diff --git a/ChangeLog b/ChangeLog index 8e2f2a63..8d87442d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ -* +* + * Remove STARTTLS implementation (no change to SPEC) * Enable TCP Fast Open when possible. Add OSX support for TFO. * Rename return_call_debugging to return_call_reporting diff --git a/src/const-info.c b/src/const-info.c index 462a5cee..1e55a99a 100644 --- a/src/const-info.c +++ b/src/const-info.c @@ -43,7 +43,6 @@ static struct const_info consts_info[] = { { 543, "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN_TEXT }, { 544, "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT }, { 545, "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT }, - { 546, "GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT }, { 550, "GETDNS_APPEND_NAME_ALWAYS", GETDNS_APPEND_NAME_ALWAYS_TEXT }, { 551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT }, { 552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT }, @@ -88,7 +87,6 @@ static struct const_info consts_info[] = { { 1200, "GETDNS_TRANSPORT_UDP", GETDNS_TRANSPORT_UDP_TEXT }, { 1201, "GETDNS_TRANSPORT_TCP", GETDNS_TRANSPORT_TCP_TEXT }, { 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT }, - { 1203, "GETDNS_TRANSPORT_STARTTLS", GETDNS_TRANSPORT_STARTTLS_TEXT }, { 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT }, { 1301, "GETDNS_AUTHENTICATION_HOSTNAME", GETDNS_AUTHENTICATION_HOSTNAME_TEXT }, }; diff --git a/src/context.c b/src/context.c index eb242be0..827660c9 100644 --- a/src/context.c +++ b/src/context.c @@ -73,21 +73,18 @@ typedef struct host_name_addrs { static getdns_transport_list_t getdns_upstream_transports[GETDNS_UPSTREAM_TRANSPORTS] = { - GETDNS_TRANSPORT_STARTTLS, // Define before TCP to ease fallback GETDNS_TRANSPORT_TCP, GETDNS_TRANSPORT_TLS, }; static in_port_t getdns_port_array[GETDNS_UPSTREAM_TRANSPORTS] = { - GETDNS_PORT_DNS, GETDNS_PORT_DNS, GETDNS_PORT_DNS_OVER_TLS }; char* getdns_port_str_array[] = { - GETDNS_STR_PORT_DNS, GETDNS_STR_PORT_DNS, GETDNS_STR_PORT_DNS_OVER_TLS }; @@ -575,8 +572,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream) static int tls_is_in_transports_list(getdns_context *context) { for (int i=0; i< context->dns_transport_count;i++) { - if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS || - context->dns_transports[i] == GETDNS_TRANSPORT_STARTTLS) + if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS) return 1; } return 0; @@ -586,8 +582,7 @@ static int tls_only_is_in_transports_list(getdns_context *context) { if (context->dns_transport_count != 1) return 0; - if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS || - context->dns_transports[0] == GETDNS_TRANSPORT_STARTTLS) + if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS) return 1; return 0; } @@ -617,7 +612,6 @@ upstream_init(getdns_upstream *upstream, /* For sharing a socket to this upstream with TCP */ upstream->fd = -1; upstream->tls_obj = NULL; - upstream->starttls_req = NULL; upstream->transport = GETDNS_TRANSPORT_TCP; upstream->tls_hs_state = GETDNS_HS_NONE; upstream->tls_auth_failed = 0; @@ -1250,18 +1244,17 @@ getdns_set_base_dns_transports( return GETDNS_RETURN_INVALID_PARAMETER; /* Check for valid transports and that they are used only once*/ - int u=0,t=0,l=0,s=0; + int u=0,t=0,l=0; for(i=0; i1 || t>1 || l>1 || s>1) + if ( u>1 || t>1 || l>1) return GETDNS_RETURN_INVALID_PARAMETER; if (!(new_transports = GETDNS_XMALLOC(context->my_mf, @@ -1298,7 +1291,6 @@ set_ub_dns_transport(struct getdns_context* context) { set_ub_string_opt(context, "do-tcp:", "yes"); break; case GETDNS_TRANSPORT_TLS: - case GETDNS_TRANSPORT_STARTTLS: set_ub_string_opt(context, "do-udp:", "no"); set_ub_string_opt(context, "do-tcp:", "yes"); /* Find out if there is a fallback available. */ @@ -1315,15 +1307,9 @@ set_ub_dns_transport(struct getdns_context* context) { break; } } - if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS) { - if (fallback == 0) - /* Use TLS if it is the only thing.*/ - set_ub_string_opt(context, "ssl-upstream:", "yes"); - break; - } else if (fallback == 0) - /* Can't support STARTTLS with no fallback. This leads to - * timeouts with un stub validation.... */ - set_ub_string_opt(context, "do-tcp:", "no"); + if (fallback == 0) + /* Use TLS if it is the only thing.*/ + set_ub_string_opt(context, "ssl-upstream:", "yes"); break; default: return GETDNS_RETURN_CONTEXT_UPDATE_FAIL; @@ -1380,10 +1366,6 @@ getdns_context_set_dns_transport( context->dns_transports[0] = GETDNS_TRANSPORT_TLS; context->dns_transports[1] = GETDNS_TRANSPORT_TCP; break; - case GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN: - context->dns_transports[0] = GETDNS_TRANSPORT_STARTTLS; - context->dns_transports[1] = GETDNS_TRANSPORT_TCP; - break; default: return GETDNS_RETURN_CONTEXT_UPDATE_FAIL; } @@ -1787,8 +1769,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context, upstream->addr.ss_family = addr.ss_family; upstream_init(upstream, upstreams, ai); upstream->transport = getdns_upstream_transports[j]; - if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS || - getdns_upstream_transports[j] == GETDNS_TRANSPORT_STARTTLS) { + if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) { if ((r = getdns_dict_get_bindata( dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) { /*TODO: VALIDATE THIS STRING!*/ @@ -2276,9 +2257,9 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context, } } - /* Block use of STARTTLS/TLS ONLY in recursive mode as it won't work */ + /* Block use of TLS ONLY in recursive mode as it won't work */ /* Note: If TLS is used in recursive mode this will try TLS on port - * 53 so it is blocked here. So is 'STARTTLS only' at the moment. */ + * 53 so it is blocked here. */ if (context->resolution_type == GETDNS_RESOLUTION_RECURSING && tls_only_is_in_transports_list(context) == 1) return GETDNS_RETURN_BAD_CONTEXT; @@ -2823,12 +2804,6 @@ getdns_context_get_dns_transport(getdns_context *context, else return GETDNS_RETURN_WRONG_TYPE_REQUESTED; } - if (transports[0] == GETDNS_TRANSPORT_STARTTLS) { - if (count == 2 && transports[1] == GETDNS_TRANSPORT_TCP) - *value = GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN; - else - return GETDNS_RETURN_WRONG_TYPE_REQUESTED; - } return GETDNS_RETURN_GOOD; } diff --git a/src/context.h b/src/context.h index 1e489d2d..98068f1f 100644 --- a/src/context.h +++ b/src/context.h @@ -97,7 +97,6 @@ typedef struct getdns_upstream { getdns_transport_list_t transport; SSL* tls_obj; getdns_tls_hs_state_t tls_hs_state; - getdns_dns_req * starttls_req; getdns_eventloop_event event; getdns_eventloop *loop; getdns_tcp_state tcp; diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in index f2cebef2..65e0b2ee 100644 --- a/src/getdns/getdns.h.in +++ b/src/getdns/getdns.h.in @@ -185,7 +185,6 @@ typedef enum getdns_transport_list_t { GETDNS_TRANSPORT_UDP = 1200, GETDNS_TRANSPORT_TCP = 1201, GETDNS_TRANSPORT_TLS = 1202, - GETDNS_TRANSPORT_STARTTLS = 1203 } getdns_transport_list_t; /** @@ -195,7 +194,6 @@ typedef enum getdns_transport_list_t { #define GETDNS_TRANSPORT_UDP_TEXT "See getdns_context_set_dns_transport_list()" #define GETDNS_TRANSPORT_TCP_TEXT "See getdns_context_set_dns_transport_list()" #define GETDNS_TRANSPORT_TLS_TEXT "See getdns_context_set_dns_transport_list()" -#define GETDNS_TRANSPORT_STARTTLS_TEXT "See getdns_context_set_dns_transport_list()" /** @} */ diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in index da6c35e2..bc8d9580 100644 --- a/src/getdns/getdns_extra.h.in +++ b/src/getdns/getdns_extra.h.in @@ -399,8 +399,6 @@ getdns_context_get_tls_authentication(getdns_context *context, #define GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" #define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 545 #define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" -#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 546 -#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" #ifdef __cplusplus } diff --git a/src/stub.c b/src/stub.c index dc87418e..375efe24 100644 --- a/src/stub.c +++ b/src/stub.c @@ -256,81 +256,6 @@ match_and_process_server_cookie( return 0; } -static int -create_starttls_request(getdns_dns_req *dnsreq, getdns_upstream *upstream, - getdns_eventloop *loop) -{ - getdns_return_t r = GETDNS_RETURN_GOOD; - getdns_dict* extensions = getdns_dict_create_with_context(dnsreq->context); - if (!extensions) { - return 0; - } - r = getdns_dict_set_int(extensions, "specify_class", GLDNS_RR_CLASS_CH); - if (r != GETDNS_RETURN_GOOD) { - getdns_dict_destroy(extensions); - return 0; - } - upstream->starttls_req = _getdns_dns_req_new(dnsreq->context, loop, - "STARTTLS", GETDNS_RRTYPE_TXT, extensions); - /*TODO[TLS]: TO BIT*/ - if (upstream->starttls_req == NULL) - return 0; - getdns_dict_destroy(extensions); - - upstream->starttls_req->netreqs[0]->upstream = upstream; - return 1; -} - -static int -is_starttls_response(getdns_network_req *netreq) -{ - _getdns_rr_iter rr_iter_storage, *rr_iter; - _getdns_rdf_iter rdf_iter_storage, *rdf_iter; - uint16_t rr_type; - gldns_pkt_section section; - uint8_t starttls_name_space[256], *starttls_name; - uint8_t owner_name_space[256], *owner_name; - size_t starttls_name_len = sizeof(starttls_name_space); - size_t owner_name_len = sizeof(owner_name_space);; - - /* Servers that are not STARTTLS aware will refuse the CH query*/ - if (GLDNS_RCODE_NOERROR != GLDNS_RCODE_WIRE(netreq->response)) - return 0; - - if (GLDNS_ANCOUNT(netreq->response) != 1) - return 0; - - for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage - , netreq->response - , netreq->response_len) - ; rr_iter - ; rr_iter = _getdns_rr_iter_next(rr_iter)) { - - section = _getdns_rr_iter_section(rr_iter); - rr_type = gldns_read_uint16(rr_iter->rr_type); - if (section != GLDNS_SECTION_ANSWER - || rr_type != GETDNS_RRTYPE_TXT) - continue; - - owner_name = _getdns_owner_if_or_as_decompressed( - rr_iter, owner_name_space, &owner_name_len); - if (!_getdns_dname_equal(netreq->owner->name, owner_name)) - continue; - - if (!(rdf_iter = _getdns_rdf_iter_init( - &rdf_iter_storage, rr_iter))) - continue; - - if ((starttls_name = _getdns_rdf_if_or_as_decompressed( - rdf_iter, starttls_name_space, &starttls_name_len)) && - _getdns_dname_equal(starttls_name, owner_name)) - return 1; - - return 0; - } - return 0; -} - /** best effort to set nonblocking */ static void getdns_sock_nonblock(int sockfd) @@ -361,8 +286,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) getdns_sock_nonblock(fd); #ifdef USE_TCP_FASTOPEN /* Leave the connect to the later call to sendto() if using TCP*/ - if (transport == GETDNS_TRANSPORT_TCP || - transport == GETDNS_TRANSPORT_STARTTLS) + if (transport == GETDNS_TRANSPORT_TCP) return fd; #elif USE_OSX_TCP_FASTOPEN sa_endpoints_t endpoints; @@ -540,15 +464,6 @@ stub_timeout_cb(void *userarg) { DEBUG_STUB("*** %s(%p)\n", __FUNCTION__, userarg); getdns_network_req *netreq = (getdns_network_req *)userarg; - - /* For now, mark a STARTTLS timeout as a failured negotiation and allow - * fallback but don't close the connection. */ - if (netreq->owner == netreq->upstream->starttls_req) { - netreq->upstream->tls_hs_state = GETDNS_HS_FAILED; - stub_next_upstream(netreq); - stub_cleanup(netreq); - return; - } stub_next_upstream(netreq); stub_cleanup(netreq); @@ -707,6 +622,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) uint16_t query_id; intptr_t query_id_intptr; + DEBUG_STUB("*** %s\n", __FUNCTION__); int q = tcp_connected(netreq->upstream); if (q != 0) return q; @@ -760,6 +676,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) written < pkt_len + 2) { #else written = write(fd, netreq->query - 2, pkt_len + 2); + DEBUG_STUB("*** %s Written: %d\n", __FUNCTION__, (int)written); if ((written == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) || written < pkt_len + 2) { @@ -813,27 +730,22 @@ static int tls_requested(getdns_network_req *netreq) { return (netreq->transports[netreq->transport_current] == - GETDNS_TRANSPORT_TLS || - netreq->transports[netreq->transport_current] == - GETDNS_TRANSPORT_STARTTLS) ? + GETDNS_TRANSPORT_TLS) ? 1 : 0; } static int tls_should_write(getdns_upstream *upstream) { - /* Should messages be written on TLS upstream. Remember that for STARTTLS - * the first message should got over TCP as the handshake isn't started yet.*/ - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + /* Should messages be written on TLS upstream. */ + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && upstream->tls_hs_state != GETDNS_HS_NONE) ? 1 : 0; } static int tls_should_read(getdns_upstream *upstream) { - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && !(upstream->tls_hs_state == GETDNS_HS_FAILED || upstream->tls_hs_state == GETDNS_HS_NONE)) ? 1 : 0; } @@ -842,8 +754,7 @@ static int tls_failed(getdns_upstream *upstream) { /* No messages should be scheduled onto an upstream in this state */ - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && upstream->tls_hs_state == GETDNS_HS_FAILED) ? 1 : 0; } @@ -1430,7 +1341,6 @@ upstream_read_cb(void *userarg) DEBUG_STUB("--- READ: %s\n", __FUNCTION__); getdns_upstream *upstream = (getdns_upstream *)userarg; getdns_network_req *netreq; - getdns_dns_req *dnsreq; int q; uint16_t query_id; intptr_t query_id_intptr; @@ -1474,25 +1384,6 @@ upstream_read_cb(void *userarg) * on a working connection until we hit a problem.*/ upstream->upstreams->current = 0; - if (netreq->owner == upstream->starttls_req) { - dnsreq = netreq->owner; - if (is_starttls_response(netreq)) { - upstream->tls_obj = tls_create_object(dnsreq, - upstream->fd, - upstream); - if (upstream->tls_obj == NULL) - upstream->tls_hs_state = GETDNS_HS_FAILED; - upstream->tls_hs_state = GETDNS_HS_WRITE; - } else - upstream->tls_hs_state = GETDNS_HS_FAILED; - - /* Now reschedule the writes on this connection */ - GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); - GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, - netreq->owner->context->timeout, - getdns_eventloop_event_init(&upstream->event, upstream, - NULL, upstream_write_cb, NULL)); - } netreq->debug_end_time = _getdns_get_time_as_uintt64(); /* This also reschedules events for the upstream*/ stub_cleanup(netreq); @@ -1500,9 +1391,6 @@ upstream_read_cb(void *userarg) /* More to read/write for syncronous lookups? */ if (netreq->event.read_cb) upstream_reschedule_netreq_events(upstream, netreq); - - if (netreq->owner != upstream->starttls_req) - _getdns_check_dns_req_complete(netreq->owner); } } @@ -1582,20 +1470,6 @@ upstream_write_cb(void *userarg) GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, TIMEOUT_FOREVER, &upstream->event); } - if (upstream->starttls_req && netreq->owner == upstream->starttls_req) { - /* Now deschedule any further writes on this connection until we get - * the STARTTLS answer*/ - GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); - upstream->event.write_cb = NULL; - GETDNS_SCHEDULE_EVENT(upstream->loop, - upstream->fd, TIMEOUT_FOREVER, &upstream->event); - } else if (upstream->starttls_req) { - /* Delay the cleanup of the STARTTLS req until the write of the next - * req in the queue since for sync req, the event on a request is - * used for the callback that writes the next req. */ - _getdns_dns_req_free(upstream->starttls_req); - upstream->starttls_req = NULL; - } /* With synchonous lookups, schedule the read locally too */ if (netreq->event.write_cb) { GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event); @@ -1603,7 +1477,7 @@ upstream_write_cb(void *userarg) dnsreq->loop, upstream->fd, dnsreq->context->timeout, getdns_eventloop_event_init(&netreq->event, netreq, netreq_upstream_read_cb, - (upstream->write_queue && !upstream->starttls_req ? + (upstream->write_queue ? netreq_upstream_write_cb : NULL), stub_timeout_cb)); } @@ -1639,12 +1513,6 @@ upstream_transport_valid(getdns_upstream *upstream, upstream->tcp.write_error != 0) { return 0; } - /* Allow TCP messages to be sent on a STARTTLS upstream that hasn't - * upgraded to avoid opening a new connection if one is aleady open. */ - if (transport == GETDNS_TRANSPORT_TCP && - upstream->transport == GETDNS_TRANSPORT_STARTTLS && - upstream->tls_hs_state == GETDNS_HS_FAILED) - return 1; /* Otherwise, transport must match, and not have failed */ if (upstream->transport != transport) return 0; @@ -1740,28 +1608,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport, upstream->loop = dnsreq->context->extension; upstream->fd = fd; break; - case GETDNS_TRANSPORT_STARTTLS: - /* Use existing if available. Let the fallback code handle it if - * STARTTLS isn't availble. */ - if (upstream->fd != -1) - return upstream->fd; - fd = tcp_connect(upstream, transport); - if (fd == -1) return -1; - if (!create_starttls_request(dnsreq, upstream, dnsreq->loop)) - return GETDNS_RETURN_GENERIC_ERROR; - getdns_network_req *starttls_netreq = upstream->starttls_req->netreqs[0]; - upstream->loop = dnsreq->context->extension; - upstream->fd = fd; - upstream_schedule_netreq(upstream, starttls_netreq); - /* Schedule at least the timeout locally, but use less than half the - * context value so by default this timeouts before the TIMEOUT_TLS. - * And also the write if we perform a synchronous lookup */ - GETDNS_SCHEDULE_EVENT( - dnsreq->loop, upstream->fd, dnsreq->context->timeout / 3, - getdns_eventloop_event_init(&starttls_netreq->event, - starttls_netreq, NULL, (dnsreq->loop != upstream->loop - ? netreq_upstream_write_cb : NULL), stub_timeout_cb)); - break; default: return -1; /* Nothing to do*/ @@ -1909,9 +1755,7 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq) GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); upstream->event.timeout_cb = NULL; upstream->event.write_cb = upstream_write_cb; - if (upstream->tls_hs_state == GETDNS_HS_WRITE || - (upstream->starttls_req && - upstream->starttls_req->netreqs[0] == netreq)) { + if (upstream->tls_hs_state == GETDNS_HS_WRITE) { /* Set a timeout on the upstream so we can catch failed setup*/ /* TODO[TLS]: When generic fallback supported, we should decide how * to split the timeout between transports. */ @@ -1954,8 +1798,7 @@ _getdns_submit_stub_request(getdns_network_req *netreq) NULL, (transport == GETDNS_TRANSPORT_UDP ? stub_udp_write_cb: stub_tcp_write_cb), stub_timeout_cb)); return GETDNS_RETURN_GOOD; - - case GETDNS_TRANSPORT_STARTTLS: + case GETDNS_TRANSPORT_TLS: case GETDNS_TRANSPORT_TCP: upstream_schedule_netreq(netreq->upstream, netreq); diff --git a/src/test/Makefile.in b/src/test/Makefile.in index 3ccf6f34..0f6dd16f 100644 --- a/src/test/Makefile.in +++ b/src/test/Makefile.in @@ -58,7 +58,7 @@ CHECK_EVENT_PROG=@CHECK_EVENT_PROG@ CHECK_EV_PROG=@CHECK_EV_PROG@ CC=@CC@ -CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ +CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ -I/usr/local/opt/openssl/include LDFLAGS=-L.. @LDFLAGS@ LDLIBS=../libgetdns.la @LIBS@ CHECK_LIBS=@CHECK_LIBS@ diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c index 7fc569fa..8159a7d9 100644 --- a/src/test/getdns_query.c +++ b/src/test/getdns_query.c @@ -345,9 +345,6 @@ fill_transport_list(getdns_context *context, char *transport_list_str, case 'L': transports[i] = GETDNS_TRANSPORT_TLS; break; - case 'S': - transports[i] = GETDNS_TRANSPORT_STARTTLS; - break; default: fprintf(stderr, "Unrecognised transport '%c' in string %s\n", *(transport_list_str + i), transport_list_str); @@ -360,7 +357,7 @@ fill_transport_list(getdns_context *context, char *transport_list_str, void print_usage(FILE *out, const char *progname) { - fprintf(out, "usage: %s [@] [+extension] [] []\n", + fprintf(out, "usage: %s [@][~] [+extension] [] []\n", progname); fprintf(out, "options:\n"); fprintf(out, "\t-a\tPerform asynchronous resolution " @@ -394,11 +391,10 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t-O\tSet transport to TCP only keep connections open\n"); fprintf(out, "\t-L\tSet transport to TLS only keep connections open\n"); fprintf(out, "\t-E\tSet transport to TLS with TCP fallback only keep connections open\n"); - fprintf(out, "\t-R\tSet transport to STARTTLS with TCP fallback only keep connections open\n"); fprintf(out, "\t-u\tSet transport to UDP with TCP fallback\n"); fprintf(out, "\t-U\tSet transport to UDP only\n"); fprintf(out, "\t-l \tSet transport list. List can contain 1 of each of the characters\n"); - fprintf(out, "\t\t\t U T L S for UDP, TCP, TLS or STARTTLS e.g 'UT' or 'LST' \n"); + fprintf(out, "\t\t\t U T L S for UDP, TCP or TLS e.g 'UT' or 'LTU' \n"); } @@ -790,10 +786,6 @@ getdns_return_t parse_args(int argc, char **argv) getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); break; - case 'R': - getdns_context_set_dns_transport(context, - GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); - break; case 'u': getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP);