Merge branch 'release/1.4.2'

2018-05-11 13:29:24 +02:00 · 2018-05-11 13:29:24 +02:00 · 8c108fb761
parent 86e5c39159 e481273ff4
commit 8c108fb761
4 changed files with 23 additions and 9 deletions
--- a/4
+++ b/4
@ -1,4 +1,8 @@
 * 2018-05-11: Version 1.4.2
+  * Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
+    in the Windows root CA store.
+  * PR #397: No TCP sendto without TCP_FASTOPEN
+    Thanks Emery Hemingway
  * Bugfix getdnsapi/stubby#106: Core dump when printing certain
    configuration. Thanks Han Vinke
  * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
--- a/project-doc/packages.txt
+++ b/project-doc/packages.txt
@ -12,3 +12,6 @@ https://github.com/openwrt/packages/tree/master/net/stubby

 For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck)
 https://github.com/astlinux-project/astlinux/tree/master/package/getdns
+
+For Genode, created and maintained by Emery Hemingway (ehmry)
+https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
--- a/src/context.c
+++ b/src/context.c
@ -193,7 +193,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 	PCCERT_CONTEXT  pTargetCert = NULL;

 	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
-		"Adding Windows certificates to CA store");
+		"Adding Windows certificates from system root store to CA store");

 	/* load just once per context lifetime for this version of getdns
 	   TODO: dynamically update CA trust changes as they are available */
@ -241,10 +241,18 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 		else {
 			/* return error if a cert add to store fails */
 			if (X509_STORE_add_cert(store, cert1) == 0) {
-				DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
-					"Error adding certificate", ERR_get_error(),
-					ERR_error_string(ERR_get_error(), NULL));
-				return 0;
+				unsigned long error = ERR_peek_last_error();
+ 
+				/* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
+				* certificate is already in the store.  */ 
+				if(ERR_GET_LIB(error) != ERR_LIB_X509 ||
+				   ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+					DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
+					    "Error adding certificate", ERR_get_error(),
+					     ERR_error_string(ERR_get_error(), NULL));
+					X509_free(cert1);
+					return 0;
+				}
 			}
 			X509_free(cert1);
 		}
@ -260,6 +268,8 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 			hSystemStore, 0))
 			return 0;
 	}
+	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
+		"Completed adding Windows certificates to CA store successfully");
 	return 1;
 }
 #endif
--- a/src/stub.c
+++ b/src/stub.c
@ -760,10 +760,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		if (written == -1 && _getdns_socketerror() == _getdns_EISCONN) 
 			written = write(fd, netreq->query - 2, pkt_len + 2);
 #else
-		written = sendto(fd, (const char *)(netreq->query - 2),
-		    pkt_len + 2, 0,
-		    (struct sockaddr *)&(netreq->upstream->addr),
-		    netreq->upstream->addr_len);
+		written = send(fd, (const char *)(netreq->query - 2), pkt_len + 2, 0);
 #endif
 		if ((written == -1 && _getdns_socketerror_wants_retry()) ||
 		    (size_t)written < pkt_len + 2) {