interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

1) Fix enum mapping error. 

2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
This commit is contained in:
Sara Dickinson 2015-04-17 18:38:13 +01:00
parent ab4fb8d9e9
commit 6c7ffc4e4e
4 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
m4/acx_openssl.m4
View File

@ -48,8 +48,8 @@ AC_DEFUN([ACX_SSL_CHECKS], [
fi fi
AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto]) AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
LIBS="$LIBS -lcrypto" LIBS="$LIBS -lcrypto -lssl"
LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto -lssl"
AC_TRY_LINK(, [ AC_TRY_LINK(, [
int HMAC_CTX_init(void); int HMAC_CTX_init(void);
(void)HMAC_CTX_init(); (void)HMAC_CTX_init();
@ -105,6 +105,8 @@ AC_DEFUN([ACX_SSL_CHECKS], [
AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_LIB(ssl, TLSv1_2_client_method,AC_DEFINE([HAVE_LIBTLS1_2], [1],
[Define if you have libssl with tls 1.2]),[AC_MSG_WARN([Cannot find TLSv1_2_client_method in libssl library. TLS will not be available.])])
])dnl End of ACX_SSL_CHECKS ])dnl End of ACX_SSL_CHECKS
dnl Check for SSL, where SSL is mandatory dnl Check for SSL, where SSL is mandatory

17
src/context.c
View File

@ -1134,8 +1134,8 @@ getdns_context_set_namespaces(struct getdns_context *context,
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
} /* getdns_context_set_namespaces */ } /* getdns_context_set_namespaces */
getdns_transport_t getdns_base_transport_t
priv_get_transport(getdns_transport_t transport, int level) { priv_get_base_transport(getdns_transport_t transport, int level) {
if (!(level == 0 || level == 1)) return GETDNS_TRANSPORT_NONE; if (!(level == 0 || level == 1)) return GETDNS_TRANSPORT_NONE;
switch (transport) { switch (transport) {
case GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP: case GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP:
@ -1837,23 +1837,30 @@ getdns_context_prepare_for_resolution(struct getdns_context *context,
} }
/* Transport can in theory be set per query in stub mode */ /* Transport can in theory be set per query in stub mode */
/* TODO: move this transport logic to a separate functions*/
if (context->resolution_type == GETDNS_RESOLUTION_STUB) { if (context->resolution_type == GETDNS_RESOLUTION_STUB) {
switch (context->dns_transport) { switch (context->dns_transport) {
case GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN: case GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN:
case GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN: case GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN:
if (context->tls_ctx == NULL) { if (context->tls_ctx == NULL) {
#ifdef HAVE_LIBTLS1_2
/* Create client context, use TLS v1.2 only for now */ /* Create client context, use TLS v1.2 only for now */
SSL_CTX* tls_ctx = SSL_CTX_new(TLSv1_2_client_method()); context->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());
if(!tls_ctx) { #endif
if(!context->tls_ctx && context->dns_transport ==
GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN) {
return GETDNS_RETURN_BAD_CONTEXT; return GETDNS_RETURN_BAD_CONTEXT;
} }
context->tls_ctx = tls_ctx;
} }
break; break;
default: default:
break; break;
} }
} }
/* Block use of TLS ONLY in recursive mode as it won't work */
if (context->resolution_type == GETDNS_RESOLUTION_RECURSING
&& context->dns_transport == GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN)
return GETDNS_RETURN_BAD_CONTEXT;
if (context->resolution_type_set == context->resolution_type) if (context->resolution_type_set == context->resolution_type)
/* already set and no config changes /* already set and no config changes

2
src/context.h
View File

@ -231,6 +231,6 @@ int filechg_check(struct getdns_context *context, struct filechg *fchg);
void priv_getdns_context_ub_read_cb(void *userarg); void priv_getdns_context_ub_read_cb(void *userarg);
getdns_transport_t priv_get_transport(getdns_transport_t transport, int level); getdns_base_transport_t priv_get_base_transport(getdns_transport_t transport, int level);
#endif /* _GETDNS_CONTEXT_H_ */ #endif /* _GETDNS_CONTEXT_H_ */

6
src/stub.c
View File

@ -663,6 +663,8 @@ do_tls_handshake(getdns_dns_req *dnsreq, getdns_upstream *upstream)
} }
/* Create SSL instance */ /* Create SSL instance */
if (dnsreq->context->tls_ctx == NULL)
return NULL;
SSL* ssl = SSL_new(dnsreq->context->tls_ctx); SSL* ssl = SSL_new(dnsreq->context->tls_ctx);
if(!ssl) { if(!ssl) {
return NULL; return NULL;
@ -1210,9 +1212,9 @@ priv_getdns_submit_stub_request(getdns_network_req *netreq)
return GETDNS_RETURN_GENERIC_ERROR; return GETDNS_RETURN_GENERIC_ERROR;
// Work out the primary and fallback transport options // Work out the primary and fallback transport options
getdns_base_transport_t transport = priv_get_transport( getdns_base_transport_t transport = priv_get_base_transport(
dnsreq->context->dns_transport,0); dnsreq->context->dns_transport,0);
getdns_base_transport_t fb_transport = priv_get_transport( getdns_base_transport_t fb_transport = priv_get_base_transport(
dnsreq->context->dns_transport,1); dnsreq->context->dns_transport,1);
switch(transport) { switch(transport) {
case GETDNS_TRANSPORT_UDP: case GETDNS_TRANSPORT_UDP: