Merge branch 'release/1.4.2'

2018-05-11 13:29:24 +02:00 · 2018-05-11 13:29:24 +02:00 · 8c108fb761
parent 86e5c39159 e481273ff4
commit 8c108fb761
4 changed files with 23 additions and 9 deletions
--- a/4
+++ b/4
@ -1,4 +1,8 @@
 * 2018-05-11: Version 1.4.2
  * Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
    in the Windows root CA store.
  * PR #397: No TCP sendto without TCP_FASTOPEN
    Thanks Emery Hemingway
  * Bugfix getdnsapi/stubby#106: Core dump when printing certain
    configuration. Thanks Han Vinke
  * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
--- a/project-doc/packages.txt
+++ b/project-doc/packages.txt
@ -12,3 +12,6 @@ https://github.com/openwrt/packages/tree/master/net/stubby
 For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck)
 https://github.com/astlinux-project/astlinux/tree/master/package/getdns
 For Genode, created and maintained by Emery Hemingway (ehmry)
 https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
--- a/src/context.c
+++ b/src/context.c
@ -193,7 +193,7 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 	PCCERT_CONTEXT  pTargetCert = NULL;
 	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
-		"Adding Windows certificates to CA store");
+		"Adding Windows certificates from system root store to CA store");
 	/* load just once per context lifetime for this version of getdns
 	   TODO: dynamically update CA trust changes as they are available */
@ -241,10 +241,18 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 		else {
 			/* return error if a cert add to store fails */
 			if (X509_STORE_add_cert(store, cert1) == 0) {
-				DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
+				unsigned long error = ERR_peek_last_error();
-					"Error adding certificate", ERR_get_error(),
+ 
-					ERR_error_string(ERR_get_error(), NULL));
+				/* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
-				return 0;
+				* certificate is already in the store.  */ 
 				if(ERR_GET_LIB(error) != ERR_LIB_X509 ||
 				   ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
 					DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 					    "Error adding certificate", ERR_get_error(),
 					     ERR_error_string(ERR_get_error(), NULL));
 					X509_free(cert1);
 					return 0;
 				}
 			}
 			X509_free(cert1);
 		}
@ -260,6 +268,8 @@ add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
 			hSystemStore, 0))
 			return 0;
 	}
 	DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
 		"Completed adding Windows certificates to CA store successfully");
 	return 1;
 }
 #endif
--- a/src/stub.c
+++ b/src/stub.c
@ -760,10 +760,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 		if (written == -1 && _getdns_socketerror() == _getdns_EISCONN) 
 			written = write(fd, netreq->query - 2, pkt_len + 2);
 #else
-		written = sendto(fd, (const char *)(netreq->query - 2),
+		written = send(fd, (const char *)(netreq->query - 2), pkt_len + 2, 0);
 		    pkt_len + 2, 0,
 		    (struct sockaddr *)&(netreq->upstream->addr),
 		    netreq->upstream->addr_len);
 #endif
 		if ((written == -1 && _getdns_socketerror_wants_retry()) ||
 		    (size_t)written < pkt_len + 2) {