mirror of https://github.com/getdnsapi/getdns.git
Abstracting TLS; let's start with context only.
Change data types in context.h and fix up context.c. Do minimal fixups to stub.c.
This commit is contained in:
Jim Hague
parent
9b4e8e9e91
commit
d9fdd4c10d
273
src/Makefile.in
273
src/Makefile.in
|
|
@ -56,7 +56,7 @@ stubbysrcdir = $(srcdir)/../stubby
|
|||
LIBTOOL = ../libtool
|
||||
|
||||
CC=@CC@
|
||||
CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary -I$(stubbysrcdir)/src @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
|
||||
CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary -I$(srcdir)/openssl -I$(stubbysrcdir)/src @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
|
||||
WPEDANTICFLAG=@WPEDANTICFLAG@
|
||||
WNOERRORFLAG=@WNOERRORFLAG@
|
||||
LDFLAGS=@LDFLAGS@ @LIBS@
|
||||
|
|
@ -94,6 +94,7 @@ COMPAT_OBJ=$(LIBOBJS:.o=.lo)
|
|||
UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
|
||||
|
||||
JSMN_OBJ=jsmn.lo
|
||||
TLS_OBJ=tls.lo
|
||||
YXML_OBJ=yxml.lo
|
||||
|
||||
YAML_OBJ=convert_yaml_to_json.lo
|
||||
|
|
@ -133,6 +134,9 @@ $(UTIL_OBJ):
|
|||
$(JSMN_OBJ):
|
||||
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
|
||||
|
||||
$(TLS_OBJ):
|
||||
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/openssl/$(@:.lo=.c) -o $@
|
||||
|
||||
$(YAML_OBJ):
|
||||
$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(stubbysrcdir)/src/yaml/$(@:.lo=.c) -o $@
|
||||
|
||||
|
|
@ -194,8 +198,8 @@ libgetdns_ext_uv.la: libgetdns.la libuv.lo
|
|||
libgetdns_ext_ev.la: libgetdns.la libev.lo
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
|
||||
|
||||
libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS)
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
|
||||
libgetdns.la: $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(TLS_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS)
|
||||
$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo anchor.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(TLS_OBJ) $(YXML_OBJ) $(GETDNS_XTRA_OBJS) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
|
||||
|
||||
test: default
|
||||
cd test && $(MAKE) $@
|
||||
|
|
@ -271,13 +275,14 @@ Makefile: $(srcdir)/Makefile.in ../config.status
|
|||
depend:
|
||||
(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
|
||||
|
||||
(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iyxml -Iutil/auxiliary -I../stubby/src *.c gldns/*.c compat/*.c util/*.c jsmn/*.c yxml/*.c ssl_dane/danessl.c extension/*.c ../stubby/src/*.c | \
|
||||
(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iopenssl -Iyxml -Iutil/auxiliary -I../stubby/src *.c gldns/*.c compat/*.c util/*.c jsmn/*.c openssl/*.c yxml/*.c ssl_dane/danessl.c extension/*.c ../stubby/src/*.c | \
|
||||
sed -e "s? $$blddir/? ?g" \
|
||||
-e 's? gldns/? $$(srcdir)/gldns/?g' \
|
||||
-e 's? compat/? $$(srcdir)/compat/?g' \
|
||||
-e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
|
||||
-e 's? util/? $$(srcdir)/util/?g' \
|
||||
-e 's? jsmn/? $$(srcdir)/jsmn/?g' \
|
||||
-e 's? openssl/? $$(srcdir)/openssl/?g' \
|
||||
-e 's? yxml/? $$(srcdir)/yxml/?g' \
|
||||
-e 's? ssl_dane/? $$(srcdir)/ssl_dane/?g' \
|
||||
-e 's? extension/? $$(srcdir)/extension/?g' \
|
||||
|
|
@ -299,137 +304,104 @@ depend:
|
|||
FORCE:
|
||||
|
||||
# Dependencies for gldns, utils, the extensions and compat functions
|
||||
anchor.lo anchor.o: $(srcdir)/anchor.c \
|
||||
config.h \
|
||||
anchor.lo anchor.o: $(srcdir)/anchor.c config.h \
|
||||
$(srcdir)/debug.h $(srcdir)/anchor.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/types-internal.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/context.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/yxml/yxml.h \
|
||||
$(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/platform.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/openssl/tls.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/yxml/yxml.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/platform.h
|
||||
const-info.lo const-info.o: $(srcdir)/const-info.c \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/const-info.h
|
||||
context.lo context.o: $(srcdir)/context.c \
|
||||
config.h \
|
||||
$(srcdir)/anchor.h \
|
||||
getdns/getdns.h \
|
||||
context.lo context.o: $(srcdir)/context.c config.h \
|
||||
$(srcdir)/anchor.h getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/debug.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/dnssec.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h $(srcdir)/ssl_dane/danessl.h
|
||||
convert.lo convert.o: $(srcdir)/convert.c \
|
||||
config.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/openssl/tls.h $(srcdir)/util-internal.h \
|
||||
$(srcdir)/platform.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h \
|
||||
$(srcdir)/const-info.h
|
||||
convert.lo convert.o: $(srcdir)/convert.c config.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
|
||||
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
|
||||
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
|
||||
$(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
|
||||
dict.lo dict.o: $(srcdir)/dict.c \
|
||||
config.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
|
||||
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h \
|
||||
$(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h \
|
||||
$(srcdir)/const-info.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h $(srcdir)/debug.h
|
||||
dict.lo dict.o: $(srcdir)/dict.c config.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/parseutil.h
|
||||
dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
|
||||
config.h \
|
||||
$(srcdir)/debug.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h \
|
||||
$(srcdir)/gldns/wire2str.h $(srcdir)/gldns/parseutil.h
|
||||
dnssec.lo dnssec.o: $(srcdir)/dnssec.c config.h \
|
||||
$(srcdir)/debug.h getdns/getdns.h \
|
||||
$(srcdir)/context.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h \
|
||||
$(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
|
||||
$(srcdir)/util/orig-headers/val_secalgo.h
|
||||
general.lo general.o: $(srcdir)/general.c \
|
||||
config.h \
|
||||
$(srcdir)/general.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h \
|
||||
$(srcdir)/util/val_secalgo.h $(srcdir)/util/orig-headers/val_secalgo.h
|
||||
general.lo general.o: $(srcdir)/general.c config.h \
|
||||
$(srcdir)/general.h getdns/getdns.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
|
||||
$(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
|
||||
$(srcdir)/dict.h $(srcdir)/mdns.h $(srcdir)/platform.h
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h $(srcdir)/mdns.h $(srcdir)/debug.h
|
||||
list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
|
||||
config.h \
|
||||
$(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/list.h $(srcdir)/dict.h
|
||||
mdns.lo mdns.o: $(srcdir)/mdns.c \
|
||||
config.h \
|
||||
config.h $(srcdir)/context.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/list.h $(srcdir)/dict.h
|
||||
mdns.lo mdns.o: $(srcdir)/mdns.c config.h \
|
||||
$(srcdir)/debug.h $(srcdir)/context.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h $(srcdir)/util-internal.h \
|
||||
$(srcdir)/platform.h $(srcdir)/mdns.h $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
|
||||
$(srcdir)/util/orig-headers/lookup3.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/general.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/mdns.h
|
||||
platform.lo platform.o: $(srcdir)/platform.c $(srcdir)/platform.h \
|
||||
config.h
|
||||
pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
|
||||
config.h \
|
||||
$(srcdir)/debug.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/context.h \
|
||||
config.h $(srcdir)/debug.h \
|
||||
getdns/getdns.h $(srcdir)/context.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/util-internal.h
|
||||
request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
|
||||
config.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
config.h $(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/dict.h $(srcdir)/convert.h $(srcdir)/general.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/dict.h $(srcdir)/debug.h $(srcdir)/convert.h $(srcdir)/general.h
|
||||
rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
|
||||
config.h \
|
||||
getdns/getdns.h \
|
||||
|
|
@ -437,26 +409,20 @@ rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
|
|||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
|
||||
$(srcdir)/dict.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h \
|
||||
$(srcdir)/openssl/tls.h $(srcdir)/dict.h
|
||||
rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
|
||||
config.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
|
||||
server.lo server.o: $(srcdir)/server.c \
|
||||
config.h \
|
||||
server.lo server.o: $(srcdir)/server.c config.h \
|
||||
getdns/getdns_extra.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
getdns/getdns.h $(srcdir)/context.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/util-internal.h $(srcdir)/platform.h
|
||||
stub.lo stub.o: $(srcdir)/stub.c \
|
||||
config.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/platform.h
|
||||
stub.lo stub.o: $(srcdir)/stub.c config.h \
|
||||
$(srcdir)/debug.h $(srcdir)/stub.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
|
|
@ -464,61 +430,48 @@ stub.lo stub.o: $(srcdir)/stub.c \
|
|||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
|
||||
$(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
|
||||
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/anchor.h \
|
||||
$(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h $(srcdir)/ssl_dane/danessl.h
|
||||
sync.lo sync.o: $(srcdir)/sync.c \
|
||||
getdns/getdns.h \
|
||||
config.h \
|
||||
$(srcdir)/context.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/anchor.h \
|
||||
$(srcdir)/openssl/tls.h $(srcdir)/util-internal.h $(srcdir)/platform.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
|
||||
sync.lo sync.o: $(srcdir)/sync.c getdns/getdns.h \
|
||||
config.h $(srcdir)/context.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/dnssec.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/gldns/wire2str.h
|
||||
ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
|
||||
config.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
|
||||
config.h
|
||||
util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
|
||||
config.h \
|
||||
getdns/getdns.h \
|
||||
$(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
|
||||
$(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
|
||||
$(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
|
||||
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/gldns/str2wire.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
|
||||
getdns/getdns.h $(srcdir)/dict.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
|
||||
getdns/getdns_extra.h $(srcdir)/list.h \
|
||||
$(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
|
||||
$(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h \
|
||||
$(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
|
||||
gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/gbuffer.h
|
||||
config.h $(srcdir)/gldns/gbuffer.h
|
||||
keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
|
||||
config.h $(srcdir)/gldns/keyraw.h \
|
||||
$(srcdir)/gldns/rrdef.h
|
||||
parse.lo parse.o: $(srcdir)/gldns/parse.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
|
||||
config.h $(srcdir)/gldns/parse.h \
|
||||
$(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
|
||||
parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/parseutil.h
|
||||
config.h $(srcdir)/gldns/parseutil.h
|
||||
rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
|
||||
config.h $(srcdir)/gldns/rrdef.h \
|
||||
$(srcdir)/gldns/parseutil.h
|
||||
str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
|
||||
config.h $(srcdir)/gldns/str2wire.h \
|
||||
$(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/parse.h \
|
||||
$(srcdir)/gldns/parseutil.h
|
||||
wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
|
||||
config.h \
|
||||
$(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
|
||||
$(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
|
||||
config.h $(srcdir)/gldns/wire2str.h \
|
||||
$(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/parseutil.h \
|
||||
$(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
|
||||
arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
|
||||
config.h
|
||||
arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
|
||||
|
|
@ -547,8 +500,7 @@ strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
|
|||
config.h
|
||||
strptime.lo strptime.o: $(srcdir)/compat/strptime.c \
|
||||
config.h
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c \
|
||||
config.h \
|
||||
locks.lo locks.o: $(srcdir)/util/locks.c config.h \
|
||||
$(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
|
||||
lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
|
||||
config.h \
|
||||
|
|
@ -560,10 +512,10 @@ lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
|
|||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
|
||||
rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
|
||||
config.h \
|
||||
$(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
|
||||
$(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
|
||||
config.h $(srcdir)/util/auxiliary/log.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/fptr_wlist.h \
|
||||
$(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/rbtree.h \
|
||||
$(srcdir)/util/orig-headers/rbtree.h
|
||||
val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
|
||||
config.h \
|
||||
$(srcdir)/util/auxiliary/util/data/packed_rrset.h \
|
||||
|
|
@ -573,40 +525,37 @@ val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
|
|||
$(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
|
||||
$(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
|
||||
jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
|
||||
tls.lo tls.o: $(srcdir)/openssl/tls.c config.h \
|
||||
$(srcdir)/openssl/tls.h getdns/getdns.h
|
||||
yxml.lo yxml.o: $(srcdir)/yxml/yxml.c $(srcdir)/yxml/yxml.h
|
||||
danessl.lo danessl.o: $(srcdir)/ssl_dane/danessl.c $(srcdir)/ssl_dane/danessl.h
|
||||
libev.lo libev.o: $(srcdir)/extension/libev.c \
|
||||
config.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
config.h $(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
|
||||
libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
|
||||
config.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
config.h $(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
|
||||
libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
|
||||
config.h \
|
||||
$(srcdir)/debug.h $(srcdir)/types-internal.h \
|
||||
config.h $(srcdir)/debug.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
|
||||
poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
|
||||
config.h \
|
||||
$(srcdir)/util-internal.h $(srcdir)/context.h \
|
||||
getdns/getdns.h \
|
||||
config.h $(srcdir)/util-internal.h \
|
||||
$(srcdir)/context.h getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
|
||||
$(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
|
||||
$(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
|
||||
$(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/platform.h
|
||||
$(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
|
||||
$(srcdir)/gldns/pkthdr.h $(srcdir)/anchor.h $(srcdir)/openssl/tls.h $(srcdir)/platform.h $(srcdir)/debug.h
|
||||
select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
|
||||
config.h \
|
||||
$(srcdir)/debug.h $(srcdir)/types-internal.h \
|
||||
config.h $(srcdir)/debug.h \
|
||||
$(srcdir)/types-internal.h \
|
||||
getdns/getdns.h \
|
||||
getdns/getdns_extra.h \
|
||||
$(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/platform.h \
|
||||
|
|
|
|||
202
src/context.c
202
src/context.c
|
|
@ -47,20 +47,12 @@
|
|||
#include <iphlpapi.h>
|
||||
typedef unsigned short in_port_t;
|
||||
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/bio.h>
|
||||
|
||||
#include <stdio.h>
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
#include <shlobj.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
#include <sys/stat.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
|
|
@ -94,6 +86,7 @@ typedef unsigned short in_port_t;
|
|||
# include "ssl_dane/danessl.h"
|
||||
#endif
|
||||
#include "const-info.h"
|
||||
#include "tls.h"
|
||||
|
||||
#define GETDNS_PORT_ZERO 0
|
||||
#define GETDNS_PORT_DNS 53
|
||||
|
|
@ -182,98 +175,6 @@ _getdns_strdup2(const struct mem_funcs *mfs, const getdns_bindata *s)
|
|||
}
|
||||
}
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
/* For windows, the CA trust store is not read by openssl.
|
||||
Add code to open the trust store using wincrypt API and add
|
||||
the root certs into openssl trust store */
|
||||
static int
|
||||
add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
|
||||
{
|
||||
HCERTSTORE hSystemStore;
|
||||
PCCERT_CONTEXT pTargetCert = NULL;
|
||||
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Adding Windows certificates from system root store to CA store");
|
||||
|
||||
/* load just once per context lifetime for this version of getdns
|
||||
TODO: dynamically update CA trust changes as they are available */
|
||||
if (!tls_ctx)
|
||||
return 0;
|
||||
|
||||
/* Call wincrypt's CertOpenStore to open the CA root store. */
|
||||
|
||||
if ((hSystemStore = CertOpenStore(
|
||||
CERT_STORE_PROV_SYSTEM,
|
||||
0,
|
||||
0,
|
||||
/* NOTE: mingw does not have this const: replace with 1 << 16 from code
|
||||
CERT_SYSTEM_STORE_CURRENT_USER, */
|
||||
1 << 16,
|
||||
L"root")) == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
X509_STORE* store = SSL_CTX_get_cert_store(tls_ctx);
|
||||
if (!store)
|
||||
return 0;
|
||||
|
||||
/* failure if the CA store is empty or the call fails */
|
||||
if ((pTargetCert = CertEnumCertificatesInStore(
|
||||
hSystemStore, pTargetCert)) == 0) {
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"CA certificate store for Windows is empty.");
|
||||
return 0;
|
||||
}
|
||||
/* iterate over the windows cert store and add to openssl store */
|
||||
do
|
||||
{
|
||||
X509 *cert1 = d2i_X509(NULL,
|
||||
(const unsigned char **)&pTargetCert->pbCertEncoded,
|
||||
pTargetCert->cbCertEncoded);
|
||||
if (!cert1) {
|
||||
/* return error if a cert fails */
|
||||
DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Unable to parse certificate in memory",
|
||||
ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
/* return error if a cert add to store fails */
|
||||
if (X509_STORE_add_cert(store, cert1) == 0) {
|
||||
unsigned long error = ERR_peek_last_error();
|
||||
|
||||
/* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
|
||||
* certificate is already in the store. */
|
||||
if(ERR_GET_LIB(error) != ERR_LIB_X509 ||
|
||||
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
||||
DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Error adding certificate", ERR_get_error(),
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
X509_free(cert1);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
X509_free(cert1);
|
||||
}
|
||||
} while ((pTargetCert = CertEnumCertificatesInStore(
|
||||
hSystemStore, pTargetCert)) != 0);
|
||||
|
||||
/* Clean up memory and quit. */
|
||||
if (pTargetCert)
|
||||
CertFreeCertificateContext(pTargetCert);
|
||||
if (hSystemStore)
|
||||
{
|
||||
if (!CertCloseStore(
|
||||
hSystemStore, 0))
|
||||
return 0;
|
||||
}
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Completed adding Windows certificates to CA store successfully");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
static uint8_t*
|
||||
upstream_addr(getdns_upstream *upstream)
|
||||
{
|
||||
|
|
@ -755,17 +656,17 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
|
|||
}
|
||||
}
|
||||
if (upstream->tls_session != NULL)
|
||||
SSL_SESSION_free(upstream->tls_session);
|
||||
_getdns_tls_session_free(upstream->tls_session);
|
||||
|
||||
if (upstream->tls_obj != NULL) {
|
||||
SSL_shutdown(upstream->tls_obj);
|
||||
_getdns_tls_connection_shutdown(upstream->tls_obj);
|
||||
#ifdef USE_DANESSL
|
||||
# if defined(STUB_DEBUG) && STUB_DEBUG
|
||||
_stub_debug_print_openssl_errors();
|
||||
# endif
|
||||
DANESSL_cleanup(upstream->tls_obj);
|
||||
DANESSL_cleanup(upstream->tls_obj->ssl);
|
||||
#endif
|
||||
SSL_free(upstream->tls_obj);
|
||||
_getdns_tls_connection_free(upstream->tls_obj);
|
||||
}
|
||||
if (upstream->fd != -1)
|
||||
{
|
||||
|
|
@ -877,14 +778,14 @@ _getdns_upstream_reset(getdns_upstream *upstream)
|
|||
upstream->loop, &upstream->event);
|
||||
}
|
||||
if (upstream->tls_obj != NULL) {
|
||||
SSL_shutdown(upstream->tls_obj);
|
||||
_getdns_tls_connection_shutdown(upstream->tls_obj);
|
||||
#ifdef USE_DANESSL
|
||||
# if defined(STUB_DEBUG) && STUB_DEBUG
|
||||
_stub_debug_print_openssl_errors();
|
||||
# endif
|
||||
DANESSL_cleanup(upstream->tls_obj);
|
||||
DANESSL_cleanup(upstream->tls_obj->ssl);
|
||||
#endif
|
||||
SSL_free(upstream->tls_obj);
|
||||
_getdns_tls_connection_free(upstream->tls_obj);
|
||||
upstream->tls_obj = NULL;
|
||||
}
|
||||
if (upstream->fd != -1) {
|
||||
|
|
@ -1689,18 +1590,7 @@ getdns_context_create_with_extended_memory_functions(
|
|||
#endif
|
||||
/* Only initialise SSL once and ideally in a thread-safe manner */
|
||||
if (ssl_init == false) {
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_library_init();
|
||||
# ifdef USE_DANESSL
|
||||
(void) DANESSL_library_init();
|
||||
# endif
|
||||
#else
|
||||
OPENSSL_init_crypto( OPENSSL_INIT_ADD_ALL_CIPHERS
|
||||
| OPENSSL_INIT_ADD_ALL_DIGESTS
|
||||
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
|
||||
(void)OPENSSL_init_ssl(0, NULL);
|
||||
#endif
|
||||
_getdns_tls_init();
|
||||
ssl_init = true;
|
||||
}
|
||||
#ifdef HAVE_PTHREAD
|
||||
|
|
@ -1826,7 +1716,7 @@ getdns_context_destroy(struct getdns_context *context)
|
|||
GETDNS_FREE(context->my_mf, context->dns_transports);
|
||||
|
||||
if (context->tls_ctx)
|
||||
SSL_CTX_free(context->tls_ctx);
|
||||
_getdns_tls_context_free(context->tls_ctx);
|
||||
|
||||
getdns_list_destroy(context->dns_root_servers);
|
||||
|
||||
|
|
@ -3121,7 +3011,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context,
|
|||
(void) getdns_dict_get_bindata(
|
||||
dict, "tls_curves_list", &tls_curves_list);
|
||||
if (tls_curves_list) {
|
||||
#if defined(HAVE_DECL_SSL_SET1_CURVES_LIST) && HAVE_DECL_SSL_SET1_CURVES_LIST
|
||||
#if HAVE_TLS_CONN_CURVES_LIST
|
||||
upstream->tls_curves_list =
|
||||
_getdns_strdup2(&upstreams->mf
|
||||
, tls_curves_list);
|
||||
|
|
@ -3168,7 +3058,7 @@ invalid_parameter:
|
|||
error:
|
||||
_getdns_upstreams_dereference(upstreams);
|
||||
return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
|
||||
#if !defined(HAVE_DECL_SSL_SET1_CURVES_LIST) || !HAVE_DECL_SSL_SET1_CURVES_LIST
|
||||
#if !HAVE_TLS_CONN_CURVES_LIST
|
||||
not_implemented:
|
||||
_getdns_upstreams_dereference(upstreams);
|
||||
return GETDNS_RETURN_NOT_IMPLEMENTED;
|
||||
|
|
@ -3690,46 +3580,31 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
|
|||
|
||||
if (context->tls_ctx == NULL) {
|
||||
#ifdef HAVE_TLS_v1_2
|
||||
/* Create client context, use TLS v1.2 only for now */
|
||||
# ifdef HAVE_TLS_CLIENT_METHOD
|
||||
context->tls_ctx = SSL_CTX_new(TLS_client_method());
|
||||
# else
|
||||
context->tls_ctx = SSL_CTX_new(TLSv1_2_client_method());
|
||||
# endif
|
||||
if(context->tls_ctx == NULL)
|
||||
context->tls_ctx = _getdns_tls_context_new();
|
||||
if (context->tls_ctx == NULL)
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
|
||||
# ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
|
||||
if (!SSL_CTX_set_min_proto_version(
|
||||
context->tls_ctx, TLS1_2_VERSION)) {
|
||||
SSL_CTX_free(context->tls_ctx);
|
||||
r = _getdns_tls_context_set_min_proto_1_2(context->tls_ctx);
|
||||
if (r && r != GETDNS_RETURN_NOT_IMPLEMENTED) {
|
||||
_getdns_tls_context_free(context->tls_ctx);
|
||||
context->tls_ctx = NULL;
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
}
|
||||
# endif
|
||||
/* Be strict and only use the cipher suites recommended in RFC7525
|
||||
Unless we later fallback to opportunistic. */
|
||||
if (!SSL_CTX_set_cipher_list(context->tls_ctx,
|
||||
if (_getdns_tls_context_set_cipher_list(context->tls_ctx,
|
||||
context->tls_cipher_list ? context->tls_cipher_list
|
||||
: _getdns_default_tls_cipher_list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
|
||||
# if defined(HAVE_DECL_SSL_CTX_SET1_CURVES_LIST) && HAVE_DECL_SSL_CTX_SET1_CURVES_LIST
|
||||
if (context->tls_curves_list &&
|
||||
!SSL_CTX_set1_curves_list(context->tls_ctx, context->tls_curves_list))
|
||||
_getdns_tls_context_set_curves_list(context->tls_ctx, context->tls_curves_list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
# endif
|
||||
|
||||
|
||||
/* For strict authentication, we must have local root certs available
|
||||
Set up is done only when the tls_ctx is created (per getdns_context)*/
|
||||
if ((context->tls_ca_file || context->tls_ca_path) &&
|
||||
SSL_CTX_load_verify_locations(context->tls_ctx
|
||||
, context->tls_ca_file, context->tls_ca_path))
|
||||
; /* pass */
|
||||
# ifndef USE_WINSOCK
|
||||
else if (!SSL_CTX_set_default_verify_paths(context->tls_ctx)) {
|
||||
# else
|
||||
else if (!add_WIN_cacerts_to_openssl_store(context->tls_ctx)) {
|
||||
# endif /* USE_WINSOCK */
|
||||
if (!_getdns_tls_context_set_ca(context->tls_ctx, context->tls_ca_file, context->tls_ca_path)) {
|
||||
if (context->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED)
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
}
|
||||
|
|
@ -3739,7 +3614,7 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
|
|||
# else
|
||||
(void)
|
||||
# endif
|
||||
SSL_CTX_dane_enable(context->tls_ctx);
|
||||
SSL_CTX_dane_enable(context->tls_ctx->ssl);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: SSL_CTX_dane_enable() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
# elif defined(USE_DANESSL)
|
||||
|
|
@ -3748,7 +3623,7 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
|
|||
# else
|
||||
(void)
|
||||
# endif
|
||||
DANESSL_CTX_init(context->tls_ctx);
|
||||
DANESSL_CTX_init(context->tls_ctx->ssl);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: DANESSL_CTX_init() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
# endif
|
||||
|
|
@ -4159,32 +4034,7 @@ getdns_context_get_api_information(getdns_context* context)
|
|||
&& ! getdns_dict_util_set_string(
|
||||
result, "default_hosts_location", GETDNS_FN_HOSTS)
|
||||
|
||||
&& ! getdns_dict_set_int(
|
||||
result, "openssl_build_version_number", OPENSSL_VERSION_NUMBER)
|
||||
|
||||
#ifdef HAVE_OPENSSL_VERSION_NUM
|
||||
&& ! getdns_dict_set_int(
|
||||
result, "openssl_version_number", OpenSSL_version_num())
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_VERSION
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_version_string", OpenSSL_version(OPENSSL_VERSION))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_cflags", OpenSSL_version(OPENSSL_CFLAGS))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_built_on", OpenSSL_version(OPENSSL_BUILT_ON))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_platform", OpenSSL_version(OPENSSL_PLATFORM))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_dir", OpenSSL_version(OPENSSL_DIR))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
result, "openssl_engines_dir", OpenSSL_version(OPENSSL_ENGINES_DIR))
|
||||
#endif
|
||||
&& ! _getdns_tls_get_api_information(result)
|
||||
|
||||
&& ! getdns_dict_set_int(
|
||||
result, "resolution_type", context->resolution_type)
|
||||
|
|
@ -5497,7 +5347,7 @@ getdns_context_set_tls_curves_list(
|
|||
{
|
||||
if (!context)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
#if defined(HAVE_DECL_SSL_CTX_SET1_CURVES_LIST) && HAVE_DECL_SSL_CTX_SET1_CURVES_LIST
|
||||
#if HAVE_TLS_CTX_CURVES_LIST
|
||||
if (context->tls_curves_list)
|
||||
GETDNS_FREE(context->mf, context->tls_curves_list);
|
||||
context->tls_curves_list = tls_curves_list
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@
|
|||
#endif
|
||||
#include "rr-iter.h"
|
||||
#include "anchor.h"
|
||||
#include "tls.h"
|
||||
|
||||
struct getdns_dns_req;
|
||||
struct ub_ctx;
|
||||
|
|
@ -201,8 +202,8 @@ typedef struct getdns_upstream {
|
|||
_getdns_rbtree_t netreq_by_query_id;
|
||||
|
||||
/* TLS specific connection handling*/
|
||||
SSL* tls_obj;
|
||||
SSL_SESSION* tls_session;
|
||||
_getdns_tls_connection* tls_obj;
|
||||
_getdns_tls_session* tls_session;
|
||||
getdns_tls_hs_state_t tls_hs_state;
|
||||
getdns_auth_state_t tls_auth_state;
|
||||
unsigned tls_fallback_ok : 1;
|
||||
|
|
@ -371,7 +372,7 @@ struct getdns_context {
|
|||
int edns_maximum_udp_payload_size; /* -1 is unset */
|
||||
uint8_t edns_client_subnet_private;
|
||||
uint16_t tls_query_padding_blocksize;
|
||||
SSL_CTX* tls_ctx;
|
||||
_getdns_tls_context* tls_ctx;
|
||||
|
||||
getdns_update_callback update_callback;
|
||||
getdns_update_callback2 update_callback2;
|
||||
|
|
|
|||
|
|
@ -0,0 +1,375 @@
|
|||
/**
|
||||
*
|
||||
* \file tls.c
|
||||
* @brief getdns TLS functions
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (c) 2018, NLnet Labs
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the names of the copyright holders nor the
|
||||
* names of its contributors may be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
#include <openssl/opensslv.h>
|
||||
#include <openssl/crypto.h>
|
||||
|
||||
#include "tls.h"
|
||||
|
||||
#ifdef USE_DANESSL
|
||||
# include "ssl_dane/danessl.h"
|
||||
#endif
|
||||
|
||||
#ifdef USE_WINSOCK
|
||||
/* For windows, the CA trust store is not read by openssl.
|
||||
Add code to open the trust store using wincrypt API and add
|
||||
the root certs into openssl trust store */
|
||||
static int
|
||||
add_WIN_cacerts_to_openssl_store(SSL_CTX* tls_ctx)
|
||||
{
|
||||
HCERTSTORE hSystemStore;
|
||||
PCCERT_CONTEXT pTargetCert = NULL;
|
||||
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Adding Windows certificates from system root store to CA store");
|
||||
|
||||
/* load just once per context lifetime for this version of getdns
|
||||
TODO: dynamically update CA trust changes as they are available */
|
||||
if (!tls_ctx)
|
||||
return 0;
|
||||
|
||||
/* Call wincrypt's CertOpenStore to open the CA root store. */
|
||||
|
||||
if ((hSystemStore = CertOpenStore(
|
||||
CERT_STORE_PROV_SYSTEM,
|
||||
0,
|
||||
0,
|
||||
/* NOTE: mingw does not have this const: replace with 1 << 16 from code
|
||||
CERT_SYSTEM_STORE_CURRENT_USER, */
|
||||
1 << 16,
|
||||
L"root")) == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
X509_STORE* store = SSL_CTX_get_cert_store(tls_ctx);
|
||||
if (!store)
|
||||
return 0;
|
||||
|
||||
/* failure if the CA store is empty or the call fails */
|
||||
if ((pTargetCert = CertEnumCertificatesInStore(
|
||||
hSystemStore, pTargetCert)) == 0) {
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"CA certificate store for Windows is empty.");
|
||||
return 0;
|
||||
}
|
||||
/* iterate over the windows cert store and add to openssl store */
|
||||
do
|
||||
{
|
||||
X509 *cert1 = d2i_X509(NULL,
|
||||
(const unsigned char **)&pTargetCert->pbCertEncoded,
|
||||
pTargetCert->cbCertEncoded);
|
||||
if (!cert1) {
|
||||
/* return error if a cert fails */
|
||||
DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Unable to parse certificate in memory",
|
||||
ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
/* return error if a cert add to store fails */
|
||||
if (X509_STORE_add_cert(store, cert1) == 0) {
|
||||
unsigned long error = ERR_peek_last_error();
|
||||
|
||||
/* Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE which means the
|
||||
* certificate is already in the store. */
|
||||
if(ERR_GET_LIB(error) != ERR_LIB_X509 ||
|
||||
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
|
||||
DEBUG_STUB("%s %-35s: %s %d:%s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Error adding certificate", ERR_get_error(),
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
X509_free(cert1);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
X509_free(cert1);
|
||||
}
|
||||
} while ((pTargetCert = CertEnumCertificatesInStore(
|
||||
hSystemStore, pTargetCert)) != 0);
|
||||
|
||||
/* Clean up memory and quit. */
|
||||
if (pTargetCert)
|
||||
CertFreeCertificateContext(pTargetCert);
|
||||
if (hSystemStore)
|
||||
{
|
||||
if (!CertCloseStore(
|
||||
hSystemStore, 0))
|
||||
return 0;
|
||||
}
|
||||
DEBUG_STUB("%s %-35s: %s\n", STUB_DEBUG_SETUP_TLS, __FUNC__,
|
||||
"Completed adding Windows certificates to CA store successfully");
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
void _getdns_tls_init()
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_library_init();
|
||||
|
||||
# ifdef USE_DANESSL
|
||||
(void) DANESSL_library_init();
|
||||
# endif
|
||||
#else
|
||||
OPENSSL_init_crypto( OPENSSL_INIT_ADD_ALL_CIPHERS
|
||||
| OPENSSL_INIT_ADD_ALL_DIGESTS
|
||||
| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
|
||||
(void)OPENSSL_init_ssl(0, NULL);
|
||||
#endif
|
||||
}
|
||||
|
||||
_getdns_tls_context* _getdns_tls_context_new()
|
||||
{
|
||||
_getdns_tls_context* res;
|
||||
|
||||
if (!(res = malloc(sizeof(struct _getdns_tls_context))))
|
||||
return NULL;
|
||||
|
||||
/* Create client context, use TLS v1.2 only for now */
|
||||
# ifdef HAVE_TLS_CLIENT_METHOD
|
||||
res->ssl = SSL_CTX_new(TLS_client_method());
|
||||
# else
|
||||
res->ssl = SSL_CTX_new(TLSv1_2_client_method());
|
||||
# endif
|
||||
if(res->ssl == NULL) {
|
||||
free(res);
|
||||
return NULL;
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_context_free(_getdns_tls_context* ctx)
|
||||
{
|
||||
if (!ctx || !ctx->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
SSL_CTX_free(ctx->ssl);
|
||||
free(ctx);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx)
|
||||
{
|
||||
#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
|
||||
if (!ctx || !ctx->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (!SSL_CTX_set_min_proto_version(ctx->ssl, TLS1_2_VERSION))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
#else
|
||||
(void) ctx;
|
||||
return GETDNS_RETURN_NOT_IMPLEMENTED;
|
||||
#endif
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, const char* list)
|
||||
{
|
||||
if (!ctx || !ctx->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (!SSL_CTX_set_cipher_list(ctx->ssl, list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list)
|
||||
{
|
||||
if (!ctx || !ctx->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
#if HAVE_TLS_CTX_CURVES_LIST
|
||||
if (list &&
|
||||
!SSL_CTX_set1_curves_list(ctx->ssl, list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
#else
|
||||
(void) list;
|
||||
#endif
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_context_set_ca(_getdns_tls_context* ctx, const char* file, const char* path)
|
||||
{
|
||||
if (!ctx || !ctx->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if ((file || path) &&
|
||||
SSL_CTX_load_verify_locations(ctx->ssl, file, path))
|
||||
return GETDNS_RETURN_GOOD; /* pass */
|
||||
#ifndef USE_WINSOCK
|
||||
else if (SSL_CTX_set_default_verify_paths(ctx->ssl))
|
||||
return GETDNS_RETURN_GOOD;
|
||||
#else
|
||||
else if (add_WIN_cacerts_to_openssl_store(ctx->ssl))
|
||||
return GETDNS_RETURN_GOOD;
|
||||
#endif /* USE_WINSOCK */
|
||||
return GETDNS_RETURN_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
_getdns_tls_connection* _getdns_tls_connection_new(_getdns_tls_context* ctx, int fd)
|
||||
{
|
||||
_getdns_tls_connection* res;
|
||||
|
||||
if (!ctx || !ctx->ssl)
|
||||
return NULL;
|
||||
|
||||
if (!(res = malloc(sizeof(struct _getdns_tls_connection))))
|
||||
return NULL;
|
||||
|
||||
res->ssl = SSL_new(ctx->ssl);
|
||||
if (!res->ssl) {
|
||||
free(res);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!SSL_set_fd(res->ssl, fd)) {
|
||||
SSL_free(res->ssl);
|
||||
free(res);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_free(_getdns_tls_connection* conn)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
SSL_free(conn->ssl);
|
||||
free(conn);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
|
||||
switch(SSL_shutdown(conn->ssl))
|
||||
{
|
||||
case 0: return GETDNS_RETURN_CONTEXT_UPDATE_FAIL;
|
||||
case 1: return GETDNS_RETURN_GOOD;
|
||||
default: return GETDNS_RETURN_GENERIC_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
if (!SSL_set_cipher_list(conn->ssl, list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
#if HAVE_TLS_CONN_CURVES_LIST
|
||||
if (list &&
|
||||
!SSL_set1_curves_list(conn->ssl, list))
|
||||
return GETDNS_RETURN_BAD_CONTEXT;
|
||||
#else
|
||||
(void) list;
|
||||
#endif
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
_getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn)
|
||||
{
|
||||
_getdns_tls_session* res;
|
||||
|
||||
if (!conn || !conn->ssl)
|
||||
return NULL;
|
||||
|
||||
if (!(res = malloc(sizeof(struct _getdns_tls_session))))
|
||||
return NULL;
|
||||
|
||||
res->ssl = SSL_get1_session(conn->ssl);
|
||||
if (!res->ssl) {
|
||||
free(res);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_session_free(_getdns_tls_session* s)
|
||||
{
|
||||
if (!s || !s->ssl)
|
||||
return GETDNS_RETURN_INVALID_PARAMETER;
|
||||
SSL_SESSION_free(s->ssl);
|
||||
free(s);
|
||||
return GETDNS_RETURN_GOOD;
|
||||
}
|
||||
|
||||
|
||||
|
||||
getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict)
|
||||
{
|
||||
if (! getdns_dict_set_int(
|
||||
dict, "openssl_build_version_number", OPENSSL_VERSION_NUMBER)
|
||||
|
||||
#ifdef HAVE_OPENSSL_VERSION_NUM
|
||||
&& ! getdns_dict_set_int(
|
||||
dict, "openssl_version_number", OpenSSL_version_num())
|
||||
#endif
|
||||
#ifdef HAVE_OPENSSL_VERSION
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_version_string", OpenSSL_version(OPENSSL_VERSION))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_cflags", OpenSSL_version(OPENSSL_CFLAGS))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_built_on", OpenSSL_version(OPENSSL_BUILT_ON))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_platform", OpenSSL_version(OPENSSL_PLATFORM))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_dir", OpenSSL_version(OPENSSL_DIR))
|
||||
|
||||
&& ! getdns_dict_util_set_string(
|
||||
dict, "openssl_engines_dir", OpenSSL_version(OPENSSL_ENGINES_DIR))
|
||||
#endif
|
||||
)
|
||||
return GETDNS_RETURN_GOOD;
|
||||
return GETDNS_RETURN_GENERIC_ERROR;
|
||||
}
|
||||
|
||||
/* tls.c */
|
||||
|
|
@ -0,0 +1,84 @@
|
|||
/**
|
||||
*
|
||||
* \file tls.h
|
||||
* @brief getdns TLS functions
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (c) 2018, NLnet Labs
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* * Neither the names of the copyright holders nor the
|
||||
* names of its contributors may be used to endorse or promote products
|
||||
* derived from this software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#ifndef _GETDNS_TLS_H
|
||||
#define _GETDNS_TLS_H
|
||||
|
||||
#include "getdns/getdns.h"
|
||||
|
||||
#ifndef HAVE_DECL_SSL_CTX_SET1_CURVES_LIST
|
||||
#define HAVE_TLS_CTX_CURVES_LIST 0
|
||||
#else
|
||||
#define HAVE_TLS_CTX_CURVES_LIST (HAVE_DECL_SSL_CTX_SET1_CURVES_LIST)
|
||||
#endif
|
||||
#ifndef HAVE_DECL_SSL_SET1_CURVES_LIST
|
||||
#define HAVE_TLS_CONN_CURVES_LIST 0
|
||||
#else
|
||||
#define HAVE_TLS_CONN_CURVES_LIST (HAVE_DECL_SSL_SET1_CURVES_LIST)
|
||||
#endif
|
||||
|
||||
typedef struct _getdns_tls_context {
|
||||
SSL_CTX* ssl;
|
||||
} _getdns_tls_context;
|
||||
|
||||
typedef struct _getdns_tls_connection {
|
||||
SSL* ssl;
|
||||
} _getdns_tls_connection;
|
||||
|
||||
typedef struct _getdns_tls_session {
|
||||
SSL_SESSION* ssl;
|
||||
} _getdns_tls_session;
|
||||
|
||||
void _getdns_tls_init();
|
||||
|
||||
_getdns_tls_context* _getdns_tls_context_new();
|
||||
getdns_return_t _getdns_tls_context_free(_getdns_tls_context* ctx);
|
||||
|
||||
getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx);
|
||||
getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, const char* list);
|
||||
getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list);
|
||||
getdns_return_t _getdns_tls_context_set_ca(_getdns_tls_context* ctx, const char* file, const char* path);
|
||||
|
||||
_getdns_tls_connection* _getdns_tls_connection_new(_getdns_tls_context* ctx, int fd);
|
||||
getdns_return_t _getdns_tls_connection_free(_getdns_tls_connection* ctx);
|
||||
getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn);
|
||||
|
||||
getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list);
|
||||
getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list);
|
||||
_getdns_tls_session* _getdns_tls_connection_get_session(_getdns_tls_connection* conn);
|
||||
|
||||
getdns_return_t _getdns_tls_session_free(_getdns_tls_session* ctx);
|
||||
|
||||
getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict);
|
||||
|
||||
#endif /* _GETDNS_TLS_H */
|
||||
83
src/stub.c
83
src/stub.c
|
|
@ -915,28 +915,23 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
|||
|
||||
#endif /* #else defined(HAVE_SSL_DANE_ENABLE) || defined(USE_DANESSL) */
|
||||
|
||||
static SSL*
|
||||
static _getdns_tls_connection*
|
||||
tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
||||
{
|
||||
/* Create SSL instance */
|
||||
/* Create SSL instance and connect with a file descriptor */
|
||||
getdns_context *context = dnsreq->context;
|
||||
if (context->tls_ctx == NULL)
|
||||
return NULL;
|
||||
SSL* ssl = SSL_new(context->tls_ctx);
|
||||
if(!ssl)
|
||||
_getdns_tls_connection* tls = _getdns_tls_connection_new(context->tls_ctx, fd);
|
||||
if(!tls)
|
||||
return NULL;
|
||||
/* Connect the SSL object with a file descriptor */
|
||||
if(!SSL_set_fd(ssl,fd)) {
|
||||
SSL_free(ssl);
|
||||
return NULL;
|
||||
}
|
||||
#if defined(HAVE_DECL_SSL_SET1_CURVES_LIST) && HAVE_DECL_SSL_SET1_CURVES_LIST
|
||||
if (upstream->tls_curves_list)
|
||||
(void) SSL_set1_curves_list(ssl, upstream->tls_curves_list);
|
||||
_getdns_tls_connection_set_curves_list(tls, upstream->tls_curves_list);
|
||||
#endif
|
||||
/* make sure we'll be able to find the context again when we need it */
|
||||
if (_getdns_associate_upstream_with_SSL(ssl, upstream) != GETDNS_RETURN_GOOD) {
|
||||
SSL_free(ssl);
|
||||
if (_getdns_associate_upstream_with_SSL(tls->ssl, upstream) != GETDNS_RETURN_GOOD) {
|
||||
_getdns_tls_connection_free(tls);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
@ -950,14 +945,14 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
/*Request certificate for the auth_name*/
|
||||
DEBUG_STUB("%s %-35s: Hostname verification requested for: %s\n",
|
||||
STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->tls_auth_name);
|
||||
SSL_set_tlsext_host_name(ssl, upstream->tls_auth_name);
|
||||
SSL_set_tlsext_host_name(tls->ssl, upstream->tls_auth_name);
|
||||
#if defined(HAVE_SSL_HN_AUTH)
|
||||
/* Set up native OpenSSL hostname verification
|
||||
* ( doesn't work with USE_DANESSL, but we verify the
|
||||
* name afterwards in such cases )
|
||||
*/
|
||||
X509_VERIFY_PARAM *param;
|
||||
param = SSL_get0_param(ssl);
|
||||
param = SSL_get0_param(tls->ssl);
|
||||
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
|
||||
X509_VERIFY_PARAM_set1_host(param, upstream->tls_auth_name, 0);
|
||||
#elif !defined(HAVE_X509_CHECK_HOST)
|
||||
|
|
@ -968,7 +963,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
"%-40s : ERROR: Hostname Authentication not available from TLS library (check library version)\n",
|
||||
upstream->addr_str);
|
||||
upstream->tls_hs_state = GETDNS_HS_FAILED;
|
||||
SSL_free(ssl);
|
||||
_getdns_tls_connection_free(tls);
|
||||
upstream->tls_auth_state = GETDNS_AUTH_FAILED;
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -990,7 +985,7 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
"%-40s : Verify fail: *CONFIG ERROR* - No auth name or pinset provided for this upstream for Strict TLS authentication\n",
|
||||
upstream->addr_str);
|
||||
upstream->tls_hs_state = GETDNS_HS_FAILED;
|
||||
SSL_free(ssl);
|
||||
_getdns_tls_connection_free(tls);
|
||||
upstream->tls_auth_state = GETDNS_AUTH_FAILED;
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -1002,12 +997,12 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
}
|
||||
}
|
||||
if (upstream->tls_fallback_ok) {
|
||||
SSL_set_cipher_list(ssl, "DEFAULT");
|
||||
_getdns_tls_connection_set_cipher_list(tls, "DEFAULT");
|
||||
DEBUG_STUB("%s %-35s: WARNING: Using Oppotunistic TLS (fallback allowed)!\n",
|
||||
STUB_DEBUG_SETUP_TLS, __FUNC__);
|
||||
} else {
|
||||
if (upstream->tls_cipher_list)
|
||||
SSL_set_cipher_list(ssl, upstream->tls_cipher_list);
|
||||
_getdns_tls_connection_set_cipher_list(tls, upstream->tls_cipher_list);
|
||||
DEBUG_STUB("%s %-35s: Using Strict TLS \n", STUB_DEBUG_SETUP_TLS,
|
||||
__FUNC__);
|
||||
}
|
||||
|
|
@ -1018,20 +1013,20 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
# else
|
||||
(void)
|
||||
# endif
|
||||
SSL_dane_enable(ssl, *upstream->tls_auth_name ? upstream->tls_auth_name : NULL);
|
||||
SSL_dane_enable(tls->ssl, *upstream->tls_auth_name ? upstream->tls_auth_name : NULL);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: SSL_dane_enable(\"%s\") -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->tls_auth_name, osr);
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
sha256_pin_t *pin_p;
|
||||
size_t n_pins = 0;
|
||||
for (pin_p = upstream->tls_pubkey_pinset; pin_p; pin_p = pin_p->next) {
|
||||
osr = SSL_dane_tlsa_add(ssl, 2, 1, 1,
|
||||
osr = SSL_dane_tlsa_add(tls->ssl, 2, 1, 1,
|
||||
(unsigned char *)pin_p->pin, SHA256_DIGEST_LENGTH);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: SSL_dane_tlsa_add() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
if (osr > 0)
|
||||
++n_pins;
|
||||
osr = SSL_dane_tlsa_add(ssl, 3, 1, 1,
|
||||
osr = SSL_dane_tlsa_add(tls->ssl, 3, 1, 1,
|
||||
(unsigned char *)pin_p->pin, SHA256_DIGEST_LENGTH);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: SSL_dane_tlsa_add() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
|
|
@ -1047,23 +1042,23 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
# else
|
||||
(void)
|
||||
# endif
|
||||
DANESSL_init(ssl,
|
||||
DANESSL_init(tls->ssl,
|
||||
*upstream->tls_auth_name ? upstream->tls_auth_name : NULL,
|
||||
*upstream->tls_auth_name ? auth_names : NULL
|
||||
);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: DANESSL_init(\"%s\") -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, upstream->tls_auth_name, osr);
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
sha256_pin_t *pin_p;
|
||||
size_t n_pins = 0;
|
||||
for (pin_p = upstream->tls_pubkey_pinset; pin_p; pin_p = pin_p->next) {
|
||||
osr = DANESSL_add_tlsa(ssl, 3, 1, "sha256",
|
||||
osr = DANESSL_add_tlsa(tls->ssl, 3, 1, "sha256",
|
||||
(unsigned char *)pin_p->pin, SHA256_DIGEST_LENGTH);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: DANESSL_add_tlsa() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
if (osr > 0)
|
||||
++n_pins;
|
||||
osr = DANESSL_add_tlsa(ssl, 2, 1, "sha256",
|
||||
osr = DANESSL_add_tlsa(tls->ssl, 2, 1, "sha256",
|
||||
(unsigned char *)pin_p->pin, SHA256_DIGEST_LENGTH);
|
||||
DEBUG_STUB("%s %-35s: DEBUG: DANESSL_add_tlsa() -> %d\n"
|
||||
, STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
|
||||
|
|
@ -1071,14 +1066,14 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
++n_pins;
|
||||
}
|
||||
} else {
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, _getdns_tls_verify_always_ok);
|
||||
}
|
||||
#else
|
||||
SSL_set_verify(ssl, SSL_VERIFY_PEER, tls_verify_callback);
|
||||
SSL_set_verify(tls->ssl, SSL_VERIFY_PEER, tls_verify_callback);
|
||||
#endif
|
||||
|
||||
SSL_set_connect_state(ssl);
|
||||
(void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
|
||||
SSL_set_connect_state(tls->ssl);
|
||||
(void) SSL_set_mode(tls->ssl, SSL_MODE_AUTO_RETRY);
|
||||
|
||||
/* Session resumption. There are trade-offs here. Want to do it when
|
||||
possible only if we have the right type of connection. Note a change
|
||||
|
|
@ -1087,12 +1082,12 @@ tls_create_object(getdns_dns_req *dnsreq, int fd, getdns_upstream *upstream)
|
|||
if ((upstream->tls_fallback_ok == 0 &&
|
||||
upstream->last_tls_auth_state == GETDNS_AUTH_OK) ||
|
||||
upstream->tls_fallback_ok == 1) {
|
||||
SSL_set_session(ssl, upstream->tls_session);
|
||||
SSL_set_session(tls->ssl, upstream->tls_session->ssl);
|
||||
DEBUG_STUB("%s %-35s: Attempting session re-use\n", STUB_DEBUG_SETUP_TLS,
|
||||
__FUNC__);
|
||||
}
|
||||
}
|
||||
return ssl;
|
||||
return tls;
|
||||
}
|
||||
|
||||
static int
|
||||
|
|
@ -1103,9 +1098,9 @@ tls_do_handshake(getdns_upstream *upstream)
|
|||
int r;
|
||||
int want;
|
||||
ERR_clear_error();
|
||||
while ((r = SSL_do_handshake(upstream->tls_obj)) != 1)
|
||||
while ((r = SSL_do_handshake(upstream->tls_obj->ssl)) != 1)
|
||||
{
|
||||
want = SSL_get_error(upstream->tls_obj, r);
|
||||
want = SSL_get_error(upstream->tls_obj->ssl, r);
|
||||
switch (want) {
|
||||
case SSL_ERROR_WANT_READ:
|
||||
GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
|
||||
|
|
@ -1131,12 +1126,12 @@ tls_do_handshake(getdns_upstream *upstream)
|
|||
}
|
||||
}
|
||||
/* A re-used session is not verified so need to fix up state in that case */
|
||||
if (SSL_session_reused(upstream->tls_obj))
|
||||
if (SSL_session_reused(upstream->tls_obj->ssl))
|
||||
upstream->tls_auth_state = upstream->last_tls_auth_state;
|
||||
|
||||
else if (upstream->tls_pubkey_pinset || upstream->tls_auth_name[0]) {
|
||||
X509 *peer_cert = SSL_get_peer_certificate(upstream->tls_obj);
|
||||
long verify_result = SSL_get_verify_result(upstream->tls_obj);
|
||||
X509 *peer_cert = SSL_get_peer_certificate(upstream->tls_obj->ssl);
|
||||
long verify_result = SSL_get_verify_result(upstream->tls_obj->ssl);
|
||||
|
||||
/* In case of DANESSL use, and a tls_auth_name was given alongside a pinset,
|
||||
* we need to verify auth_name explicitely (otherwise it will not be checked,
|
||||
|
|
@ -1187,7 +1182,7 @@ tls_do_handshake(getdns_upstream *upstream)
|
|||
else if (verify_result == X509_V_ERR_CERT_UNTRUSTED
|
||||
&& upstream->tls_pubkey_pinset
|
||||
&& !DANESSL_get_match_cert(
|
||||
upstream->tls_obj, NULL, NULL, NULL))
|
||||
upstream->tls_obj->ssl, NULL, NULL, NULL))
|
||||
_getdns_upstream_log(upstream,
|
||||
GETDNS_LOG_UPSTREAM_STATS,
|
||||
( upstream->tls_fallback_ok
|
||||
|
|
@ -1245,8 +1240,8 @@ tls_do_handshake(getdns_upstream *upstream)
|
|||
upstream->conn_state = GETDNS_CONN_OPEN;
|
||||
upstream->conn_completed++;
|
||||
if (upstream->tls_session != NULL)
|
||||
SSL_SESSION_free(upstream->tls_session);
|
||||
upstream->tls_session = SSL_get1_session(upstream->tls_obj);
|
||||
_getdns_tls_session_free(upstream->tls_session);
|
||||
upstream->tls_session = _getdns_tls_connection_get_session(upstream->tls_obj);
|
||||
/* Reset timeout on success*/
|
||||
GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event);
|
||||
upstream->event.read_cb = NULL;
|
||||
|
|
@ -1287,7 +1282,7 @@ stub_tls_read(getdns_upstream *upstream, getdns_tcp_state *tcp,
|
|||
ssize_t read;
|
||||
uint8_t *buf;
|
||||
size_t buf_size;
|
||||
SSL* tls_obj = upstream->tls_obj;
|
||||
SSL* tls_obj = upstream->tls_obj->ssl;
|
||||
|
||||
int q = tls_connected(upstream);
|
||||
if (q != 0)
|
||||
|
|
@ -1370,7 +1365,7 @@ stub_tls_write(getdns_upstream *upstream, getdns_tcp_state *tcp,
|
|||
ssize_t written;
|
||||
uint16_t query_id;
|
||||
intptr_t query_id_intptr;
|
||||
SSL* tls_obj = upstream->tls_obj;
|
||||
SSL* tls_obj = upstream->tls_obj->ssl;
|
||||
uint16_t padding_sz;
|
||||
|
||||
int q = tls_connected(upstream);
|
||||
|
|
@ -1875,12 +1870,12 @@ upstream_write_cb(void *userarg)
|
|||
if (netreq->owner->return_call_reporting &&
|
||||
netreq->upstream->tls_obj) {
|
||||
if (netreq->debug_tls_peer_cert.data == NULL &&
|
||||
(cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
|
||||
(cert = SSL_get_peer_certificate(netreq->upstream->tls_obj->ssl))) {
|
||||
netreq->debug_tls_peer_cert.size = i2d_X509(
|
||||
cert, &netreq->debug_tls_peer_cert.data);
|
||||
X509_free(cert);
|
||||
}
|
||||
netreq->debug_tls_version = SSL_get_version(netreq->upstream->tls_obj);
|
||||
netreq->debug_tls_version = SSL_get_version(netreq->upstream->tls_obj->ssl);
|
||||
}
|
||||
/* Need this because auth status is reset on connection close */
|
||||
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
|
||||
|
|
|
|||
Loading…
Reference in New Issue