mirror of https://github.com/getdnsapi/getdns.git
Cleanup
This commit is contained in:
Sara Dickinson
parent
689447509a
commit
b74c62066c
|
|
@ -3,6 +3,12 @@
|
|||
(ldns still necessary to be able to run tests though)
|
||||
* Bugfix: DNSSEC code finding zone cut with redirects + pursuing unsigned
|
||||
DS answers close to the root. Thanks Theogene Bucuti!
|
||||
* Default port for TLS changed to 853
|
||||
* Unofficial extension to the API to allow TLS hostname verification to be
|
||||
required for stub mode when using only TLS as a transport.
|
||||
When required a hostname must be supplied in the
|
||||
'hostname' field of the upstream_list dict and the TLS cipher suites are
|
||||
restricted to the 4 AEAD suites recommended in RFC7525.
|
||||
|
||||
* 2015-09-09: Version 0.3.3
|
||||
* Fix clearing upstream events on shutdown
|
||||
|
|
|
|||
|
|
@ -91,9 +91,6 @@ doc: FORCE
|
|||
example:
|
||||
cd spec/example && $(MAKE) $@
|
||||
|
||||
test_code:
|
||||
cd src && $(MAKE) $@
|
||||
|
||||
test:
|
||||
cd src && $(MAKE) $@
|
||||
|
||||
|
|
|
|||
|
|
@ -87,7 +87,8 @@ External dependencies are linked outside the getdns API build tree (we rely on c
|
|||
|
||||
* [libunbound from NLnet Labs](http://www.nlnetlabs.nl/projects/unbound/) version 1.4.16 or later
|
||||
* [libidn from the FSF](http://www.gnu.org/software/libidn/) version 1.
|
||||
* [libssl from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.2 or later is required for TLS support)
|
||||
* [libssl from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2
|
||||
or later is required for TLS hostname authentication)
|
||||
* Doxygen is used to generate documentation, while this is not technically necessary for the build it makes things a lot more pleasant.
|
||||
|
||||
You have to install the library and also the library-devel (or -dev) for your
|
||||
|
|
@ -226,7 +227,7 @@ To install the [event loop integration libraries](https://github.com/getdnsapi/g
|
|||
|
||||
Note that in order to compile the examples, the `--with-libevent` switch is required.
|
||||
|
||||
As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key`. Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS authentication should work out of the box.
|
||||
As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key`. Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
|
||||
|
||||
Contributors
|
||||
============
|
||||
|
|
|
|||
|
|
@ -112,7 +112,7 @@ AC_CHECK_LIB(ssl, TLSv1_2_client_method,AC_DEFINE([HAVE_TLS_v1_2], [1],
|
|||
|
||||
dnl Native OpenSSL hostname verification requires OpenSSL 1.0.2
|
||||
AC_CHECK_LIB(ssl, SSL_CTX_get0_param,AC_DEFINE([HAVE_SSL_HN_AUTH], [1],
|
||||
[Define if you have libssl with host name verification]),[AC_MSG_WARN([Cannot find SSL_CTX_get0_param in libssl library. Native TLS hostname verification will not be available, custom code will be used.])])
|
||||
[Define if you have libssl with host name verification]),[AC_MSG_WARN([Cannot find SSL_CTX_get0_param in libssl library. TLS hostname verification will not be available.])])
|
||||
])
|
||||
|
||||
dnl Check for SSL, where SSL is mandatory
|
||||
|
|
|
|||
|
|
@ -147,9 +147,6 @@ libgetdns_ext_ev.la: libgetdns.la libev.lo
|
|||
libgetdns.la: $(GETDNS_OBJ) version.lo context.lo libmini_event.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ)
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ $(GETDNS_OBJ) version.lo context.lo libmini_event.lo $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
|
||||
|
||||
test_code: FORCE
|
||||
cd test && $(MAKE) $@
|
||||
|
||||
test: FORCE
|
||||
cd test && $(MAKE) $@
|
||||
|
||||
|
|
|
|||
|
|
@ -900,8 +900,8 @@ getdns_context_create_with_extended_memory_functions(
|
|||
result->edns_maximum_udp_payload_size = -1;
|
||||
if ((r = create_default_dns_transports(result)))
|
||||
goto error;
|
||||
result->tls_auth = GETDNS_AUTHENTICATION_HOSTNAME;
|
||||
result->tls_auth_min = GETDNS_AUTHENTICATION_HOSTNAME;
|
||||
result->tls_auth = GETDNS_AUTHENTICATION_NONE;
|
||||
result->tls_auth_min = GETDNS_AUTHENTICATION_NONE;
|
||||
result->limit_outstanding_queries = 0;
|
||||
result->return_dnssec_status = GETDNS_EXTENSION_FALSE;
|
||||
|
||||
|
|
@ -1273,7 +1273,6 @@ getdns_set_base_dns_transports(
|
|||
memcpy(context->dns_transports, transports,
|
||||
transport_count * sizeof(getdns_transport_list_t));
|
||||
context->dns_transport_count = transport_count;
|
||||
dispatch_updated(context, GETDNS_CONTEXT_CODE_DNS_TRANSPORT);
|
||||
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,6 +79,7 @@ static void stub_timeout_cb(void *userarg);
|
|||
/* General utility functions */
|
||||
/*****************************/
|
||||
|
||||
|
||||
static void
|
||||
rollover_secret()
|
||||
{
|
||||
|
|
@ -824,7 +825,6 @@ tls_failed(getdns_upstream *upstream)
|
|||
|
||||
static int
|
||||
tls_auth_status_ok(getdns_upstream *upstream, getdns_network_req *netreq) {
|
||||
DEBUG_STUB("--- %s %d %d\n", __FUNCTION__, (int)netreq->tls_auth_min, (int)upstream->tls_auth_failed);
|
||||
return (netreq->tls_auth_min == GETDNS_AUTHENTICATION_HOSTNAME &&
|
||||
upstream->tls_auth_failed) ? 0 : 1;
|
||||
}
|
||||
|
|
@ -1697,7 +1697,7 @@ find_upstream_for_netreq(getdns_network_req *netreq)
|
|||
netreq->transports[i],
|
||||
&fd);
|
||||
if (fd == -1 || !upstream)
|
||||
continue;
|
||||
continue;
|
||||
netreq->transport_current = i;
|
||||
netreq->upstream = upstream;
|
||||
return fd;
|
||||
|
|
|
|||
|
|
@ -158,8 +158,6 @@ nolibldns:
|
|||
|
||||
test: $(NOLIBCHECK) $(NOLIBLDNS) all
|
||||
|
||||
test_code: $(NOLIBCHECK) all
|
||||
|
||||
(cd $(srcdir)/../.. && find . -type f -executable -and \( -name "*.[ch]" -or -name "*.html" -or -name "*.in" -or -name "*.good" -or -name "*.ac" \) | awk 'BEGIN{e=0}{print("ERROR! Executable bit found on", $$0);e=1}END{exit(e)}')
|
||||
./$(CHECK_GETDNS)
|
||||
if test $(have_libevent) = 1 ; then ./$(CHECK_EVENT_PROG) ; fi
|
||||
|
|
|
|||
|
|
@ -193,10 +193,8 @@ void my_eventloop_run_once(getdns_eventloop *loop, int blocking)
|
|||
tv.tv_sec = 0;
|
||||
tv.tv_usec = 0;
|
||||
} else {
|
||||
//tv.tv_sec = (timeout - now) / 1000000;
|
||||
tv.tv_sec = 21474836;
|
||||
tv.tv_sec = (timeout - now) / 1000000;
|
||||
tv.tv_usec = (timeout - now) % 1000000;
|
||||
//fprintf(stdout, "Using BIG tv: %" PRIu64 " %" PRIu64 ", %lu %d \n", timeout, now, tv.tv_sec, tv.tv_usec);
|
||||
}
|
||||
if (select(max_fd + 1, &readfds, &writefds, NULL, &tv) < 0) {
|
||||
perror("select() failed");
|
||||
|
|
@ -386,7 +384,7 @@ print_usage(FILE *out, const char *progname)
|
|||
fprintf(out, "\t-I\tInteractive mode (> 1 queries on same context)\n");
|
||||
fprintf(out, "\t-j\tOutput json response dict\n");
|
||||
fprintf(out, "\t-J\tPretty print json response dict\n");
|
||||
fprintf(out, "\t-n\tSet TLS authentication mode to NONE (default is to verify hostname)\n");
|
||||
fprintf(out, "\t-n\tSet TLS authentication mode to NONE (default)\n");
|
||||
fprintf(out, "\t-m\tSet TLS authentication mode to HOSTNAME\n");
|
||||
fprintf(out, "\t-p\tPretty print response dict\n");
|
||||
fprintf(out, "\t-r\tSet recursing resolution type\n");
|
||||
|
|
|
|||
|
|
@ -77,20 +77,22 @@ echo $TLS_SERVER_IP_NO_NAME
|
|||
GOOD_QUERIES=(
|
||||
"-s -A -q getdnsapi.net -l U @${SERVER_IP} "
|
||||
"-s -A -q getdnsapi.net -l T @${SERVER_IP} "
|
||||
"-s -A -q getdnsapi.net -l L @${TLS_SERVER_IP}"
|
||||
"-s -A -q getdnsapi.net -l S @${TLS_SERVER_IP}")
|
||||
"-s -A -q getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}"
|
||||
"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP}")
|
||||
#"-s -A -q getdnsapi.net -l S @${TLS_SERVER_IP_NO_NAME}")
|
||||
|
||||
GOOD_FALLBACK_QUERIES=(
|
||||
"-s -A -q getdnsapi.net -l LT @${SERVER_IP}"
|
||||
"-s -A -q getdnsapi.net -l LT @${SERVER_IP}"
|
||||
"-s -A -q getdnsapi.net -l LT @${TLS_SERVER_IP_NO_NAME}"
|
||||
"-s -A -q getdnsapi.net -l L @${SERVER_IP} @${TLS_SERVER_IP}"
|
||||
"-s -A -q getdnsapi.net -l LT -m @${TLS_SERVER_IP_NO_NAME}"
|
||||
"-s -A -q getdnsapi.net -l L @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}"
|
||||
"-s -G -q DNSKEY getdnsapi.net -l UT @${SERVER_IP} -b 512 -D")
|
||||
|
||||
NOT_AVAILABLE_QUERIES=(
|
||||
"-s -A -q getdnsapi.net -l L @${SERVER_IP} "
|
||||
"-s -A -q getdnsapi.net -l S @${SERVER_IP} "
|
||||
"-s -A -q getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME} "
|
||||
#"-s -A -q getdnsapi.net -l S @${SERVER_IP} "
|
||||
"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} "
|
||||
"-s -G -q DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D")
|
||||
|
||||
echo "Starting transport test"
|
||||
|
|
|
|||
Loading…
Reference in New Issue