interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove STARTTLS

This commit is contained in:
Sara Dickinson 2015-12-17 17:20:08 +00:00
parent 95e9fa1f35
commit c5b839bda8
9 changed files with 26 additions and 222 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -1,4 +1,5 @@
*
*
* Remove STARTTLS implementation (no change to SPEC)
* Enable TCP Fast Open when possible. Add OSX support for TFO.
* Rename return_call_debugging to return_call_reporting

2
src/const-info.c
View File

@ -43,7 +43,6 @@ static struct const_info consts_info[] = {
{ 543, "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
{ 544, "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT },
{ 545, "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT },
{ 546, "GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT },
{ 550, "GETDNS_APPEND_NAME_ALWAYS", GETDNS_APPEND_NAME_ALWAYS_TEXT },
{ 551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT },
{ 552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT },
@ -88,7 +87,6 @@ static struct const_info consts_info[] = {
{ 1200, "GETDNS_TRANSPORT_UDP", GETDNS_TRANSPORT_UDP_TEXT },
{ 1201, "GETDNS_TRANSPORT_TCP", GETDNS_TRANSPORT_TCP_TEXT },
{ 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
{ 1203, "GETDNS_TRANSPORT_STARTTLS", GETDNS_TRANSPORT_STARTTLS_TEXT },
{ 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
{ 1301, "GETDNS_AUTHENTICATION_HOSTNAME", GETDNS_AUTHENTICATION_HOSTNAME_TEXT },
};

45
src/context.c
View File

@ -73,21 +73,18 @@ typedef struct host_name_addrs {
static getdns_transport_list_t
getdns_upstream_transports[GETDNS_UPSTREAM_TRANSPORTS] = {
GETDNS_TRANSPORT_STARTTLS, // Define before TCP to ease fallback
GETDNS_TRANSPORT_TCP,
GETDNS_TRANSPORT_TLS,
};
static in_port_t
getdns_port_array[GETDNS_UPSTREAM_TRANSPORTS] = {
GETDNS_PORT_DNS,
GETDNS_PORT_DNS,
GETDNS_PORT_DNS_OVER_TLS
};
char*
getdns_port_str_array[] = {
GETDNS_STR_PORT_DNS,
GETDNS_STR_PORT_DNS,
GETDNS_STR_PORT_DNS_OVER_TLS
};
@ -575,8 +572,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream)
static int
tls_is_in_transports_list(getdns_context *context) {
for (int i=0; i< context->dns_transport_count;i++) {
if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS ||
context->dns_transports[i] == GETDNS_TRANSPORT_STARTTLS)
if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS)
return 1;
}
return 0;
@ -586,8 +582,7 @@ static int
tls_only_is_in_transports_list(getdns_context *context) {
if (context->dns_transport_count != 1)
return 0;
if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS ||
context->dns_transports[0] == GETDNS_TRANSPORT_STARTTLS)
if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS)
return 1;
return 0;
}
@ -617,7 +612,6 @@ upstream_init(getdns_upstream *upstream,
/* For sharing a socket to this upstream with TCP */
upstream->fd = -1;
upstream->tls_obj = NULL;
upstream->starttls_req = NULL;
upstream->transport = GETDNS_TRANSPORT_TCP;
upstream->tls_hs_state = GETDNS_HS_NONE;
upstream->tls_auth_failed = 0;
@ -1250,18 +1244,17 @@ getdns_set_base_dns_transports(
return GETDNS_RETURN_INVALID_PARAMETER;
/* Check for valid transports and that they are used only once*/
int u=0,t=0,l=0,s=0;
int u=0,t=0,l=0;
for(i=0; i<transport_count; i++)
{
switch (transports[i]) {
case GETDNS_TRANSPORT_UDP: u++; break;
case GETDNS_TRANSPORT_TCP: t++; break;
case GETDNS_TRANSPORT_TLS: l++; break;
case GETDNS_TRANSPORT_STARTTLS: s++; break;
default: return GETDNS_RETURN_INVALID_PARAMETER;
}
}
if ( u>1 || t>1 || l>1 || s>1)
if ( u>1 || t>1 || l>1)
return GETDNS_RETURN_INVALID_PARAMETER;
if (!(new_transports = GETDNS_XMALLOC(context->my_mf,
@ -1298,7 +1291,6 @@ set_ub_dns_transport(struct getdns_context* context) {
set_ub_string_opt(context, "do-tcp:", "yes");
break;
case GETDNS_TRANSPORT_TLS:
case GETDNS_TRANSPORT_STARTTLS:
set_ub_string_opt(context, "do-udp:", "no");
set_ub_string_opt(context, "do-tcp:", "yes");
/* Find out if there is a fallback available. */
@ -1315,15 +1307,9 @@ set_ub_dns_transport(struct getdns_context* context) {
break;
}
}
if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS) {
if (fallback == 0)
/* Use TLS if it is the only thing.*/
set_ub_string_opt(context, "ssl-upstream:", "yes");
break;
} else if (fallback == 0)
/* Can't support STARTTLS with no fallback. This leads to
* timeouts with un stub validation.... */
set_ub_string_opt(context, "do-tcp:", "no");
if (fallback == 0)
/* Use TLS if it is the only thing.*/
set_ub_string_opt(context, "ssl-upstream:", "yes");
break;
default:
return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
@ -1380,10 +1366,6 @@ getdns_context_set_dns_transport(
context->dns_transports[0] = GETDNS_TRANSPORT_TLS;
context->dns_transports[1] = GETDNS_TRANSPORT_TCP;
break;
case GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN:
context->dns_transports[0] = GETDNS_TRANSPORT_STARTTLS;
context->dns_transports[1] = GETDNS_TRANSPORT_TCP;
break;
default:
return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
}
@ -1787,8 +1769,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
upstream->addr.ss_family = addr.ss_family;
upstream_init(upstream, upstreams, ai);
upstream->transport = getdns_upstream_transports[j];
if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS ||
getdns_upstream_transports[j] == GETDNS_TRANSPORT_STARTTLS) {
if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) {
if ((r = getdns_dict_get_bindata(
dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) {
/*TODO: VALIDATE THIS STRING!*/
@ -2276,9 +2257,9 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context,
}
}
/* Block use of STARTTLS/TLS ONLY in recursive mode as it won't work */
/* Block use of TLS ONLY in recursive mode as it won't work */
/* Note: If TLS is used in recursive mode this will try TLS on port
* 53 so it is blocked here. So is 'STARTTLS only' at the moment. */
* 53 so it is blocked here. */
if (context->resolution_type == GETDNS_RESOLUTION_RECURSING &&
tls_only_is_in_transports_list(context) == 1)
return GETDNS_RETURN_BAD_CONTEXT;
@ -2823,12 +2804,6 @@ getdns_context_get_dns_transport(getdns_context *context,
else
return GETDNS_RETURN_WRONG_TYPE_REQUESTED;
}
if (transports[0] == GETDNS_TRANSPORT_STARTTLS) {
if (count == 2 && transports[1] == GETDNS_TRANSPORT_TCP)
*value = GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN;
else
return GETDNS_RETURN_WRONG_TYPE_REQUESTED;
}
return GETDNS_RETURN_GOOD;
}

1
src/context.h
View File

@ -97,7 +97,6 @@ typedef struct getdns_upstream {
getdns_transport_list_t transport;
SSL* tls_obj;
getdns_tls_hs_state_t tls_hs_state;
getdns_dns_req * starttls_req;
getdns_eventloop_event event;
getdns_eventloop *loop;
getdns_tcp_state tcp;

2
src/getdns/getdns.h.in
View File

@ -185,7 +185,6 @@ typedef enum getdns_transport_list_t {
GETDNS_TRANSPORT_UDP = 1200,
GETDNS_TRANSPORT_TCP = 1201,
GETDNS_TRANSPORT_TLS = 1202,
GETDNS_TRANSPORT_STARTTLS = 1203
} getdns_transport_list_t;
/**
@ -195,7 +194,6 @@ typedef enum getdns_transport_list_t {
#define GETDNS_TRANSPORT_UDP_TEXT "See getdns_context_set_dns_transport_list()"
#define GETDNS_TRANSPORT_TCP_TEXT "See getdns_context_set_dns_transport_list()"
#define GETDNS_TRANSPORT_TLS_TEXT "See getdns_context_set_dns_transport_list()"
#define GETDNS_TRANSPORT_STARTTLS_TEXT "See getdns_context_set_dns_transport_list()"
/** @}
*/

2
src/getdns/getdns_extra.h.in
View File

@ -399,8 +399,6 @@ getdns_context_get_tls_authentication(getdns_context *context,
#define GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()"
#define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 545
#define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()"
#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 546
#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()"
#ifdef __cplusplus
}

179
src/stub.c
View File

@ -256,81 +256,6 @@ match_and_process_server_cookie(
return 0;
}
static int
create_starttls_request(getdns_dns_req *dnsreq, getdns_upstream *upstream,
getdns_eventloop *loop)
{
getdns_return_t r = GETDNS_RETURN_GOOD;
getdns_dict* extensions = getdns_dict_create_with_context(dnsreq->context);
if (!extensions) {
return 0;
}
r = getdns_dict_set_int(extensions, "specify_class", GLDNS_RR_CLASS_CH);
if (r != GETDNS_RETURN_GOOD) {
getdns_dict_destroy(extensions);
return 0;
}
upstream->starttls_req = _getdns_dns_req_new(dnsreq->context, loop,
"STARTTLS", GETDNS_RRTYPE_TXT, extensions);
/*TODO[TLS]: TO BIT*/
if (upstream->starttls_req == NULL)
return 0;
getdns_dict_destroy(extensions);
upstream->starttls_req->netreqs[0]->upstream = upstream;
return 1;
}
static int
is_starttls_response(getdns_network_req *netreq)
{
_getdns_rr_iter rr_iter_storage, *rr_iter;
_getdns_rdf_iter rdf_iter_storage, *rdf_iter;
uint16_t rr_type;
gldns_pkt_section section;
uint8_t starttls_name_space[256], *starttls_name;
uint8_t owner_name_space[256], *owner_name;
size_t starttls_name_len = sizeof(starttls_name_space);
size_t owner_name_len = sizeof(owner_name_space);;
/* Servers that are not STARTTLS aware will refuse the CH query*/
if (GLDNS_RCODE_NOERROR != GLDNS_RCODE_WIRE(netreq->response))
return 0;
if (GLDNS_ANCOUNT(netreq->response) != 1)
return 0;
for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage
, netreq->response
, netreq->response_len)
; rr_iter
; rr_iter = _getdns_rr_iter_next(rr_iter)) {
section = _getdns_rr_iter_section(rr_iter);
rr_type = gldns_read_uint16(rr_iter->rr_type);
if (section != GLDNS_SECTION_ANSWER
|| rr_type != GETDNS_RRTYPE_TXT)
continue;
owner_name = _getdns_owner_if_or_as_decompressed(
rr_iter, owner_name_space, &owner_name_len);
if (!_getdns_dname_equal(netreq->owner->name, owner_name))
continue;
if (!(rdf_iter = _getdns_rdf_iter_init(
&rdf_iter_storage, rr_iter)))
continue;
if ((starttls_name = _getdns_rdf_if_or_as_decompressed(
rdf_iter, starttls_name_space, &starttls_name_len)) &&
_getdns_dname_equal(starttls_name, owner_name))
return 1;
return 0;
}
return 0;
}
/** best effort to set nonblocking */
static void
getdns_sock_nonblock(int sockfd)
@ -361,8 +286,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport)
getdns_sock_nonblock(fd);
#ifdef USE_TCP_FASTOPEN
/* Leave the connect to the later call to sendto() if using TCP*/
if (transport == GETDNS_TRANSPORT_TCP ||
transport == GETDNS_TRANSPORT_STARTTLS)
if (transport == GETDNS_TRANSPORT_TCP)
return fd;
#elif USE_OSX_TCP_FASTOPEN
sa_endpoints_t endpoints;
@ -540,15 +464,6 @@ stub_timeout_cb(void *userarg)
{
DEBUG_STUB("*** %s(%p)\n", __FUNCTION__, userarg);
getdns_network_req *netreq = (getdns_network_req *)userarg;
/* For now, mark a STARTTLS timeout as a failured negotiation and allow
* fallback but don't close the connection. */
if (netreq->owner == netreq->upstream->starttls_req) {
netreq->upstream->tls_hs_state = GETDNS_HS_FAILED;
stub_next_upstream(netreq);
stub_cleanup(netreq);
return;
}
stub_next_upstream(netreq);
stub_cleanup(netreq);
@ -707,6 +622,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
uint16_t query_id;
intptr_t query_id_intptr;
DEBUG_STUB("*** %s\n", __FUNCTION__);
int q = tcp_connected(netreq->upstream);
if (q != 0)
return q;
@ -760,6 +676,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
written < pkt_len + 2) {
#else
written = write(fd, netreq->query - 2, pkt_len + 2);
DEBUG_STUB("*** %s Written: %d\n", __FUNCTION__, (int)written);
if ((written == -1 && (errno == EAGAIN ||
errno == EWOULDBLOCK)) ||
written < pkt_len + 2) {
@ -813,27 +730,22 @@ static int
tls_requested(getdns_network_req *netreq)
{
return (netreq->transports[netreq->transport_current] ==
GETDNS_TRANSPORT_TLS ||
netreq->transports[netreq->transport_current] ==
GETDNS_TRANSPORT_STARTTLS) ?
GETDNS_TRANSPORT_TLS) ?
1 : 0;
}
static int
tls_should_write(getdns_upstream *upstream)
{
/* Should messages be written on TLS upstream. Remember that for STARTTLS
* the first message should got over TCP as the handshake isn't started yet.*/
return ((upstream->transport == GETDNS_TRANSPORT_TLS ||
upstream->transport == GETDNS_TRANSPORT_STARTTLS) &&
/* Should messages be written on TLS upstream. */
return ((upstream->transport == GETDNS_TRANSPORT_TLS) &&
upstream->tls_hs_state != GETDNS_HS_NONE) ? 1 : 0;
}
static int
tls_should_read(getdns_upstream *upstream)
{
return ((upstream->transport == GETDNS_TRANSPORT_TLS ||
upstream->transport == GETDNS_TRANSPORT_STARTTLS) &&
return ((upstream->transport == GETDNS_TRANSPORT_TLS) &&
!(upstream->tls_hs_state == GETDNS_HS_FAILED ||
upstream->tls_hs_state == GETDNS_HS_NONE)) ? 1 : 0;
}
@ -842,8 +754,7 @@ static int
tls_failed(getdns_upstream *upstream)
{
/* No messages should be scheduled onto an upstream in this state */
return ((upstream->transport == GETDNS_TRANSPORT_TLS ||
upstream->transport == GETDNS_TRANSPORT_STARTTLS) &&
return ((upstream->transport == GETDNS_TRANSPORT_TLS) &&
upstream->tls_hs_state == GETDNS_HS_FAILED) ? 1 : 0;
}
@ -1430,7 +1341,6 @@ upstream_read_cb(void *userarg)
DEBUG_STUB("--- READ: %s\n", __FUNCTION__);
getdns_upstream *upstream = (getdns_upstream *)userarg;
getdns_network_req *netreq;
getdns_dns_req *dnsreq;
int q;
uint16_t query_id;
intptr_t query_id_intptr;
@ -1474,25 +1384,6 @@ upstream_read_cb(void *userarg)
* on a working connection until we hit a problem.*/
upstream->upstreams->current = 0;
if (netreq->owner == upstream->starttls_req) {
dnsreq = netreq->owner;
if (is_starttls_response(netreq)) {
upstream->tls_obj = tls_create_object(dnsreq,
upstream->fd,
upstream);
if (upstream->tls_obj == NULL)
upstream->tls_hs_state = GETDNS_HS_FAILED;
upstream->tls_hs_state = GETDNS_HS_WRITE;
} else
upstream->tls_hs_state = GETDNS_HS_FAILED;
/* Now reschedule the writes on this connection */
GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd,
netreq->owner->context->timeout,
getdns_eventloop_event_init(&upstream->event, upstream,
NULL, upstream_write_cb, NULL));
}
netreq->debug_end_time = _getdns_get_time_as_uintt64();
/* This also reschedules events for the upstream*/
stub_cleanup(netreq);
@ -1500,9 +1391,6 @@ upstream_read_cb(void *userarg)
/* More to read/write for syncronous lookups? */
if (netreq->event.read_cb)
upstream_reschedule_netreq_events(upstream, netreq);
if (netreq->owner != upstream->starttls_req)
_getdns_check_dns_req_complete(netreq->owner);
}
}
@ -1582,20 +1470,6 @@ upstream_write_cb(void *userarg)
GETDNS_SCHEDULE_EVENT(upstream->loop,
upstream->fd, TIMEOUT_FOREVER, &upstream->event);
}
if (upstream->starttls_req && netreq->owner == upstream->starttls_req) {
/* Now deschedule any further writes on this connection until we get
* the STARTTLS answer*/
GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
upstream->event.write_cb = NULL;
GETDNS_SCHEDULE_EVENT(upstream->loop,
upstream->fd, TIMEOUT_FOREVER, &upstream->event);
} else if (upstream->starttls_req) {
/* Delay the cleanup of the STARTTLS req until the write of the next
* req in the queue since for sync req, the event on a request is
* used for the callback that writes the next req. */
_getdns_dns_req_free(upstream->starttls_req);
upstream->starttls_req = NULL;
}
/* With synchonous lookups, schedule the read locally too */
if (netreq->event.write_cb) {
GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
@ -1603,7 +1477,7 @@ upstream_write_cb(void *userarg)
dnsreq->loop, upstream->fd, dnsreq->context->timeout,
getdns_eventloop_event_init(&netreq->event, netreq,
netreq_upstream_read_cb,
(upstream->write_queue && !upstream->starttls_req ?
(upstream->write_queue ?
netreq_upstream_write_cb : NULL),
stub_timeout_cb));
}
@ -1639,12 +1513,6 @@ upstream_transport_valid(getdns_upstream *upstream,
upstream->tcp.write_error != 0) {
return 0;
}
/* Allow TCP messages to be sent on a STARTTLS upstream that hasn't
* upgraded to avoid opening a new connection if one is aleady open. */
if (transport == GETDNS_TRANSPORT_TCP &&
upstream->transport == GETDNS_TRANSPORT_STARTTLS &&
upstream->tls_hs_state == GETDNS_HS_FAILED)
return 1;
/* Otherwise, transport must match, and not have failed */
if (upstream->transport != transport)
return 0;
@ -1740,28 +1608,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport,
upstream->loop = dnsreq->context->extension;
upstream->fd = fd;
break;
case GETDNS_TRANSPORT_STARTTLS:
/* Use existing if available. Let the fallback code handle it if
* STARTTLS isn't availble. */
if (upstream->fd != -1)
return upstream->fd;
fd = tcp_connect(upstream, transport);
if (fd == -1) return -1;
if (!create_starttls_request(dnsreq, upstream, dnsreq->loop))
return GETDNS_RETURN_GENERIC_ERROR;
getdns_network_req *starttls_netreq = upstream->starttls_req->netreqs[0];
upstream->loop = dnsreq->context->extension;
upstream->fd = fd;
upstream_schedule_netreq(upstream, starttls_netreq);
/* Schedule at least the timeout locally, but use less than half the
* context value so by default this timeouts before the TIMEOUT_TLS.
* And also the write if we perform a synchronous lookup */
GETDNS_SCHEDULE_EVENT(
dnsreq->loop, upstream->fd, dnsreq->context->timeout / 3,
getdns_eventloop_event_init(&starttls_netreq->event,
starttls_netreq, NULL, (dnsreq->loop != upstream->loop
? netreq_upstream_write_cb : NULL), stub_timeout_cb));
break;
default:
return -1;
/* Nothing to do*/
@ -1909,9 +1755,7 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq)
GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
upstream->event.timeout_cb = NULL;
upstream->event.write_cb = upstream_write_cb;
if (upstream->tls_hs_state == GETDNS_HS_WRITE ||
(upstream->starttls_req &&
upstream->starttls_req->netreqs[0] == netreq)) {
if (upstream->tls_hs_state == GETDNS_HS_WRITE) {
/* Set a timeout on the upstream so we can catch failed setup*/
/* TODO[TLS]: When generic fallback supported, we should decide how
* to split the timeout between transports. */
@ -1954,8 +1798,7 @@ _getdns_submit_stub_request(getdns_network_req *netreq)
NULL, (transport == GETDNS_TRANSPORT_UDP ?
stub_udp_write_cb: stub_tcp_write_cb), stub_timeout_cb));
return GETDNS_RETURN_GOOD;
case GETDNS_TRANSPORT_STARTTLS:
case GETDNS_TRANSPORT_TLS:
case GETDNS_TRANSPORT_TCP:
upstream_schedule_netreq(netreq->upstream, netreq);

2
src/test/Makefile.in
View File

@ -58,7 +58,7 @@ CHECK_EVENT_PROG=@CHECK_EVENT_PROG@
CHECK_EV_PROG=@CHECK_EV_PROG@
CC=@CC@
CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@
CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ -I/usr/local/opt/openssl/include
LDFLAGS=-L.. @LDFLAGS@
LDLIBS=../libgetdns.la @LIBS@
CHECK_LIBS=@CHECK_LIBS@

12
src/test/getdns_query.c
View File

@ -345,9 +345,6 @@ fill_transport_list(getdns_context *context, char *transport_list_str,
case 'L':
transports[i] = GETDNS_TRANSPORT_TLS;
break;
case 'S':
transports[i] = GETDNS_TRANSPORT_STARTTLS;
break;
default:
fprintf(stderr, "Unrecognised transport '%c' in string %s\n",
*(transport_list_str + i), transport_list_str);
@ -360,7 +357,7 @@ fill_transport_list(getdns_context *context, char *transport_list_str,
void
print_usage(FILE *out, const char *progname)
{
fprintf(out, "usage: %s [@<server>] [+extension] [<name>] [<type>]\n",
fprintf(out, "usage: %s [@<server>][~<server_hostname>] [+extension] [<name>] [<type>]\n",
progname);
fprintf(out, "options:\n");
fprintf(out, "\t-a\tPerform asynchronous resolution "
@ -394,11 +391,10 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t-O\tSet transport to TCP only keep connections open\n");
fprintf(out, "\t-L\tSet transport to TLS only keep connections open\n");
fprintf(out, "\t-E\tSet transport to TLS with TCP fallback only keep connections open\n");
fprintf(out, "\t-R\tSet transport to STARTTLS with TCP fallback only keep connections open\n");
fprintf(out, "\t-u\tSet transport to UDP with TCP fallback\n");
fprintf(out, "\t-U\tSet transport to UDP only\n");
fprintf(out, "\t-l <transports>\tSet transport list. List can contain 1 of each of the characters\n");
fprintf(out, "\t\t\t U T L S for UDP, TCP, TLS or STARTTLS e.g 'UT' or 'LST' \n");
fprintf(out, "\t\t\t U T L S for UDP, TCP or TLS e.g 'UT' or 'LTU' \n");
}
@ -790,10 +786,6 @@ getdns_return_t parse_args(int argc, char **argv)
getdns_context_set_dns_transport(context,
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN);
break;
case 'R':
getdns_context_set_dns_transport(context,
GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN);
break;
case 'u':
getdns_context_set_dns_transport(context,
GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP);