From 1962c03b799b9d9faac5a60c59abb059230f3c8e Mon Sep 17 00:00:00 2001
From: Bruno Pagani <bruno.n.pagani@gmail.com>
Date: Sun, 23 Dec 2018 11:31:27 +0000
Subject: [PATCH 1/8] context: remove TLS13 cipher from cipher_list

TLS 1.3 ciphers have to be set in ciphersuites instead.
---
 src/context.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/context.c b/src/context.c
index d952d8d6..1429d5e4 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1469,8 +1469,7 @@ static char const * const _getdns_default_trust_anchors_verify_email =
     "dnssec@iana.org";
 
 static char const * const _getdns_default_tls_cipher_list =
-    "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"
-    "TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20";
+    "EECDH+AESGCM:EECDH+CHACHA20";
 
 static char const * const _getdns_default_tls_ciphersuites =
   "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";

From bbe7dff25748455852128196fd7ce4fee0b4e60f Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 31 Dec 2018 16:13:20 +0100
Subject: [PATCH 2/8] No TLS1.3 ciphers in cipher_list only when ...

SSL_set_ciphersuites in OpenSSL API.
---
 src/context.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/context.c b/src/context.c
index 1429d5e4..825d6309 100644
--- a/src/context.c
+++ b/src/context.c
@@ -1468,7 +1468,12 @@ static char const * const _getdns_default_trust_anchors_verify_CA =
 static char const * const _getdns_default_trust_anchors_verify_email =
     "dnssec@iana.org";
 
+
 static char const * const _getdns_default_tls_cipher_list =
+#ifndef HAVE_SSL_CTX_SET_CIPHERSUITES
+    "TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:"
+    "TLS13-CHACHA20-POLY1305-SHA256:"
+#endif
     "EECDH+AESGCM:EECDH+CHACHA20";
 
 static char const * const _getdns_default_tls_ciphersuites =

From 014ac3d3680645cd1f68042ef614791966ff08a6 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Thu, 3 Jan 2019 11:19:13 +0100
Subject: [PATCH 3/8] Stubby with trust_anchors_backoff_time example config

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 58200cad..006e43fd 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 58200cadec6371f95e31a7f3735225c5a46ecf75
+Subproject commit 006e43fdcb9ed9cbb0123914a77cc415f7765664

From a4020a6841d124a0aa69421c2b37638b54d6fa9b Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 7 Jan 2019 11:33:21 +0100
Subject: [PATCH 4/8] mk-symfiles.sh improvent

to filter out #defines as intended.
Thanks Zero King
---
 ChangeLog             | 4 ++++
 src/libgetdns.symbols | 2 +-
 src/mk-symfiles.sh    | 2 +-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2a77898c..aa8a3827 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+* 2019-01-??: Version 1.5.1
+  * Issue #415: Filter out #defines etc. when creating
+    symbols file.  Thanks Zero King
+
 * 2018-12-21: Version 1.5.0
   * RFE getdnsapi/stubby#121 log re-instantiating TLS
     upstreams (because they reached tls_backoff_time) at
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index f0169761..d6dbd3d9 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -1,7 +1,7 @@
+ * if 
 getdns_address
 getdns_address_sync
 getdns_cancel_callback
-getdns_context_
 getdns_context_config
 getdns_context_create
 getdns_context_create_with_extended_memory_functions
diff --git a/src/mk-symfiles.sh b/src/mk-symfiles.sh
index 099181e6..618cdb7a 100755
--- a/src/mk-symfiles.sh
+++ b/src/mk-symfiles.sh
@@ -3,7 +3,7 @@
 write_symbols() {
 	OUTPUT=$1
 	shift
-	grep 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v 'getdns_extra\.h\.in: \* if' \
+	grep -h 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v 'getdns_extra\.h\.in: \* if' \
 	| sed -e 's/(.*$//g' -e 's/^.*getdns_/getdns_/g' | LC_ALL=C sort | uniq > $OUTPUT
 }
 

From 411c5cf5715ee61412165b7555d33f465780cef5 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Mon, 7 Jan 2019 12:08:26 +0100
Subject: [PATCH 5/8] Git rid of * if in libgetdns.symbols

---
 src/libgetdns.symbols | 1 -
 src/mk-symfiles.sh    | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index d6dbd3d9..b8b6cffe 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -1,4 +1,3 @@
- * if 
 getdns_address
 getdns_address_sync
 getdns_cancel_callback
diff --git a/src/mk-symfiles.sh b/src/mk-symfiles.sh
index 618cdb7a..26424e27 100755
--- a/src/mk-symfiles.sh
+++ b/src/mk-symfiles.sh
@@ -3,7 +3,7 @@
 write_symbols() {
 	OUTPUT=$1
 	shift
-	grep -h 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v 'getdns_extra\.h\.in: \* if' \
+	grep -h 'getdns_[0-9a-zA-Z_]*(' $* | grep -v '^#' | grep -v 'INLINE' | grep -v '^ \* if' \
 	| sed -e 's/(.*$//g' -e 's/^.*getdns_/getdns_/g' | LC_ALL=C sort | uniq > $OUTPUT
 }
 

From 35077bdc6d8c80d7347891354d18ddb211c8fb45 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 11 Jan 2019 12:08:38 +0100
Subject: [PATCH 6/8] Update ChangeLog & bumb version

---
 ChangeLog    | 5 ++++-
 configure.ac | 9 +++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index aa8a3827..0eb7383c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-* 2019-01-??: Version 1.5.1
+* 2019-01-11: Version 1.5.1
+  * PR #414: remove TLS13 ciphers from cipher_list, but
+    only when SSL_CTX_set_ciphersuites is available.
+    Thanks Bruno Pagani
   * Issue #415: Filter out #defines etc. when creating
     symbols file.  Thanks Zero King
 
diff --git a/configure.ac b/configure.ac
index 40c94977..4edd248f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -36,7 +36,7 @@ sinclude(./m4/acx_getaddrinfo.m4)
 sinclude(./m4/ax_check_compile_flag.m4)
 sinclude(./m4/pkg.m4)
 
-AC_INIT([getdns], [1.5.0], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
+AC_INIT([getdns], [1.5.1], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
 
 # Autoconf 2.70 will have set up runstatedir. 2.69 is frequently (Debian)
 # patched to do the same, but frequently (MacOS) not. So add a with option
@@ -63,13 +63,13 @@ AC_ARG_WITH([current-date],
   [CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
 
 AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
-AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01050000])
+AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01050100])
 AC_SUBST(API_VERSION, ["December 2015"])
 AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
 GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
 
 AC_DEFINE_UNQUOTED([STUBBY_PACKAGE], ["stubby"], [Stubby package])
-AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.4$STUBBY_RELEASE_CANDIDATE"], [Stubby package string])
+AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.5$STUBBY_RELEASE_CANDIDATE"], [Stubby package string])
 
 # Library version
 # ---------------
@@ -107,7 +107,8 @@ AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.4$STUBBY_RELEASE_CANDIDATE"],
 # getdns-1.4.1 had libversion 10:1:0
 # getdns-1.4.2 had libversion 10:2:0
 # getdns-1.5.0 has libversion 11:0:1
-GETDNS_LIBVERSION=11:0:1
+# getdns-1.5.1 has libversion 11:1:1
+GETDNS_LIBVERSION=11:1:1
 
 AC_SUBST(GETDNS_COMPILATION_COMMENT)
 AC_SUBST(GETDNS_LIBVERSION)

From 78d6bc30f5bb38d196d1392004080d483ab41b73 Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 11 Jan 2019 13:04:07 +0100
Subject: [PATCH 7/8] Update stubby to 0.2.5

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 006e43fd..85215233 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 006e43fdcb9ed9cbb0123914a77cc415f7765664
+Subproject commit 85215233ee82904fb7f2199fedd425f9336cb110

From 66f63b21bc53e13a06d1d2e1f7108b09d00578ba Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Fri, 11 Jan 2019 14:52:40 +0100
Subject: [PATCH 8/8] Stubby with dns.google in stubby.yml.example

---
 stubby | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubby b/stubby
index 85215233..9c6e55a1 160000
--- a/stubby
+++ b/stubby
@@ -1 +1 @@
-Subproject commit 85215233ee82904fb7f2199fedd425f9336cb110
+Subproject commit 9c6e55a16af8f3258736b804b17eac3d35daebf3