Merge branch 'develop' into hackathon/zeroconf-dnssec

src/context.c

@@ -693,9 +693,10 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
 			upstream->finished_dnsreqs = dnsreq->finished_next;
 			_getdns_context_cancel_request(dnsreq);
 		}
+		if (upstream->tls_session != NULL)
+			SSL_SESSION_free(upstream->tls_session);
+
 		if (upstream->tls_obj != NULL) {
-		    if (upstream->tls_session != NULL)
-				SSL_SESSION_free(upstream->tls_session);
 			SSL_shutdown(upstream->tls_obj);
 			SSL_free(upstream->tls_obj);
 		}

src/request-internal.c

@@ -110,6 +110,9 @@ network_req_cleanup(getdns_network_req *net_req)
 	if (net_req->response && (net_req->response < net_req->wire_data ||
 	    net_req->response > net_req->wire_data+ net_req->wire_data_sz))
 		GETDNS_FREE(net_req->owner->my_mf, net_req->response);
+	if (net_req->debug_tls_peer_cert.size &&
+	    net_req->debug_tls_peer_cert.data)
+		OPENSSL_free(net_req->debug_tls_peer_cert.data);
 }
 
 static uint8_t *
@@ -182,6 +185,8 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->write_queue_tail = NULL;
 	/* Some fields to record info for return_call_reporting */
 	net_req->debug_tls_auth_status = GETDNS_AUTH_NONE;
+	net_req->debug_tls_peer_cert.size = 0;
+	net_req->debug_tls_peer_cert.data = NULL;
 	net_req->debug_udp = 0;
 
 	/* Scheduling, touch only via _getdns_netreq_change_state!

src/stub.c

@@ -1618,6 +1618,7 @@ upstream_write_cb(void *userarg)
 	getdns_upstream *upstream = (getdns_upstream *)userarg;
 	getdns_network_req *netreq = upstream->write_queue;
 	int q;
+	X509 *cert;
 
 	if (!netreq) {
 		GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
@@ -1672,6 +1673,15 @@ upstream_write_cb(void *userarg)
 		return;
 
 	default:
+		if (netreq->owner->return_call_reporting &&
+		    netreq->upstream->tls_obj &&
+		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
+			assert(netreq->debug_tls_peer_cert.data == NULL);
+
+			netreq->debug_tls_peer_cert.size = i2d_X509(
+			    cert, &netreq->debug_tls_peer_cert.data);
+			X509_free(cert);
+		}
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
 		upstream->queries_sent++;

src/test/check_getdns.c

@@ -30,10 +30,14 @@
 #include <string.h>
 #include <inttypes.h>
 #include <unistd.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "getdns/getdns.h"
 #include "check_getdns_common.h"
 #include "check_getdns_address.h"

src/test/check_getdns_common.c

@@ -29,10 +29,14 @@
 #include <stdlib.h>
 #include <string.h>
 #include <inttypes.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "getdns/getdns.h"
 #include "config.h"
 #include "check_getdns_common.h"

src/test/check_getdns_context_set_timeout.h

@@ -27,10 +27,14 @@
 #ifndef _check_getdns_context_set_timeout_h_
 #define _check_getdns_context_set_timeout_h_
 
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 
 Suite *
 getdns_context_set_timeout_suite (void);

src/test/check_getdns_libev.c

@@ -41,10 +41,14 @@
 #else
 #include <ev.h>
 #endif
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {

src/test/check_getdns_libevent.c

@@ -37,10 +37,14 @@
 
 #include "getdns/getdns_ext_libevent.h"
 #include "check_getdns_libevent.h"
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {

src/test/check_getdns_libuv.c

@@ -37,10 +37,14 @@
 
 #include "getdns/getdns_ext_libuv.h"
 #include <uv.h>
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 #include "check_getdns_common.h"
 
 void run_event_loop_impl(struct getdns_context* context, void* eventloop) {

src/test/check_getdns_transport.h

@@ -27,10 +27,14 @@
 #ifndef _check_getdns_transport_h_
 #define _check_getdns_transport_h_
 
+#ifdef __clang__
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wgnu-zero-variadic-macro-arguments"
+#endif
 #include <check.h>
+#ifdef __clang__
 #pragma clang diagnostic pop
+#endif
 
 Suite *
 getdns_transport_suite (void);

src/types-internal.h

@@ -240,6 +240,7 @@ typedef struct getdns_network_req
 	uint64_t                debug_start_time;
 	uint64_t                debug_end_time;
 	getdns_auth_state_t     debug_tls_auth_status;
+	getdns_bindata          debug_tls_peer_cert;
 	size_t                  debug_udp;
 
 	/* When more space is needed for the wire_data response than is

src/util-internal.c

@@ -904,6 +904,15 @@ _getdns_create_call_reporting_dict(
 		getdns_dict_destroy(netreq_debug);
 		return NULL;
 	}
+	if (getdns_dict_set_bindata(netreq_debug, "tls_peer_cert",
+	    &netreq->debug_tls_peer_cert)) {
+
+		getdns_dict_destroy(netreq_debug);
+		return NULL;
+	}
+	netreq->debug_tls_peer_cert.size = 0;
+	OPENSSL_free(netreq->debug_tls_peer_cert.data);
+	netreq->debug_tls_peer_cert.data = NULL;
 	return netreq_debug;
 }