trust-anchor meta queries need to be done opportunistic too

In anticipation of DANE authenticated upstreams
2017-12-13 12:58:24 +01:00 · 2017-12-13 12:58:24 +01:00 · a63e5edb86
parent e691312a3f
commit a63e5edb86
3 changed files with 18 additions and 12 deletions
--- a/src/anchor.c
+++ b/src/anchor.c
@ -1561,7 +1561,8 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 #if 1
 	context->a.state = TAS_LOOKUP_ADDRESSES;
 	if ((r = _getdns_general_loop(context, loop,
-	    tas_hostname, GETDNS_RRTYPE_A, no_dnssec_checking_disabled,
+	    tas_hostname, GETDNS_RRTYPE_A,
 	    no_dnssec_checking_disabled_opportunistic,
 	    context, &context->a.req, NULL, _tas_hostname_lookup_cb))) {
 		DEBUG_ANCHOR("Error scheduling A lookup for %s: %s\n"
 		            , tas_hostname, getdns_get_errorstr_by_id(r));
@ -1572,7 +1573,8 @@ void _getdns_start_fetching_ta(getdns_context *context, getdns_eventloop *loop)
 #if 1
 	context->aaaa.state = TAS_LOOKUP_ADDRESSES;
 	if ((r = _getdns_general_loop(context, loop,
-	    tas_hostname, GETDNS_RRTYPE_AAAA, no_dnssec_checking_disabled,
+	    tas_hostname, GETDNS_RRTYPE_AAAA,
 	    no_dnssec_checking_disabled_opportunistic,
 	    context, &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
 		DEBUG_ANCHOR("Error scheduling AAAA lookup for %s: %s\n"
 		            , tas_hostname, getdns_get_errorstr_by_id(r));
--- a/src/request-internal.c
+++ b/src/request-internal.c
@ -84,11 +84,12 @@ getdns_dict  dnssec_ok_checking_disabled_avoid_roadblocks_spc = {
 getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks
    = &dnssec_ok_checking_disabled_avoid_roadblocks_spc;
-getdns_dict  no_dnssec_checking_disabled_spc = {
+getdns_dict  no_dnssec_checking_disabled_opportunistic_spc = {
 	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
 	{ NULL, {{ NULL, NULL, NULL }}}
 };
-getdns_dict *no_dnssec_checking_disabled = &no_dnssec_checking_disabled_spc;
+getdns_dict *no_dnssec_checking_disabled_opportunistic
    = &no_dnssec_checking_disabled_opportunistic_spc;
 static int
 is_extension_set(getdns_dict *extensions, const char *name, int default_value)
@ -100,7 +101,7 @@ is_extension_set(getdns_dict *extensions, const char *name, int default_value)
 	    || extensions == dnssec_ok_checking_disabled
 	    || extensions == dnssec_ok_checking_disabled_roadblock_avoidance
 	    || extensions == dnssec_ok_checking_disabled_avoid_roadblocks
-	    || extensions == no_dnssec_checking_disabled)
+	    || extensions == no_dnssec_checking_disabled_opportunistic)
 		return 0;
 	r = getdns_dict_get_int(extensions, name, &value);
@ -161,8 +162,8 @@ netreq_reset(getdns_network_req *net_req)
 static int
 network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
-    uint16_t request_type, int checking_disabled, int with_opt,
+    uint16_t request_type, int checking_disabled, int opportunistic,
-    int edns_maximum_udp_payload_size,
+    int with_opt, int edns_maximum_udp_payload_size,
    uint8_t edns_extended_rcode, uint8_t edns_version, int edns_do_bit,
    uint16_t opt_options_size, size_t noptions, getdns_list *options,
    size_t wire_data_sz, size_t max_query_sz, getdns_dict *extensions)
@ -192,6 +193,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	       owner->context->tls_auth == GETDNS_AUTHENTICATION_REQUIRED
 	    && owner->context->dns_transport_count == 1
 	    && owner->context->dns_transports[0] == GETDNS_TRANSPORT_TLS
 	    && !opportunistic
 	    ? GETDNS_AUTHENTICATION_REQUIRED
 	    : GETDNS_AUTHENTICATION_NONE;
@ -769,8 +771,9 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	size_t max_query_sz, max_response_sz, netreq_sz, dnsreq_base_sz;
 	uint8_t *region, *suffixes;
 	int    checking_disabled = dnssec_extension_set;
 	int    opportunistic = 0;
-	if (extensions == no_dnssec_checking_disabled) {
+	if (extensions == no_dnssec_checking_disabled_opportunistic) {
 		dnssec_return_status = 0;
 		dnssec_return_only_secure = 0;
 		dnssec_return_all_statuses = 0;
@ -783,6 +786,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 #endif
 		extensions = NULL;
 		checking_disabled = 1;
 		opportunistic = 1;
 	} else if (extensions == dnssec_ok_checking_disabled ||
 	    extensions == dnssec_ok_checking_disabled_roadblock_avoidance ||
 	    extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
@ -993,8 +997,8 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->chain = NULL;
 	network_req_init(result->netreqs[0], result,
-	    request_type, checking_disabled, with_opt,
+	    request_type, checking_disabled, opportunistic,
-	    edns_maximum_udp_payload_size,
+	    with_opt, edns_maximum_udp_payload_size,
 	    edns_extended_rcode, edns_version, edns_do_bit,
 	    (uint16_t) opt_options_size, noptions, options,
 	    netreq_sz - sizeof(getdns_network_req), max_query_sz,
@ -1004,7 +1008,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		network_req_init(result->netreqs[1], result,
 		    ( request_type == GETDNS_RRTYPE_A
 		    ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A ),
-		    checking_disabled, with_opt,
+		    checking_disabled, opportunistic, with_opt,
 		    edns_maximum_udp_payload_size,
 		    edns_extended_rcode, edns_version, edns_do_bit,
 		    (uint16_t) opt_options_size, noptions, options,
--- a/src/types-internal.h
+++ b/src/types-internal.h
@ -425,7 +425,7 @@ typedef struct getdns_dns_req {
 extern getdns_dict *dnssec_ok_checking_disabled;
 extern getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance;
 extern getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks;
-extern getdns_dict *no_dnssec_checking_disabled;
+extern getdns_dict *no_dnssec_checking_disabled_opportunistic;
 /* dns request utils */
 getdns_dns_req *_getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,