interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'release/1.5.0' into develop

This commit is contained in:
Willem Toorop 2018-12-21 17:22:01 +01:00
parent 79459f5d1d 309db67f8b
commit 6f4d25e096
13 changed files with 47 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -1,4 +1,8 @@
* 2018-12-??: Version 1.5.0
* 2018-12-21: Version 1.5.0
* RFE getdnsapi/stubby#121 log re-instantiating TLS
upstreams (because they reached tls_backoff_time) at
log level 4 (WARNING)
* GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
* ZONEMD rr-type
* getdns_query queries for addresses when a query name
without a type is given.

8
configure.ac
View File

@ -52,7 +52,7 @@ AC_SUBST([runstatedir], [$with_piddir])
# Don't forget to put a dash in front of the release candidate!!!
# That is how it is done with semantic versioning!
#
AC_SUBST(RELEASE_CANDIDATE, [-rc1])
AC_SUBST(RELEASE_CANDIDATE, [])
AC_SUBST(STUBBY_RELEASE_CANDIDATE, [])
# Set current date from system if not set
@ -63,7 +63,7 @@ AC_ARG_WITH([current-date],
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0104ffc1])
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x01050000])
AC_SUBST(API_VERSION, ["December 2015"])
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
@ -105,8 +105,8 @@ AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.4$STUBBY_RELEASE_CANDIDATE"],
# getdns-1.3.0 had libversion 9:0:3
# getdns-1.4.0 had libversion 10:0:0
# getdns-1.4.1 had libversion 10:1:0
# getdns-1.4.2 has libversion 10:2:0
# getdns-1.5.0 will have libversion 11:0:1
# getdns-1.4.2 had libversion 10:2:0
# getdns-1.5.0 has libversion 11:0:1
GETDNS_LIBVERSION=11:0:1
AC_SUBST(GETDNS_COMPILATION_COMMENT)

8
src/anchor.c
View File

@ -744,7 +744,7 @@ void _getdns_context_equip_with_anchor(
else if (!verify_CA || !*verify_CA)
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitely "
, "Trust anchor verification explicitly "
"disabled by empty verify CA\n");
else if ((r = getdns_context_get_trust_anchors_verify_email(
@ -757,7 +757,7 @@ void _getdns_context_equip_with_anchor(
else if (!verify_email || !*verify_email)
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitely "
, "Trust anchor verification explicitly "
"disabled by empty verify email\n");
else if (!(xml_data = _getdns_context_get_priv_file(context,
@ -1599,7 +1599,7 @@ void _getdns_start_fetching_ta(
} else if (!verify_CA || !*verify_CA) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitely "
, "Trust anchor verification explicitly "
"disabled by empty verify CA\n");
return;
@ -1614,7 +1614,7 @@ void _getdns_start_fetching_ta(
} else if (!verify_email || !*verify_email) {
_getdns_log( &context->log
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
, "Trust anchor verification explicitely "
, "Trust anchor verification explicitly "
"disabled by empty verify email\n");
return;

6
src/stub.c
View File

@ -1224,10 +1224,10 @@ tls_do_handshake(getdns_upstream *upstream)
long verify_result = SSL_get_verify_result(upstream->tls_obj);
/* In case of DANESSL use, and a tls_auth_name was given alongside a pinset,
* we need to verify auth_name explicitely (otherwise it will not be checked,
* we need to verify auth_name explicitly (otherwise it will not be checked,
* because this is not required with DANE with an EE match).
* This is not needed with native OpenSSL DANE, because EE name checks have
* to be disabled explicitely.
* to be disabled explicitly.
*/
#if defined(HAVE_X509_CHECK_HOST) && (defined(USE_DANESSL) || !defined(HAVE_SSL_HN_AUTH))
int xch;
@ -2144,7 +2144,7 @@ upstream_select_stateful(getdns_network_req *netreq, getdns_transport_list_t tra
if (upstreams->upstreams[i].conn_state == GETDNS_CONN_BACKOFF &&
upstreams->upstreams[i].conn_retry_time < now) {
upstreams->upstreams[i].conn_state = GETDNS_CONN_CLOSED;
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_NOTICE,
_getdns_upstream_log(upstream, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING,
"%-40s : Upstream : Re-instating %s for this upstream\n",
upstreams->upstreams[i].addr_str,
upstreams->upstreams[i].transport == GETDNS_TRANSPORT_TLS ? "TLS" : "TCP");

2
src/test/check_getdns_address.h
View File

@ -178,7 +178,7 @@
{
/*
* name = "localhost" name should be resolved from host file
* expect: NOERROR/NODATA response:
* expect: NOERROR response:
* status = GETDNS_RESPSTATUS_GOOD
* rcode = 0
* ancount = 1 (number of records in ANSWER section)

3
src/test/check_getdns_address_sync.h
View File

@ -147,7 +147,7 @@
/*
* name = "willem.getdnsapi.net" need to replace this with domain from unbound zone
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_DATA
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/
@ -162,6 +162,7 @@
EXTRACT_RESPONSE;
assert_noerror(&ex_response);
assert_nodata(&ex_response);
//assert_soa_in_authority(&ex_response);
CONTEXT_DESTROY;

9
src/test/check_getdns_common.c
View File

@ -160,10 +160,15 @@ void extract_local_response(struct getdns_dict *response, struct extracted_respo
void assert_noerror(struct extracted_response *ex_response)
{
uint32_t rcode;
uint32_t ancount = 0;
ASSERT_RC(ex_response->status, GETDNS_RESPSTATUS_GOOD, "Unexpected value for \"status\"");
ASSERT_RC(getdns_dict_get_int(ex_response->header, "rcode", &rcode), GETDNS_RETURN_GOOD, "Failed to extract \"rcode\"");
ck_assert_msg(rcode == 0, "Expected rcode == 0, got %d", rcode);
ASSERT_RC(getdns_dict_get_int(ex_response->header, "ancount", &ancount),
GETDNS_RETURN_GOOD, "Failed to extract \"ancount\"");
ASSERT_RC(ex_response->status, ((ancount > 0) ? GETDNS_RESPSTATUS_GOOD : GETDNS_RESPSTATUS_NO_NAME), "Unexpected value for \"status\"");
}
/*
@ -182,6 +187,8 @@ void assert_nodata(struct extracted_response *ex_response)
ASSERT_RC(getdns_list_get_length(ex_response->answer, &length),
GETDNS_RETURN_GOOD, "Failed to extract \"answer\" length");
ck_assert_msg(length == 0, "Expected \"answer\" length == 0, got %d", length);
ASSERT_RC(ex_response->status, GETDNS_RESPSTATUS_NO_NAME, "Unexpected value for \"status\"");
}
/*

6
src/test/check_getdns_general.h
View File

@ -146,7 +146,7 @@
* name = "google.com"
* request_type = 0 (minimum valid RRTYPE)
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/
@ -180,7 +180,7 @@
* name = "google.com"
* request_type = 65279 (maximum unassigned RRTYPE)
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/
@ -322,7 +322,7 @@
* name = "willem.getdnsapi.net" and unbound zone
* request_type = GETDNS_RRTYPE_MX
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/

6
src/test/check_getdns_general_sync.h
View File

@ -128,7 +128,7 @@
* name = "google.com"
* request_type = 0 (minimum valid RRTYPE)
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/
@ -155,7 +155,7 @@
* name = "google.com"
* request_type = 65279 (maximum unassigned RRTYPE)
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/
@ -269,7 +269,7 @@
* name = "willem.getdnsapi.net" an unbound zone (as in no MX)
* request_type = GETDNS_RRTYPE_MX
* expect: NOERROR/NODATA response:
* status = GETDNS_RESPSTATUS_GOOD
* status = GETDNS_RESPSTATUS_NO_NAME
* rcode = 0
* ancount = 0 (number of records in ANSWER section)
*/

12
src/test/tpkg/290-transports.tpkg/290-transports.test
View File

@ -134,7 +134,7 @@ for (( ii = 0; ii < 1; ii++)); do
if [[ $HAVE_SSL_HN_AUTH = 1 ]]
then
NUM_GOOD_QUERIES=9
NUM_GOOD_QUERIES=8
GOOD_QUERIES=(
"-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-"
"-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-"
@ -143,18 +143,18 @@ for (( ii = 0; ii < 1; ii++)); do
"-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP}" "L" "S"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
"-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-")
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S")
# "-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-")
else
NUM_GOOD_QUERIES=7
NUM_GOOD_QUERIES=6
GOOD_QUERIES=(
"-s -A getdnsapi.net -l U @${SERVER_IP} +edns_cookies" "U" "-"
"-s -A getdnsapi.net -l T @${SERVER_IP}" "T" "-"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
"-s -A getdnsapi.net -l U @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
"-s -A getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "L" "N"
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
"-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-")
"-s -A getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S")
# "-s -G DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D" "U" "-")
fi
#"-s -A getdnsapi.net -l L -m @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"

5
src/test/tpkg/run-one.sh
View File

@ -3,8 +3,9 @@
export SRCDIR=`dirname $0`
. `dirname $0`/setup-env.sh
# pass a single test name as the first parameter (without .tpgk extension)
ONE_TEST=$1
# pass a single test name as the first parameter
ONE_TEST=${1%/}
ONE_TEST=${ONE_TEST%.tpkg}
shift
"${TPKG}" $* exe ${SRCDIR}/${ONE_TEST}.tpkg

7
src/util-internal.c
View File

@ -711,7 +711,7 @@ _getdns_create_reply_dict(getdns_context *context, getdns_network_req *req,
else goto error;
/* other stuff
* Note that spec doesn't explicitely mention these.
* Note that spec doesn't explicitly mention these.
* They are only showcased in the response dict example */
if (getdns_dict_set_int(result, "answer_type", GETDNS_NAMETYPE_DNS))
goto error;
@ -1124,6 +1124,7 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
int nsecure = 0, ninsecure = 0, nindeterminate = 0, nbogus = 0;
getdns_dict *netreq_debug;
_srvs srvs = { 0, 0, NULL };
_getdns_rrset_spc answer_spc;
/* info (bools) about dns_req */
int dnssec_return_status;
@ -1235,8 +1236,8 @@ _getdns_create_getdns_response(getdns_dns_req *completed_request)
/* TODO: Check instead if canonical_name for request_type
* is in the answer section.
*/
if (GLDNS_RCODE_NOERROR ==
GLDNS_RCODE_WIRE(netreq->response))
if (_getdns_rrset_answer(&answer_spc, netreq->response
, netreq->response_len))
nanswers++;
if (dnssec_return_status ||

2
stubby

@ -1 +1 @@
Subproject commit 919b7d914ca618f4a843464d5825383f45809f3e
Subproject commit 58200cadec6371f95e31a7f3735225c5a46ecf75