diff --git a/ChangeLog b/ChangeLog index 74e977dc..7f9f8eb1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,7 +11,8 @@ * Report default extension settings with getdns_context_get_api_information() * Specify locations at which CA certificates for verification purposes - are located: getdns_context_set_CApath() getdns_context_set_CAfile() + are located: getdns_context_set_tls_ca_path() + getdns_context_set_tls_ca_file() * getdns_context_set_resolvconf() function to initialize a context upstreams and suffices with a resolv.conf file. getdns_context_get_resolvconf() to get the file used to initialize diff --git a/src/const-info.c b/src/const-info.c index 28f6ff60..d8e61f47 100644 --- a/src/const-info.c +++ b/src/const-info.c @@ -89,8 +89,8 @@ static struct const_info consts_info[] = { { 628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT }, { 629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT }, { 630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT }, - { 631, "GETDNS_CONTEXT_CODE_CAPATH", GETDNS_CONTEXT_CODE_CAPATH_TEXT }, - { 632, "GETDNS_CONTEXT_CODE_CAFILE", GETDNS_CONTEXT_CODE_CAFILE_TEXT }, + { 631, "GETDNS_CONTEXT_CODE_TLS_CA_PATH", GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT }, + { 632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT }, { 633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT }, { 700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT }, { 701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT }, @@ -162,8 +162,6 @@ static struct const_name_info consts_name_info[] = { { "GETDNS_CALLBACK_TIMEOUT", 702 }, { "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 }, { "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 }, - { "GETDNS_CONTEXT_CODE_CAFILE", 632 }, - { "GETDNS_CONTEXT_CODE_CAPATH", 631 }, { "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 }, { "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 }, { "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 }, @@ -187,6 +185,8 @@ static struct const_name_info consts_name_info[] = { { "GETDNS_CONTEXT_CODE_TIMEOUT", 616 }, { "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 }, { "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 }, + { "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 }, + { "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 }, { "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 }, { "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 }, { "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 }, diff --git a/src/context.c b/src/context.c index b50dff1a..c1e0d7c5 100644 --- a/src/context.c +++ b/src/context.c @@ -1530,8 +1530,8 @@ getdns_context_create_with_extended_memory_functions( result->trust_anchors_verify_email = NULL; result->trust_anchors_verify_CA = NULL; result->appdata_dir = NULL; - result->CApath = NULL; - result->CAfile = NULL; + result->tls_ca_path = NULL; + result->tls_ca_file = NULL; result->tls_cipher_list = NULL; (void) memset(&result->root_ksk, 0, sizeof(result->root_ksk)); @@ -1797,10 +1797,10 @@ getdns_context_destroy(struct getdns_context *context) , context->trust_anchors_verify_email); if (context->appdata_dir) GETDNS_FREE(context->mf, context->appdata_dir); - if (context->CApath) - GETDNS_FREE(context->mf, context->CApath); - if (context->CAfile) - GETDNS_FREE(context->mf, context->CAfile); + if (context->tls_ca_path) + GETDNS_FREE(context->mf, context->tls_ca_path); + if (context->tls_ca_file) + GETDNS_FREE(context->mf, context->tls_ca_file); if (context->tls_cipher_list) GETDNS_FREE(context->mf, context->tls_cipher_list); @@ -3608,9 +3608,9 @@ _getdns_context_prepare_for_resolution(getdns_context *context) return GETDNS_RETURN_BAD_CONTEXT; /* For strict authentication, we must have local root certs available Set up is done only when the tls_ctx is created (per getdns_context)*/ - if ((context->CAfile || context->CApath) && + if ((context->tls_ca_file || context->tls_ca_path) && SSL_CTX_load_verify_locations(context->tls_ctx - , context->CAfile, context->CApath)) + , context->tls_ca_file, context->tls_ca_path)) ; /* pass */ # ifndef USE_WINSOCK else if (!SSL_CTX_set_default_verify_paths(context->tls_ctx)) { @@ -3916,10 +3916,10 @@ _get_context_settings(getdns_context* context) (void) getdns_dict_util_set_string(result, "resolvconf", str_value); if (!getdns_context_get_hosts(context, &str_value) && str_value) (void) getdns_dict_util_set_string(result, "hosts", str_value); - if (!getdns_context_get_CApath(context, &str_value) && str_value) - (void) getdns_dict_util_set_string(result, "CApath", str_value); - if (!getdns_context_get_CAfile(context, &str_value) && str_value) - (void) getdns_dict_util_set_string(result, "CAfile", str_value); + if (!getdns_context_get_tls_ca_path(context, &str_value) && str_value) + (void) getdns_dict_util_set_string(result, "tls_ca_path", str_value); + if (!getdns_context_get_tls_ca_file(context, &str_value) && str_value) + (void) getdns_dict_util_set_string(result, "tls_ca_file", str_value); if (!getdns_context_get_tls_cipher_list(context, &str_value) && str_value) (void) getdns_dict_util_set_string(result, "tls_cipher_list", str_value); @@ -4717,8 +4717,8 @@ _getdns_context_config_setting(getdns_context *context, CONTEXT_SETTING_STRING(resolvconf) #endif CONTEXT_SETTING_STRING(hosts) - CONTEXT_SETTING_STRING(CApath) - CONTEXT_SETTING_STRING(CAfile) + CONTEXT_SETTING_STRING(tls_ca_path) + CONTEXT_SETTING_STRING(tls_ca_file) CONTEXT_SETTING_STRING(tls_cipher_list) /**************************************/ @@ -5225,48 +5225,48 @@ getdns_context *_getdns_context_get_sys_ctxt( } getdns_return_t -getdns_context_set_CApath(getdns_context *context, const char *CApath) +getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path) { - if (!context || !CApath) + if (!context || !tls_ca_path) return GETDNS_RETURN_INVALID_PARAMETER; - if (context->CApath) - GETDNS_FREE(context->mf, context->CApath); - context->CApath = _getdns_strdup(&context->mf, CApath); + if (context->tls_ca_path) + GETDNS_FREE(context->mf, context->tls_ca_path); + context->tls_ca_path = _getdns_strdup(&context->mf, tls_ca_path); - dispatch_updated(context, GETDNS_CONTEXT_CODE_CAPATH); + dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_PATH); return GETDNS_RETURN_GOOD; } getdns_return_t -getdns_context_get_CApath(getdns_context *context, const char **CApath) +getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path) { - if (!context || !CApath) + if (!context || !tls_ca_path) return GETDNS_RETURN_INVALID_PARAMETER; - *CApath = context->CApath; + *tls_ca_path = context->tls_ca_path; return GETDNS_RETURN_GOOD; } getdns_return_t -getdns_context_set_CAfile(getdns_context *context, const char *CAfile) +getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file) { - if (!context || !CAfile) + if (!context || !tls_ca_file) return GETDNS_RETURN_INVALID_PARAMETER; - if (context->CAfile) - GETDNS_FREE(context->mf, context->CAfile); - context->CAfile = _getdns_strdup(&context->mf, CAfile); + if (context->tls_ca_file) + GETDNS_FREE(context->mf, context->tls_ca_file); + context->tls_ca_file = _getdns_strdup(&context->mf, tls_ca_file); - dispatch_updated(context, GETDNS_CONTEXT_CODE_CAFILE); + dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_FILE); return GETDNS_RETURN_GOOD; } getdns_return_t -getdns_context_get_CAfile(getdns_context *context, const char **CAfile) +getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file) { - if (!context || !CAfile) + if (!context || !tls_ca_file) return GETDNS_RETURN_INVALID_PARAMETER; - *CAfile = context->CAfile; + *tls_ca_file = context->tls_ca_file; return GETDNS_RETURN_GOOD; } diff --git a/src/context.h b/src/context.h index 86f40b03..b4319403 100644 --- a/src/context.h +++ b/src/context.h @@ -344,8 +344,8 @@ struct getdns_context { char *appdata_dir; _getdns_property can_write_appdata; - char *CApath; - char *CAfile; + char *tls_ca_path; + char *tls_ca_file; char *tls_cipher_list; getdns_upstreams *upstreams; diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in index fd353ef4..f8cec882 100644 --- a/src/getdns/getdns_extra.h.in +++ b/src/getdns/getdns_extra.h.in @@ -94,10 +94,10 @@ extern "C" { #define GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT "Change related to getdns_context_set_resolvconf" #define GETDNS_CONTEXT_CODE_HOSTS 630 #define GETDNS_CONTEXT_CODE_HOSTS_TEXT "Change related to getdns_context_set_hosts" -#define GETDNS_CONTEXT_CODE_CAPATH 631 -#define GETDNS_CONTEXT_CODE_CAPATH_TEXT "Change related to getdns_context_set_CApath" -#define GETDNS_CONTEXT_CODE_CAFILE 632 -#define GETDNS_CONTEXT_CODE_CAFILE_TEXT "Change related to getdns_context_set_CAfile" +#define GETDNS_CONTEXT_CODE_TLS_CA_PATH 631 +#define GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT "Change related to getdns_context_set_tls_ca_path" +#define GETDNS_CONTEXT_CODE_TLS_CA_FILE 632 +#define GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT "Change related to getdns_context_set_tls_ca_file" #define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST 633 #define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list" @@ -719,27 +719,27 @@ getdns_context_set_hosts(getdns_context *context, const char *hosts); /** * Specify where the location for CA certificates for verification purposes * are located. - * @see getdns_context_get_CApath - * @see getdns_context_set_CAfile + * @see getdns_context_get_tls_ca_path + * @see getdns_context_set_tls_ca_file * @param[in] context The context to configure - * @param[in] CApath Directory with Certificate Authority certificates. + * @param[in] tls_ca_path Directory with Certificate Authority certificates. * @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. */ getdns_return_t -getdns_context_set_CApath(getdns_context *context, const char *CApath); +getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path); /** * Specify the file with CA certificates for verification purposes. - * @see getdns_context_get_CAfile - * @see getdns_context_set_CApath + * @see getdns_context_get_tls_ca_file + * @see getdns_context_set_tls_ca_path * @param[in] context The context to configure - * @param[in] CAfile The file with Certificate Authority certificates. + * @param[in] tls_ca_file The file with Certificate Authority certificates. * @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. */ getdns_return_t -getdns_context_set_CAfile(getdns_context *context, const char *CAfile); +getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file); /** * Sets the list of available ciphers for authenticated TLS upstreams. @@ -1236,29 +1236,29 @@ getdns_context_get_hosts(getdns_context *context, const char **hosts); /** * Get the location of the directory for CA certificates for verification * purposes. - * @see getdns_context_set_CApath - * @see getdns_context_get_CAfile + * @see getdns_context_set_tls_ca_path + * @see getdns_context_get_tls_ca_file * @param[in] context The context to configure - * @param[out] CApath Directory with Certificate Authority certificates + * @param[out] tls_ca_path Directory with Certificate Authority certificates * or NULL when one was not configured. * @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. */ getdns_return_t -getdns_context_get_CApath(getdns_context *context, const char **CApath); +getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path); /** * Get the file location with CA certificates for verification purposes. - * @see getdns_context_set_CAfile - * @see getdns_context_get_CApath + * @see getdns_context_set_tls_ca_file + * @see getdns_context_get_tls_ca_path * @param[in] context The context to configure - * @param[out] CAfile The file with Certificate Authority certificates + * @param[out] tls_ca_file The file with Certificate Authority certificates * or NULL when one was not configured. * @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. */ getdns_return_t -getdns_context_get_CAfile(getdns_context *context, const char **CAfile); +getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file); /** * Get the list of available ciphers for authenticated TLS upstreams. diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols index 2c67564f..02c64b19 100644 --- a/src/libgetdns.symbols +++ b/src/libgetdns.symbols @@ -7,8 +7,6 @@ getdns_context_create_with_extended_memory_functions getdns_context_create_with_memory_functions getdns_context_destroy getdns_context_detach_eventloop -getdns_context_get_CAfile -getdns_context_get_CApath getdns_context_get_api_information getdns_context_get_append_name getdns_context_get_dns_root_servers @@ -35,6 +33,8 @@ getdns_context_get_suffix getdns_context_get_timeout getdns_context_get_tls_authentication getdns_context_get_tls_backoff_time +getdns_context_get_tls_ca_file +getdns_context_get_tls_ca_path getdns_context_get_tls_cipher_list getdns_context_get_tls_connection_retries getdns_context_get_tls_query_padding_blocksize @@ -45,8 +45,6 @@ getdns_context_get_update_callback getdns_context_get_upstream_recursive_servers getdns_context_process_async getdns_context_run -getdns_context_set_CAfile -getdns_context_set_CApath getdns_context_set_appdata_dir getdns_context_set_append_name getdns_context_set_context_update_callback @@ -78,6 +76,8 @@ getdns_context_set_suffix getdns_context_set_timeout getdns_context_set_tls_authentication getdns_context_set_tls_backoff_time +getdns_context_set_tls_ca_file +getdns_context_set_tls_ca_path getdns_context_set_tls_cipher_list getdns_context_set_tls_connection_retries getdns_context_set_tls_query_padding_blocksize