 +401,17 @@ pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
 request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h $(srcdir)/types-internal.h \
+ config.h \
+ $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dict.h $(srcdir)/debug.h $(srcdir)/convert.h $(srcdir)/general.h
+ $(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
 rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  config.h \
  getdns/getdns.h \
@@ -407,7 +419,7 @@ rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
  $(srcdir)/dict.h
@@ -415,12 +427,13 @@ rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.
  config.h \
  getdns/getdns.h \
  $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c config.h \
+server.lo server.o: $(srcdir)/server.c \
+ config.h \
  getdns/getdns_extra.h \
- getdns/getdns.h $(srcdir)/context.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
+ getdns/getdns.h \
+ $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/platform.h
@@ -444,45 +457,50 @@ sync.lo sync.o: $(srcdir)/sync.c \
  getdns/getdns_extra.h \
  $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
  $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
+ $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
  $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
 ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h
+ config.h \
+ getdns/getdns.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
 util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
  config.h \
- getdns/getdns.h $(srcdir)/dict.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h $(srcdir)/list.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
+ getdns/getdns.h \
+ $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
+ getdns/getdns_extra.h \
+ $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
+ $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
  $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
  $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
  $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
  $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
 gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h $(srcdir)/gldns/gbuffer.h
+ config.h \
+ $(srcdir)/gldns/gbuffer.h
 keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/gldns/rrdef.h
+ config.h \
+ $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
 parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h $(srcdir)/gldns/parse.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
+ config.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
 parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h $(srcdir)/gldns/parseutil.h
+ config.h \
+ $(srcdir)/gldns/parseutil.h
 rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/gldns/parseutil.h
+ config.h \
+ $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
 str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h \
- $(srcdir)/gldns/parseutil.h
+ config.h \
+ $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
+ $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
 wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
+ config.h \
+ $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
+ $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
 arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
  config.h
 arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
@@ -511,7 +529,8 @@ strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
  config.h
 strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
  config.h
-locks.lo locks.o: $(srcdir)/util/locks.c config.h \
+locks.lo locks.o: $(srcdir)/util/locks.c \
+ config.h \
  $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
 lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
  config.h \
@@ -523,10 +542,10 @@ lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
  $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
 rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h $(srcdir)/util/auxiliary/log.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/fptr_wlist.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h
+ config.h \
+ $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
+ $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
+ $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
 val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
  config.h \
  $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
@@ -538,18 +557,20 @@ val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
 jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
 yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
 libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h $(srcdir)/types-internal.h \
+ config.h \
+ $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
 libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h $(srcdir)/types-internal.h \
+ config.h \
+ $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
 libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h $(srcdir)/debug.h \
- $(srcdir)/types-internal.h \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
@@ -565,8 +586,8 @@ poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
  $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
  $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/platform.h
 select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h $(srcdir)/debug.h \
- $(srcdir)/types-internal.h \
+ config.h \
+ $(srcdir)/debug.h $(srcdir)/types-internal.h \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/platform.h \
@@ -576,4 +597,3 @@ stubby.lo stubby.o: $(stubbysrcdir)/src/stubby.c \
  getdns/getdns.h \
  getdns/getdns_extra.h \
  $(stubbysrcdir)/src/yaml/convert_yaml_to_json.h
-version.lo version.o: $(stubbysrcdir)/src/version.c

From d3b13c2bc93afa7e184d432f68d7da9102cebcb1 Mon Sep 17 00:00:00 2001
From: Sara Dickinson <sara@sinodun.com>
Date: Fri, 20 Oct 2017 16:22:03 +0100
Subject: [PATCH 131/140] Update stubby to use the 0.1.4 release

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index c9e89293..0cbd46ea 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit c9e89293beac4fe599024bfb021cb2ae832cc93f
+Subproject commit 0cbd46ea6d0da727c42b0890d498366cd2b1ec2c

From 8e12d86fc307db6b50803d1a1ea78227824369c3 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Sun, 22 Oct 2017 17:36:45 +0200
Subject: [PATCH 132/140] Fix a linking issue in stubby when libbsd is present

When libbsd is found on the system during the configure, the result
of `pkg-config --cflags libbsd-overlay` is added to `CFLAGS`:

`-DLIBBSD_OVERLAY -isystem /usr/include/bsd`

The result of `pkg-config --libs libbsd-overlay` is added to `LIBS`,
but not to `STUBBY_LIBS`, which is used when linking stubby.

Because of the new `CFLAGS`, the preprocessor replaces the call to
`getopt()` in stubby.c with a call to `bsd_getop()`:

```
 #ifdef LIBBSD_OVERLAY
 #undef getopt
 #define getopt(argc, argv, optstr) bsd_getopt(argc, argv, optstr)
 #endif
```

But since `-lbsd` has not been added to `STUBBY_LIBS`, the linking of
stubby fails with an unresolved symbol:

```
../libtool --tag=CC --mode=link gcc -o stubby stubby.lo convert_yaml_to_json.lo gbuffer.lo -lyaml  libgetdns.la
libtool: link: gcc -o .libs/stubby .libs/stubby.o .libs/convert_yaml_to_json.o .libs/gbuffer.o  -lyaml ./.libs/libgetdns.so
/usr/bin/ld: .libs/stubby.o: undefined reference to symbol 'bsd_getopt@@LIBBSD_0.0'
/usr/lib/libbsd.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
```

Simply adding the result of `pkg-config --libs libbsd-overlay` to
`STUBBY_LIBS` in addition to `LIBS` fixes the issue.
---
 configure.ac | 1 +
 1 file changed, 1 insertion(+)

diff --git a/configure.ac b/configure.ac
index 1c7dc8e1..20756f56 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1270,6 +1270,7 @@ fi
 # system implementation.
 PKG_CHECK_MODULES([LIBBSD],[libbsd-overlay],[
 LIBS="$LIBS $LIBBSD_LIBS"
+STUBBY_LIBS="$STUBBY_LIBS $LIBBSD_LIBS"
 CFLAGS="$CFLAGS $LIBBSD_CFLAGS"
 ],[
 AC_MSG_WARN([libbsd not found or usable; using embedded code instead])

From 725f5d486a67fe859e8b38282ec2850ee02ad42c Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 27 Oct 2017 09:58:25 +0200
Subject: [PATCH 133/140] Credit Remi Gacogne

---
 ChangeLog | 2 ++
 stubby    | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 189c3da3..eb4cc8cf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 * 2017-1?-??: Version 1.2.1
+  * Bugfix #348: Fix a linking issue in stubby when libbsd is present
+    Thanks Remi Gacogne
   * Fix Makefile dependencies for parallel install.
     Thanks ilovezfs
 
diff --git a/stubby b/stubby
index 0cbd46ea..c9e89293 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 0cbd46ea6d0da727c42b0890d498366cd2b1ec2c
+Subproject commit c9e89293beac4fe599024bfb021cb2ae832cc93f

From e2b26609d4f0970861e0b67bdda7f42066f6dcf2 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 27 Oct 2017 13:03:49 +0200
Subject: [PATCH 134/140] Stubby back to develop branch

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index c9e89293..0cbd46ea 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit c9e89293beac4fe599024bfb021cb2ae832cc93f
+Subproject commit 0cbd46ea6d0da727c42b0890d498366cd2b1ec2c

From 09b4f6d57d65d49296c5f571039baaea74978f3d Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Tue, 31 Oct 2017 16:22:09 +0100
Subject: [PATCH 135/140] One more _getdns_perror

---
 src/extension/poll_eventloop.c   | 2 +-
 src/extension/select_eventloop.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/extension/poll_eventloop.c b/src/extension/poll_eventloop.c
index 7cd80cd9..6924ebe1 100644
--- a/src/extension/poll_eventloop.c
+++ b/src/extension/poll_eventloop.c
@@ -143,7 +143,7 @@ static uint64_t get_now_plus(uint64_t amount)
 	uint64_t       now;
 
 	if (gettimeofday(&tv, NULL)) {
-		perror("gettimeofday() failed");
+		_getdns_perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
diff --git a/src/extension/select_eventloop.c b/src/extension/select_eventloop.c
index 0350f1d5..7980d0da 100644
--- a/src/extension/select_eventloop.c
+++ b/src/extension/select_eventloop.c
@@ -38,7 +38,7 @@ static uint64_t get_now_plus(uint64_t amount)
 	uint64_t       now;
 
 	if (gettimeofday(&tv, NULL)) {
-		perror("gettimeofday() failed");
+		_getdns_perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;

From 4669956391d682c07db27a2f4f2e551f0e65c374 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 1 Nov 2017 10:59:55 +0100
Subject: [PATCH 136/140] retry full recursion bogus answers only when...

dnssec validation was requested in the first place
---
 src/general.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/general.c b/src/general.c
index 23d9b735..6df8d383 100644
--- a/src/general.c
+++ b/src/general.c
@@ -221,7 +221,10 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	            dns_req->dnssec_return_all_statuses
 	           ))
 #endif
-	    || (  dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	    || (   dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	       && (dns_req->dnssec_return_status ||
+	           dns_req->dnssec_return_only_secure ||
+	           dns_req->dnssec_return_all_statuses)
 	       && _getdns_bogus(dns_req))
 	    )) {
 		/* Reschedule timeout for this DNS request

From b4ae4b71216f5318cddd5413f07d29d606cc69f9 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 1 Nov 2017 15:01:58 +0100
Subject: [PATCH 137/140] Cannot fetch DNSKEY when in DNSKEY callback ...

for the same name in full recursion
---
 src/dnssec.c  | 42 +++++++++++++++++++++++++++++++++++-------
 src/general.c |  6 ++----
 2 files changed, 37 insertions(+), 11 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 92282ddb..72de9017 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -934,6 +934,17 @@ static void val_chain_sched_soa(chain_head *head, const uint8_t *dname)
 		val_chain_sched_soa_node(node);
 }
 
+static chain_head *_dnskey_query(const chain_node *node)
+{
+	chain_head *head;
+
+	for (head = node->chains; head; head = head->next)
+		if (head->rrset.rr_type == GETDNS_RRTYPE_DNSKEY &&
+		    head->parent == node)
+			return head;
+	return NULL;
+}
+
 static void val_chain_node_cb(getdns_dns_req *dnsreq);
 static void val_chain_sched_node(chain_node *node)
 {
@@ -951,13 +962,27 @@ static void val_chain_sched_node(chain_node *node)
 	DEBUG_SEC("schedule DS & DNSKEY lookup for %s\n", name);
 
 	node->lock++;
-	if (! node->dnskey_req /* not scheduled */ &&
-	    _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_DNSKEY,
-	    CD_extension(node->chains->netreq->owner),
-	    node, &node->dnskey_req, NULL, val_chain_node_cb))
+	if (! node->dnskey_req) {
+		chain_head *head;
 
-		node->dnskey_req     = NULL;
+		/* Reuse the DNSKEY query if this node is scheduled in the
+		 * context of validating a DNSKEY query, because libunbound
+		 * does not callback from a callback for the same query.
+		 */
 
+		if ((head = _dnskey_query(node))) {
+			DEBUG_SEC("Found DNSKEY head: %p\n", (void *)head);
+			node->dnskey_req     = head->netreq;
+			node->dnskey.pkt     = head->netreq->response;
+			node->dnskey.pkt_len = head->netreq->response_len;
+
+		} else if (_getdns_general_loop(
+		    context, loop, name, GETDNS_RRTYPE_DNSKEY,
+		    CD_extension(node->chains->netreq->owner),
+		    node, &node->dnskey_req, NULL, val_chain_node_cb))
+
+			node->dnskey_req     = NULL;
+	}
 	if (! node->ds_req && node->parent /* not root */ &&
 	    _getdns_general_loop(context, loop, name, GETDNS_RRTYPE_DS,
 	    CD_extension(node->chains->netreq->owner),
@@ -3341,7 +3366,7 @@ void _getdns_validation_chain_timeout(getdns_dns_req *dnsreq)
 
 void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
 {
-	chain_head *head = dnsreq->chain, *next;
+	chain_head *head = dnsreq->chain, *next, *dnskey_head;
 	chain_node *node;
 	size_t      node_count;
 
@@ -3353,7 +3378,10 @@ void _getdns_cancel_validation_chain(getdns_dns_req *dnsreq)
 		    ; node_count
 		    ; node_count--, node = node->parent ) {
 
-			if (node->dnskey_req)
+			if (node->dnskey_req &&
+			    !( (dnskey_head = _dnskey_query(node))
+			     && dnskey_head->netreq == node->dnskey_req))
+
 				_getdns_context_cancel_request(
 				    node->dnskey_req->owner);
 
diff --git a/src/general.c b/src/general.c
index 6df8d383..b263c0a9 100644
--- a/src/general.c
+++ b/src/general.c
@@ -449,14 +449,12 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 		if (_getdns_ub_loop_enabled(&context->ub_loop))
 			ub_resolve_r = ub_resolve_event(context->unbound_ctx,
 			    name, netreq->request_type, dns_req->request_class,
-			    netreq, ub_resolve_event_callback, &(netreq->unbound_id)) ?
-			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
+			    netreq, ub_resolve_event_callback, &(netreq->unbound_id));
 		else
 #endif
 			ub_resolve_r = ub_resolve_async(context->unbound_ctx,
 			    name, netreq->request_type, dns_req->request_class,
-			    netreq, ub_resolve_callback, &(netreq->unbound_id)) ?
-			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
+			    netreq, ub_resolve_callback, &(netreq->unbound_id));
 		if (dnsreq_freed)
 			return DNS_REQ_FINISHED;
 		dns_req->freed = NULL;

From 270c3d654fce9011b637b2d7acd13c945398e693 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 1 Nov 2017 15:28:46 +0100
Subject: [PATCH 138/140] Support DNSSEC validation without support records

---
 src/dnssec.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 72de9017..57664c39 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2548,6 +2548,11 @@ static int chain_node_get_trusted_keys(
 			node->dnskey_signer = keytag;
 			return GETDNS_DNSSEC_SECURE;
 		}
+		/* ta is the DNSKEY for this name? */
+		if (_dname_equal(ta->name, node->dnskey.name)) {
+			*keys = ta;
+			return GETDNS_DNSSEC_SECURE;
+		}
 		/* ta is parent's ZSK */
 		if ((keytag = key_proves_nonexistance(
 		    mf, now, skew, ta, &node->ds, NULL))) {
@@ -3565,13 +3570,17 @@ getdns_validate_dnssec2(getdns_list *records_to_validate,
 	fflush(stdout);
 #endif
 
-	if (!records_to_validate || !support_records || !trust_anchors)
+	if (!records_to_validate || !trust_anchors)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 	mf = &records_to_validate->mf;
 
 	/* First convert everything to wire format
 	 */
-	if (!(support = _getdns_list2wire(support_records,
+	
+	if (!support_records)
+		(void) memset((support = support_buf), 0, GLDNS_HEADER_SIZE);
+
+	else if (!(support = _getdns_list2wire(support_records,
 	    support_buf, &support_len, mf)))
 		return GETDNS_RETURN_MEMORY_ERROR;
 

From 7e103217c684b7e0012f3ffb44fb9cc5518a25b7 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Wed, 1 Nov 2017 16:47:28 +0100
Subject: [PATCH 139/140] unsigned RRs in authority section with BIND

	when +CD flag is used
---
 src/dnssec.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/dnssec.c b/src/dnssec.c
index 57664c39..a4de8b1c 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -802,11 +802,14 @@ static void add_pkt2val_chain(struct mem_funcs *mf,
 		if (is_synthesized_cname(rrset))
 			continue;
 
+		if (!(rrsig = _getdns_rrsig_iter_init(&rrsig_spc, rrset))
+		    && _getdns_rr_iter_section(&i->rr_i) != SECTION_ANSWER)
+			continue; /* No sigs in authority section is okayish */
+
 		if (!(head = add_rrset2val_chain(mf, chain_p, rrset, netreq)))
 			continue;
 
-		for ( rrsig = _getdns_rrsig_iter_init(&rrsig_spc, rrset), n_rrsigs = 0
-		    ; rrsig
+		for ( n_rrsigs = 0; rrsig
 		    ; rrsig = _getdns_rrsig_iter_next(rrsig), n_rrsigs++) {
 			
 			/* Signature, so lookup DS/DNSKEY at signer's name */

From 2434336ead40f2b09b9c9a9e36c64895a78516d1 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 2 Nov 2017 12:42:26 +0100
Subject: [PATCH 140/140] Include all RRSIGs in validation chain

Because we don't know algorithm support of other validators.

But still canonicalize the RRset with the one used to validate just because we can.
---
 src/dnssec.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/dnssec.c b/src/dnssec.c
index a4de8b1c..03e8c326 100644
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2971,6 +2971,26 @@ static void append_rrset2val_chain_list(
 	    _getdns_list_append_this_dict(val_chain_list, rr_dict))
 		getdns_dict_destroy(rr_dict);
 
+	/* Append the other RRSIGs, which were not used for validation too,
+	 * because other validators might not have the same algorithm support.
+	 */
+	for ( rrsig = _getdns_rrsig_iter_init(&rrsig_spc, rrset)
+	    ; rrsig
+	    ; rrsig = _getdns_rrsig_iter_next(rrsig)) {
+
+		if (rrsig->rr_i.nxt < rrsig->rr_i.rr_type + 28)
+			continue;
+
+		if (gldns_read_uint16(rrsig->rr_i.rr_type + 26)
+		    == (signer & 0xFFFF))
+			continue;
+
+		orig_ttl = gldns_read_uint32(rrsig->rr_i.rr_type + 14);
+		if ((rr_dict =  _getdns_rr_iter2rr_dict_canonical(
+		    &val_chain_list->mf, &rrsig->rr_i, &orig_ttl)) &&
+		    _getdns_list_append_this_dict(val_chain_list, rr_dict))
+			getdns_dict_destroy(rr_dict);
+	}
 	if (val_rrset != val_rrset_spc)
 		GETDNS_FREE(val_chain_list->mf, val_rrset);
 }