mirror of https://github.com/getdnsapi/getdns.git
Merge branch 'release/1.5.0' into develop
This commit is contained in:
commit
e9060792dc
|
@ -1,4 +1,5 @@
|
||||||
* 2018-??-??: Version 1.4.3
|
* 2018-12-??: Version 1.5.0
|
||||||
|
* ZONEMD rr-type
|
||||||
* getdns_query queries for addresses when a query name
|
* getdns_query queries for addresses when a query name
|
||||||
without a type is given.
|
without a type is given.
|
||||||
* RFE #408: Fetching of trust anchors will be retried
|
* RFE #408: Fetching of trust anchors will be retried
|
||||||
|
|
|
@ -36,7 +36,7 @@ sinclude(./m4/acx_getaddrinfo.m4)
|
||||||
sinclude(./m4/ax_check_compile_flag.m4)
|
sinclude(./m4/ax_check_compile_flag.m4)
|
||||||
sinclude(./m4/pkg.m4)
|
sinclude(./m4/pkg.m4)
|
||||||
|
|
||||||
AC_INIT([getdns], [1.4.3], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
|
AC_INIT([getdns], [1.5.0], [team@getdnsapi.net], [getdns], [https://getdnsapi.net])
|
||||||
|
|
||||||
# Autoconf 2.70 will have set up runstatedir. 2.69 is frequently (Debian)
|
# Autoconf 2.70 will have set up runstatedir. 2.69 is frequently (Debian)
|
||||||
# patched to do the same, but frequently (MacOS) not. So add a with option
|
# patched to do the same, but frequently (MacOS) not. So add a with option
|
||||||
|
@ -63,13 +63,13 @@ AC_ARG_WITH([current-date],
|
||||||
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
|
[CURRENT_DATE="`date -u +%Y-%m-%dT%H:%M:%SZ`"])
|
||||||
|
|
||||||
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
|
AC_SUBST(GETDNS_VERSION, ["AC_PACKAGE_VERSION$RELEASE_CANDIDATE"])
|
||||||
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x010402c1])
|
AC_SUBST(GETDNS_NUMERIC_VERSION, [0x0104ffc1])
|
||||||
AC_SUBST(API_VERSION, ["December 2015"])
|
AC_SUBST(API_VERSION, ["December 2015"])
|
||||||
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
|
AC_SUBST(API_NUMERIC_VERSION, [0x07df0c00])
|
||||||
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
|
GETDNS_COMPILATION_COMMENT="AC_PACKAGE_NAME $GETDNS_VERSION configured on $CURRENT_DATE for the $API_VERSION version of the API"
|
||||||
|
|
||||||
AC_DEFINE_UNQUOTED([STUBBY_PACKAGE], ["stubby"], [Stubby package])
|
AC_DEFINE_UNQUOTED([STUBBY_PACKAGE], ["stubby"], [Stubby package])
|
||||||
AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.3$STUBBY_RELEASE_CANDIDATE"], [Stubby package string])
|
AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.4$STUBBY_RELEASE_CANDIDATE"], [Stubby package string])
|
||||||
|
|
||||||
# Library version
|
# Library version
|
||||||
# ---------------
|
# ---------------
|
||||||
|
@ -106,7 +106,8 @@ AC_DEFINE_UNQUOTED([STUBBY_PACKAGE_STRING], ["0.2.3$STUBBY_RELEASE_CANDIDATE"],
|
||||||
# getdns-1.4.0 had libversion 10:0:0
|
# getdns-1.4.0 had libversion 10:0:0
|
||||||
# getdns-1.4.1 had libversion 10:1:0
|
# getdns-1.4.1 had libversion 10:1:0
|
||||||
# getdns-1.4.2 has libversion 10:2:0
|
# getdns-1.4.2 has libversion 10:2:0
|
||||||
GETDNS_LIBVERSION=10:2:0
|
# getdns-1.5.0 will have libversion 11:0:1
|
||||||
|
GETDNS_LIBVERSION=11:0:1
|
||||||
|
|
||||||
AC_SUBST(GETDNS_COMPILATION_COMMENT)
|
AC_SUBST(GETDNS_COMPILATION_COMMENT)
|
||||||
AC_SUBST(GETDNS_LIBVERSION)
|
AC_SUBST(GETDNS_LIBVERSION)
|
||||||
|
|
298
src/anchor.c
298
src/anchor.c
|
@ -703,7 +703,7 @@ static uint8_t *tas_validate(struct mem_funcs *mf,
|
||||||
success = NULL;
|
success = NULL;
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
DEBUG_ANCHOR("Could not allocate space for "
|
DEBUG_ANCHOR("Cannot allocate space for "
|
||||||
"trust anchors\n");
|
"trust anchors\n");
|
||||||
} else {
|
} else {
|
||||||
success = tas;
|
success = tas;
|
||||||
|
@ -736,57 +736,71 @@ void _getdns_context_equip_with_anchor(
|
||||||
|
|
||||||
if ((r = getdns_context_get_trust_anchors_verify_CA(
|
if ((r = getdns_context_get_trust_anchors_verify_CA(
|
||||||
context, &verify_CA)))
|
context, &verify_CA)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
|
_getdns_log( &context->log
|
||||||
" CA: \"%s\"\n", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot get trust anchor verify CA: \"%s\"\n"
|
||||||
, getdns_get_errorstr_by_id(r));
|
, getdns_get_errorstr_by_id(r));
|
||||||
|
|
||||||
else if (!verify_CA || !*verify_CA)
|
else if (!verify_CA || !*verify_CA)
|
||||||
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "Trust anchor verification explicitely "
|
||||||
"disabled by empty verify CA\n");
|
"disabled by empty verify CA\n");
|
||||||
|
|
||||||
else if ((r = getdns_context_get_trust_anchors_verify_email(
|
else if ((r = getdns_context_get_trust_anchors_verify_email(
|
||||||
context, &verify_email)))
|
context, &verify_email)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify email "
|
_getdns_log( &context->log
|
||||||
"address: \"%s\"\n", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
, getdns_get_errorstr_by_id(r));
|
, "Cannot get trust anchor verify email address: "
|
||||||
|
"\"%s\"\n", getdns_get_errorstr_by_id(r));
|
||||||
|
|
||||||
else if (!verify_email || !*verify_email)
|
else if (!verify_email || !*verify_email)
|
||||||
DEBUG_ANCHOR("NOTICE: Trust anchor verification explicitely "
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "Trust anchor verification explicitely "
|
||||||
"disabled by empty verify email\n");
|
"disabled by empty verify email\n");
|
||||||
|
|
||||||
else if (!(xml_data = _getdns_context_get_priv_file(context,
|
else if (!(xml_data = _getdns_context_get_priv_file(context,
|
||||||
"root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
|
"root-anchors.xml", xml_spc, sizeof(xml_spc), &xml_len)))
|
||||||
DEBUG_ANCHOR("DEBUG %s(): root-anchors.xml not present\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "root-anchors.xml not present\n");
|
||||||
|
|
||||||
else if (!(p7s_data = _getdns_context_get_priv_file(context,
|
else if (!(p7s_data = _getdns_context_get_priv_file(context,
|
||||||
"root-anchors.p7s", p7s_spc, sizeof(p7s_spc), &p7s_len)))
|
"root-anchors.p7s", p7s_spc, sizeof(p7s_spc), &p7s_len)))
|
||||||
DEBUG_ANCHOR("DEBUG %s(): root-anchors.p7s not present\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "root-anchors.xml not present\n");
|
||||||
|
|
||||||
else if (!(xml = BIO_new_mem_buf(xml_data, xml_len)))
|
else if (!(xml = BIO_new_mem_buf(xml_data, xml_len)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Failed allocating xml BIO\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Failed allocating xml BIO\n");
|
||||||
|
|
||||||
else if (!(p7s = BIO_new_mem_buf(p7s_data, p7s_len)))
|
else if (!(p7s = BIO_new_mem_buf(p7s_data, p7s_len)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Failed allocating p7s BIO\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Failed allocating p7s BIO\n");
|
||||||
|
|
||||||
else if (!(crt = BIO_new_mem_buf((void *)verify_CA, -1)))
|
else if (!(crt = BIO_new_mem_buf((void *)verify_CA, -1)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Failed allocating crt BIO\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Failed allocating crt BIO\n");
|
||||||
|
|
||||||
else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
|
else if (!(x = PEM_read_bio_X509(crt, NULL, 0, NULL)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Parsing builtin certificate\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot parse builtin certificate\n");
|
||||||
|
|
||||||
else if (!(store = X509_STORE_new()))
|
else if (!(store = X509_STORE_new()))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Failed allocating store\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Failed allocating X509 store\n");
|
||||||
|
|
||||||
else if (!X509_STORE_add_cert(store, x))
|
else if (!X509_STORE_add_cert(store, x))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Adding certificate to store\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot add certificate to X509 store\n");
|
||||||
|
|
||||||
else if (_getdns_verify_p7sig(xml, p7s, store, verify_email)) {
|
else if (_getdns_verify_p7sig(xml, p7s, store, verify_email)) {
|
||||||
uint8_t ta_spc[sizeof(context->trust_anchors_spc)];
|
uint8_t ta_spc[sizeof(context->trust_anchors_spc)];
|
||||||
|
@ -799,15 +813,21 @@ void _getdns_context_equip_with_anchor(
|
||||||
|
|
||||||
if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
|
if (!_getdns_parse_xml_trust_anchors_buf(&gbuf, now_ms,
|
||||||
(char *)xml_data, xml_len))
|
(char *)xml_data, xml_len))
|
||||||
DEBUG_ANCHOR("Failed to parse trust anchor XML data");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Failed to parse trust anchor XML data\n");
|
||||||
|
|
||||||
else if ((ta_len = gldns_buffer_position(&gbuf)) > sizeof(ta_spc)) {
|
else if ((ta_len = gldns_buffer_position(&gbuf)) > sizeof(ta_spc)) {
|
||||||
if ((ta = GETDNS_XMALLOC(context->mf, uint8_t, ta_len))) {
|
if ((ta = GETDNS_XMALLOC(context->mf, uint8_t, ta_len))) {
|
||||||
gldns_buffer_init_frm_data(&gbuf, ta,
|
gldns_buffer_init_frm_data(&gbuf, ta,
|
||||||
gldns_buffer_position(&gbuf));
|
gldns_buffer_position(&gbuf));
|
||||||
if (!_getdns_parse_xml_trust_anchors_buf(
|
if (!_getdns_parse_xml_trust_anchors_buf(
|
||||||
&gbuf, now_ms, (char *)xml_data, xml_len)) {
|
&gbuf, now_ms, (char *)xml_data, xml_len)) {
|
||||||
DEBUG_ANCHOR("Failed to re-parse trust"
|
_getdns_log( &context->log
|
||||||
" anchor XML data");
|
, GETDNS_LOG_SYS_ANCHOR
|
||||||
|
, GETDNS_LOG_ERR
|
||||||
|
, "Error re-parsing trust "
|
||||||
|
"anchor XML data\n");
|
||||||
GETDNS_FREE(context->mf, ta);
|
GETDNS_FREE(context->mf, ta);
|
||||||
} else {
|
} else {
|
||||||
context->trust_anchors = ta;
|
context->trust_anchors = ta;
|
||||||
|
@ -816,7 +836,11 @@ void _getdns_context_equip_with_anchor(
|
||||||
_getdns_ta_notify_dnsreqs(context);
|
_getdns_ta_notify_dnsreqs(context);
|
||||||
}
|
}
|
||||||
} else
|
} else
|
||||||
DEBUG_ANCHOR("Could not allocate space for XML file");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR
|
||||||
|
, GETDNS_LOG_ERR
|
||||||
|
, "Cannot allocate space for "
|
||||||
|
"XML file");
|
||||||
} else {
|
} else {
|
||||||
(void)memcpy(context->trust_anchors_spc, ta_spc, ta_len);
|
(void)memcpy(context->trust_anchors_spc, ta_spc, ta_len);
|
||||||
context->trust_anchors = context->trust_anchors_spc;
|
context->trust_anchors = context->trust_anchors_spc;
|
||||||
|
@ -828,7 +852,9 @@ void _getdns_context_equip_with_anchor(
|
||||||
(void *)context->trust_anchors, (int)context->trust_anchors_len);
|
(void *)context->trust_anchors, (int)context->trust_anchors_len);
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
DEBUG_ANCHOR("Verifying trust-anchors failed!\n");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Verifying trust-anchors XML failed!\n");
|
||||||
}
|
}
|
||||||
if (store) X509_STORE_free(store);
|
if (store) X509_STORE_free(store);
|
||||||
if (x) X509_free(x);
|
if (x) X509_free(x);
|
||||||
|
@ -855,10 +881,8 @@ static const char tas_write_xml_p7s_buf[] =
|
||||||
"\r\n";
|
"\r\n";
|
||||||
|
|
||||||
|
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
static inline const char * rt_str(uint16_t rt)
|
static inline const char * rt_str(uint16_t rt)
|
||||||
{ return rt == GETDNS_RRTYPE_A ? "A" : rt == GETDNS_RRTYPE_AAAA ? "AAAA" : "?"; }
|
{ return rt == GETDNS_RRTYPE_A ? "A" : rt == GETDNS_RRTYPE_AAAA ? "AAAA" : "?"; }
|
||||||
#endif
|
|
||||||
|
|
||||||
static int tas_busy(tas_connection *a)
|
static int tas_busy(tas_connection *a)
|
||||||
{
|
{
|
||||||
|
@ -905,7 +929,8 @@ static void tas_success(getdns_context *context, tas_connection *a)
|
||||||
tas_cleanup(context, a);
|
tas_cleanup(context, a);
|
||||||
tas_cleanup(context, other);
|
tas_cleanup(context, other);
|
||||||
|
|
||||||
DEBUG_ANCHOR("Successfully fetched new trust anchors\n");
|
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "Successfully fetched new trust anchors\n");
|
||||||
context->trust_anchors_source = GETDNS_TASRC_XML;
|
context->trust_anchors_source = GETDNS_TASRC_XML;
|
||||||
_getdns_ta_notify_dnsreqs(context);
|
_getdns_ta_notify_dnsreqs(context);
|
||||||
}
|
}
|
||||||
|
@ -913,22 +938,26 @@ static void tas_success(getdns_context *context, tas_connection *a)
|
||||||
static void tas_fail(getdns_context *context, tas_connection *a)
|
static void tas_fail(getdns_context *context, tas_connection *a)
|
||||||
{
|
{
|
||||||
tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
|
tas_connection *other = &context->a == a ? &context->aaaa : &context->a;
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
uint16_t rt = &context->a == a ? GETDNS_RRTYPE_A : GETDNS_RRTYPE_AAAA;
|
uint16_t rt = &context->a == a ? GETDNS_RRTYPE_A : GETDNS_RRTYPE_AAAA;
|
||||||
uint16_t ort = rt == GETDNS_RRTYPE_A ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A;
|
|
||||||
#endif
|
|
||||||
tas_cleanup(context, a);
|
tas_cleanup(context, a);
|
||||||
|
|
||||||
if (!tas_busy(other)) {
|
if (!tas_busy(other)) {
|
||||||
DEBUG_ANCHOR("Fatal error fetching trust anchor: "
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Fatal error fetching trust anchor: "
|
||||||
"%s connection failed too\n", rt_str(rt));
|
"%s connection failed too\n", rt_str(rt));
|
||||||
context->trust_anchors_source = GETDNS_TASRC_FAILED;
|
context->trust_anchors_source = GETDNS_TASRC_FAILED;
|
||||||
context->trust_anchors_backoff_expiry =
|
context->trust_anchors_backoff_expiry =
|
||||||
_getdns_get_now_ms() + context->trust_anchors_backoff_time;
|
_getdns_get_now_ms() + context->trust_anchors_backoff_time;
|
||||||
_getdns_ta_notify_dnsreqs(context);
|
_getdns_ta_notify_dnsreqs(context);
|
||||||
} else
|
} else
|
||||||
DEBUG_ANCHOR("%s connection failed, waiting for %s\n"
|
_getdns_log( &context->log
|
||||||
, rt_str(rt), rt_str(ort));
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "%s connection failed, waiting for %s\n"
|
||||||
|
, rt_str(rt)
|
||||||
|
, rt_str( rt == GETDNS_RRTYPE_A
|
||||||
|
? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A));
|
||||||
}
|
}
|
||||||
|
|
||||||
static void tas_connect(getdns_context *context, tas_connection *a);
|
static void tas_connect(getdns_context *context, tas_connection *a);
|
||||||
|
@ -960,7 +989,9 @@ static void tas_timeout_cb(void *userarg)
|
||||||
a = &context->a;
|
a = &context->a;
|
||||||
else a = &context->aaaa;
|
else a = &context->aaaa;
|
||||||
|
|
||||||
DEBUG_ANCHOR("Trust anchor fetch timeout\n");
|
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "Trust anchor fetch timeout\n");
|
||||||
|
|
||||||
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
}
|
}
|
||||||
|
@ -976,7 +1007,9 @@ static void tas_reconnect_cb(void *userarg)
|
||||||
a = &context->a;
|
a = &context->a;
|
||||||
else a = &context->aaaa;
|
else a = &context->aaaa;
|
||||||
|
|
||||||
DEBUG_ANCHOR("Waiting for second document timeout. Reconnecting...\n");
|
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "Waiting for second document timeout. Reconnecting...\n");
|
||||||
|
|
||||||
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
||||||
close(a->fd);
|
close(a->fd);
|
||||||
a->fd = -1;
|
a->fd = -1;
|
||||||
|
@ -991,8 +1024,6 @@ static void tas_read_cb(void *userarg);
|
||||||
static void tas_write_cb(void *userarg);
|
static void tas_write_cb(void *userarg);
|
||||||
static void tas_doc_read(getdns_context *context, tas_connection *a)
|
static void tas_doc_read(getdns_context *context, tas_connection *a)
|
||||||
{
|
{
|
||||||
DEBUG_ANCHOR("doc (size: %d)\n", (int)a->tcp.read_buf_len);
|
|
||||||
|
|
||||||
assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
|
assert(a->tcp.read_pos == a->tcp.read_buf + a->tcp.read_buf_len);
|
||||||
assert(context);
|
assert(context);
|
||||||
|
|
||||||
|
@ -1021,18 +1052,20 @@ static void tas_doc_read(getdns_context *context, tas_connection *a)
|
||||||
|
|
||||||
if ((r = getdns_context_get_trust_anchors_verify_CA(
|
if ((r = getdns_context_get_trust_anchors_verify_CA(
|
||||||
context, (const char **)&verify_CA.data)))
|
context, (const char **)&verify_CA.data)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
|
_getdns_log( &context->log
|
||||||
" CA: \"%s\"\n", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
, getdns_get_errorstr_by_id(r));
|
, "Cannot get trust anchor verify CA: "
|
||||||
|
"\"%s\"\n", getdns_get_errorstr_by_id(r));
|
||||||
|
|
||||||
else if (!(verify_CA.size = strlen((const char *)verify_CA.data)))
|
else if (!(verify_CA.size = strlen((const char *)verify_CA.data)))
|
||||||
; /* pass */
|
; /* pass */
|
||||||
|
|
||||||
else if ((r = getdns_context_get_trust_anchors_verify_email(
|
else if ((r = getdns_context_get_trust_anchors_verify_email(
|
||||||
context, &verify_email)))
|
context, &verify_email)))
|
||||||
DEBUG_ANCHOR("ERROR %s(): Getting trust anchor verify"
|
_getdns_log( &context->log
|
||||||
" email address: \"%s\"\n", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
, getdns_get_errorstr_by_id(r));
|
, "Cannot get trust anchor verify email: "
|
||||||
|
"\"%s\"\n", getdns_get_errorstr_by_id(r));
|
||||||
|
|
||||||
else if (!(tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
|
else if (!(tas = tas_validate(&context->mf, &a->xml, &p7s_bd,
|
||||||
&verify_CA, verify_email, &now_ms, tas, &tas_len)))
|
&verify_CA, verify_email, &now_ms, tas, &tas_len)))
|
||||||
|
@ -1157,7 +1190,11 @@ static void tas_read_cb(void *userarg)
|
||||||
DEBUG_ANCHOR("i: %d, n: %d, doc_len: %d\n"
|
DEBUG_ANCHOR("i: %d, n: %d, doc_len: %d\n"
|
||||||
, (int)i, (int)n, doc_len);
|
, (int)i, (int)n, doc_len);
|
||||||
if (!doc)
|
if (!doc)
|
||||||
DEBUG_ANCHOR("Memory error");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR
|
||||||
|
, GETDNS_LOG_ERR
|
||||||
|
, "Memory error while reading "
|
||||||
|
"trust anchor\n");
|
||||||
else {
|
else {
|
||||||
ssize_t surplus = n - i;
|
ssize_t surplus = n - i;
|
||||||
|
|
||||||
|
@ -1204,7 +1241,11 @@ static void tas_read_cb(void *userarg)
|
||||||
} else if (_getdns_socketerror_wants_retry())
|
} else if (_getdns_socketerror_wants_retry())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DEBUG_ANCHOR("Read error: %d %s\n", (int)n, _getdns_errnostr());
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error while receiving trust anchor: %s\n"
|
||||||
|
, _getdns_errnostr());
|
||||||
|
|
||||||
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
}
|
}
|
||||||
|
@ -1254,7 +1295,9 @@ static void tas_write_cb(void *userarg)
|
||||||
} else if (_getdns_socketerror_wants_retry())
|
} else if (_getdns_socketerror_wants_retry())
|
||||||
return;
|
return;
|
||||||
|
|
||||||
DEBUG_ANCHOR("Write error: %s\n", _getdns_errnostr());
|
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error while sending to trust anchor site: %s\n"
|
||||||
|
, _getdns_errnostr());
|
||||||
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
GETDNS_CLEAR_EVENT(a->loop, &a->event);
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
}
|
}
|
||||||
|
@ -1293,9 +1336,7 @@ static getdns_return_t _getdns_get_tas_url_hostname(
|
||||||
|
|
||||||
static void tas_connect(getdns_context *context, tas_connection *a)
|
static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
{
|
{
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
char a_buf[40];
|
char a_buf[40];
|
||||||
#endif
|
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
#ifdef HAVE_FCNTL
|
#ifdef HAVE_FCNTL
|
||||||
|
@ -1311,15 +1352,19 @@ static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
DEBUG_ANCHOR("Initiating connection to %s\n"
|
|
||||||
|
_getdns_log( &context->log, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "Setting op connection to: %s\n"
|
||||||
, inet_ntop( ( a->req->request_type == GETDNS_RRTYPE_A
|
, inet_ntop( ( a->req->request_type == GETDNS_RRTYPE_A
|
||||||
? AF_INET : AF_INET6)
|
? AF_INET : AF_INET6)
|
||||||
, a->rr->rr_i.rr_type + 10, a_buf, sizeof(a_buf)));
|
, a->rr->rr_i.rr_type + 10
|
||||||
|
, a_buf, sizeof(a_buf)));
|
||||||
|
|
||||||
if ((a->fd = socket(( a->req->request_type == GETDNS_RRTYPE_A
|
if ((a->fd = socket(( a->req->request_type == GETDNS_RRTYPE_A
|
||||||
? AF_INET : AF_INET6), SOCK_STREAM, IPPROTO_TCP)) == -1) {
|
? AF_INET : AF_INET6), SOCK_STREAM, IPPROTO_TCP)) == -1) {
|
||||||
DEBUG_ANCHOR("Error creating socket: %s\n",
|
_getdns_log( &context->log
|
||||||
_getdns_errnostr());
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error creating socket: %s\n", _getdns_errnostr());
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1370,8 +1415,10 @@ static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
}
|
}
|
||||||
if ((R = _getdns_get_tas_url_hostname(
|
if ((R = _getdns_get_tas_url_hostname(
|
||||||
context, tas_hostname, &path))) {
|
context, tas_hostname, &path))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
|
_getdns_log( &context->log
|
||||||
": \"%s\"", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot get hostname from trust anchor "
|
||||||
|
"url: \"%s\"\n"
|
||||||
, getdns_get_errorstr_by_id(r));
|
, getdns_get_errorstr_by_id(r));
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
@ -1380,8 +1427,10 @@ static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
tas_hostname[--hostname_len] = '\0';
|
tas_hostname[--hostname_len] = '\0';
|
||||||
path_len = strlen(path);
|
path_len = strlen(path);
|
||||||
if (path_len < 4) {
|
if (path_len < 4) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): path of tas_url \"%s\" too "
|
_getdns_log( &context->log
|
||||||
"small\n", __FUNC__, path);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Trust anchor path \"%s\" too small\n"
|
||||||
|
, path);
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (a->state == TAS_RETRY_GET_PS7) {
|
if (a->state == TAS_RETRY_GET_PS7) {
|
||||||
|
@ -1394,8 +1443,10 @@ static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
fmt = tas_write_xml_p7s_buf;
|
fmt = tas_write_xml_p7s_buf;
|
||||||
}
|
}
|
||||||
if (!(write_buf = GETDNS_XMALLOC(context->mf, char, buf_sz))) {
|
if (!(write_buf = GETDNS_XMALLOC(context->mf, char, buf_sz))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Could not allocate write "
|
_getdns_log( &context->log
|
||||||
"buffer\n", __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot allocate write buffer for "
|
||||||
|
"sending to trust anchor host\n");
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
if (a->state == TAS_RETRY_GET_PS7) {
|
if (a->state == TAS_RETRY_GET_PS7) {
|
||||||
|
@ -1429,8 +1480,10 @@ static void tas_connect(getdns_context *context, tas_connection *a)
|
||||||
DEBUG_ANCHOR("Scheduled write with event\n");
|
DEBUG_ANCHOR("Scheduled write with event\n");
|
||||||
return;
|
return;
|
||||||
} else
|
} else
|
||||||
DEBUG_ANCHOR("Connect error: %s\n", _getdns_errnostr());
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error connecting to trust anchor host: %s\n "
|
||||||
|
, _getdns_errnostr());
|
||||||
error:
|
error:
|
||||||
tas_next(context, a);
|
tas_next(context, a);
|
||||||
}
|
}
|
||||||
|
@ -1444,7 +1497,10 @@ static void tas_happy_eyeballs_cb(void *userarg)
|
||||||
if (tas_fetching(&context->aaaa))
|
if (tas_fetching(&context->aaaa))
|
||||||
return;
|
return;
|
||||||
else {
|
else {
|
||||||
DEBUG_ANCHOR("AAAA came too late, clearing Happy Eyeballs timer\n");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "Too late reception of AAAA for trust anchor "
|
||||||
|
"host for Happy Eyeballs\n");
|
||||||
GETDNS_CLEAR_EVENT(context->a.loop, &context->a.event);
|
GETDNS_CLEAR_EVENT(context->a.loop, &context->a.event);
|
||||||
tas_connect(context, &context->a);
|
tas_connect(context, &context->a);
|
||||||
}
|
}
|
||||||
|
@ -1463,28 +1519,31 @@ static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
|
||||||
&a->rrset_spc, a->req->response, a->req->response_len);
|
&a->rrset_spc, a->req->response, a->req->response_len);
|
||||||
|
|
||||||
if (!a->rrset) {
|
if (!a->rrset) {
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
char tas_hostname[256] = "<no hostname>";
|
char tas_hostname[256] = "<no hostname>";
|
||||||
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
||||||
DEBUG_ANCHOR("%s lookup for %s returned no response\n"
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "%s lookup for %s returned no response\n"
|
||||||
, rt_str(a->req->request_type), tas_hostname);
|
, rt_str(a->req->request_type), tas_hostname);
|
||||||
#endif
|
|
||||||
} else if (a->req->response_len < dnsreq->name_len + 12 ||
|
} else if (a->req->response_len < dnsreq->name_len + 12 ||
|
||||||
!_getdns_dname_equal(a->req->response + 12, dnsreq->name) ||
|
!_getdns_dname_equal(a->req->response + 12, dnsreq->name) ||
|
||||||
a->rrset->rr_type != a->req->request_type) {
|
a->rrset->rr_type != a->req->request_type) {
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
char tas_hostname[256] = "<no hostname>";
|
char tas_hostname[256] = "<no hostname>";
|
||||||
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
||||||
DEBUG_ANCHOR("%s lookup for %s returned wrong response\n"
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "%s lookup for %s returned wrong response\n"
|
||||||
, rt_str(a->req->request_type), tas_hostname);
|
, rt_str(a->req->request_type), tas_hostname);
|
||||||
#endif
|
|
||||||
} else if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset))) {
|
} else if (!(a->rr = _getdns_rrtype_iter_init(&a->rr_spc, a->rrset))) {
|
||||||
#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
|
|
||||||
char tas_hostname[256] = "<no hostname>";
|
char tas_hostname[256] = "<no hostname>";
|
||||||
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
(void) _getdns_get_tas_url_hostname(context, tas_hostname, NULL);
|
||||||
DEBUG_ANCHOR("%s lookup for %s returned no addresses\n"
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "%s lookup for %s returned no addresses\n"
|
||||||
, rt_str(a->req->request_type), tas_hostname);
|
, rt_str(a->req->request_type), tas_hostname);
|
||||||
#endif
|
|
||||||
} else {
|
} else {
|
||||||
tas_connection *other = a == &context->a ? &context->aaaa
|
tas_connection *other = a == &context->a ? &context->aaaa
|
||||||
: &context->a;
|
: &context->a;
|
||||||
|
@ -1494,8 +1553,9 @@ static void _tas_hostname_lookup_cb(getdns_dns_req *dnsreq)
|
||||||
; /* pass */
|
; /* pass */
|
||||||
|
|
||||||
else if (a == &context->a && tas_busy(other)) {
|
else if (a == &context->a && tas_busy(other)) {
|
||||||
DEBUG_ANCHOR("Postponing connection initiation: "
|
_getdns_log( &context->log
|
||||||
"Happy Eyeballs\n");
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "Waiting 25ms for AAAA to arrive\n");
|
||||||
GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 25,
|
GETDNS_SCHEDULE_EVENT(a->loop, a->fd, 25,
|
||||||
getdns_eventloop_event_init(&a->event,
|
getdns_eventloop_event_init(&a->event,
|
||||||
a->req->owner, NULL, NULL, tas_happy_eyeballs_cb));
|
a->req->owner, NULL, NULL, tas_happy_eyeballs_cb));
|
||||||
|
@ -1522,38 +1582,47 @@ void _getdns_start_fetching_ta(
|
||||||
const char *verify_email;
|
const char *verify_email;
|
||||||
|
|
||||||
if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
|
if ((r = _getdns_get_tas_url_hostname(context, tas_hostname, NULL))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Could not get_tas_url_hostname"
|
_getdns_log( &context->log
|
||||||
": \"%s\"", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
, getdns_get_errorstr_by_id(r));
|
, "Cannot get hostname from trust anchor url: "
|
||||||
|
"\"%s\"\n", getdns_get_errorstr_by_id(r));
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if ((r = getdns_context_get_trust_anchors_verify_CA(
|
} else if ((r = getdns_context_get_trust_anchors_verify_CA(
|
||||||
context, &verify_CA))) {
|
context, &verify_CA))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Could not get verify CA"
|
_getdns_log( &context->log
|
||||||
": \"%s\"", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot get trust anchor verify CA: \"%s\"\n"
|
||||||
, getdns_get_errorstr_by_id(r));
|
, getdns_get_errorstr_by_id(r));
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if (!verify_CA || !*verify_CA) {
|
} else if (!verify_CA || !*verify_CA) {
|
||||||
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "Trust anchor verification explicitely "
|
||||||
"disabled by empty verify CA\n");
|
"disabled by empty verify CA\n");
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if ((r = getdns_context_get_trust_anchors_verify_email(
|
} else if ((r = getdns_context_get_trust_anchors_verify_email(
|
||||||
context, &verify_email))) {
|
context, &verify_email))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Could not get verify email address"
|
_getdns_log( &context->log
|
||||||
": \"%s\"", __FUNC__
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Cannot get trust anchor verify email: \"%s\"\n"
|
||||||
, getdns_get_errorstr_by_id(r));
|
, getdns_get_errorstr_by_id(r));
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if (!verify_email || !*verify_email) {
|
} else if (!verify_email || !*verify_email) {
|
||||||
DEBUG_ANCHOR("NOTICE: Trust anchor fetching explicitely "
|
_getdns_log( &context->log
|
||||||
"disabled by empty verify email address\n");
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_INFO
|
||||||
|
, "Trust anchor verification explicitely "
|
||||||
|
"disabled by empty verify email\n");
|
||||||
return;
|
return;
|
||||||
|
|
||||||
} else if (!_getdns_context_can_write_appdata(context)) {
|
} else if (!_getdns_context_can_write_appdata(context)) {
|
||||||
DEBUG_ANCHOR("NOTICE %s(): Not fetching TA, because "
|
_getdns_log( &context->log
|
||||||
"non writeable appdata directory\n", __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "Not fetching TA, because "
|
||||||
|
"non writeable appdata directory\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
|
DEBUG_ANCHOR("Hostname: %s\n", tas_hostname);
|
||||||
|
@ -1561,34 +1630,36 @@ void _getdns_start_fetching_ta(
|
||||||
loop == &context->sync_eventloop.loop ? "" : "a");
|
loop == &context->sync_eventloop.loop ? "" : "a");
|
||||||
|
|
||||||
scheduled = 0;
|
scheduled = 0;
|
||||||
#if 1
|
|
||||||
context->a.state = TAS_LOOKUP_ADDRESSES;
|
context->a.state = TAS_LOOKUP_ADDRESSES;
|
||||||
if ((r = _getdns_general_loop(context, loop,
|
if ((r = _getdns_general_loop(context, loop,
|
||||||
tas_hostname, GETDNS_RRTYPE_A,
|
tas_hostname, GETDNS_RRTYPE_A,
|
||||||
no_dnssec_checking_disabled_opportunistic,
|
no_dnssec_checking_disabled_opportunistic,
|
||||||
context, &context->a.req, NULL, _tas_hostname_lookup_cb))) {
|
context, &context->a.req, NULL, _tas_hostname_lookup_cb))) {
|
||||||
DEBUG_ANCHOR("Error scheduling A lookup for %s: %s\n"
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "Error scheduling A lookup for %s: %s\n"
|
||||||
, tas_hostname, getdns_get_errorstr_by_id(r));
|
, tas_hostname, getdns_get_errorstr_by_id(r));
|
||||||
} else
|
} else
|
||||||
scheduled += 1;
|
scheduled += 1;
|
||||||
#endif
|
|
||||||
|
|
||||||
#if 1
|
|
||||||
context->aaaa.state = TAS_LOOKUP_ADDRESSES;
|
context->aaaa.state = TAS_LOOKUP_ADDRESSES;
|
||||||
if ((r = _getdns_general_loop(context, loop,
|
if ((r = _getdns_general_loop(context, loop,
|
||||||
tas_hostname, GETDNS_RRTYPE_AAAA,
|
tas_hostname, GETDNS_RRTYPE_AAAA,
|
||||||
no_dnssec_checking_disabled_opportunistic,
|
no_dnssec_checking_disabled_opportunistic,
|
||||||
context, &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
|
context, &context->aaaa.req, NULL, _tas_hostname_lookup_cb))) {
|
||||||
DEBUG_ANCHOR("Error scheduling AAAA lookup for %s: %s\n"
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "Error scheduling AAAA lookup for %s: %s\n"
|
||||||
, tas_hostname, getdns_get_errorstr_by_id(r));
|
, tas_hostname, getdns_get_errorstr_by_id(r));
|
||||||
} else
|
} else
|
||||||
scheduled += 1;
|
scheduled += 1;
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!scheduled) {
|
if (!scheduled) {
|
||||||
DEBUG_ANCHOR("Fatal error fetching trust anchor: Unable to "
|
_getdns_log( &context->log
|
||||||
"schedule address requests for %s\n"
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_WARNING
|
||||||
|
, "Error scheduling address lookups for %s\n"
|
||||||
, tas_hostname);
|
, tas_hostname);
|
||||||
|
|
||||||
context->trust_anchors_source = GETDNS_TASRC_FAILED;
|
context->trust_anchors_source = GETDNS_TASRC_FAILED;
|
||||||
if (now_ms) {
|
if (now_ms) {
|
||||||
if (*now_ms == 0) *now_ms = _getdns_get_now_ms();
|
if (*now_ms == 0) *now_ms = _getdns_get_now_ms();
|
||||||
|
@ -1713,7 +1784,10 @@ static void _getdns_context_read_root_ksk(getdns_context *context)
|
||||||
buf_sz *= 2;
|
buf_sz *= 2;
|
||||||
}
|
}
|
||||||
if (!(buf = GETDNS_XMALLOC(context->mf, uint8_t, buf_sz))) {
|
if (!(buf = GETDNS_XMALLOC(context->mf, uint8_t, buf_sz))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error allocating memory to read "
|
||||||
|
"root.key\n");
|
||||||
break;;
|
break;;
|
||||||
}
|
}
|
||||||
ptr = buf;
|
ptr = buf;
|
||||||
|
@ -1798,8 +1872,10 @@ _getdns_context_update_root_ksk(
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (str_buf != str_spc) {
|
if (str_buf != str_spc) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Buffer size determination "
|
_getdns_log( &context->log
|
||||||
"error\n", __FUNC__);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error determining buffer size for root "
|
||||||
|
"KSK\n");
|
||||||
if (str_buf)
|
if (str_buf)
|
||||||
GETDNS_FREE(context->mf, str_buf);
|
GETDNS_FREE(context->mf, str_buf);
|
||||||
|
|
||||||
|
@ -1807,11 +1883,13 @@ _getdns_context_update_root_ksk(
|
||||||
}
|
}
|
||||||
if (!(str_pos = str_buf = GETDNS_XMALLOC( context->mf, char,
|
if (!(str_pos = str_buf = GETDNS_XMALLOC( context->mf, char,
|
||||||
(str_sz = sizeof(str_spc) - remaining) + 1))) {
|
(str_sz = sizeof(str_spc) - remaining) + 1))) {
|
||||||
DEBUG_ANCHOR("ERROR %s(): Memory error\n", __FUNC__);
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_ERR
|
||||||
|
, "Error allocating memory to read "
|
||||||
|
"root KSK\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
remaining = str_sz + 1;
|
remaining = str_sz + 1;
|
||||||
DEBUG_ANCHOR("Retrying with buf size: %d\n", remaining);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
/* Write presentation format DNSKEY rrset to "root.key" file */
|
/* Write presentation format DNSKEY rrset to "root.key" file */
|
||||||
|
@ -1886,17 +1964,21 @@ _getdns_context_update_root_ksk(
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!ta) {
|
if (!ta) {
|
||||||
DEBUG_ANCHOR("NOTICE %s(): Key with id %d "
|
_getdns_log( &context->log
|
||||||
"*not* found in TA.\n"
|
, GETDNS_LOG_SYS_ANCHOR
|
||||||
"\"root-anchors.xml\" need "
|
, GETDNS_LOG_NOTICE
|
||||||
"updating.\n", __FUNC__
|
, "Key with id %d not found in TA; "
|
||||||
|
"\"root-anchors.xml\" needs to be "
|
||||||
|
"updated.\n"
|
||||||
, context->root_ksk.ids[i]);
|
, context->root_ksk.ids[i]);
|
||||||
context->trust_anchors_source =
|
context->trust_anchors_source =
|
||||||
GETDNS_TASRC_XML_UPDATE;
|
GETDNS_TASRC_XML_UPDATE;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
DEBUG_ANCHOR("DEBUG %s(): Key with id %d found in TA\n"
|
_getdns_log( &context->log
|
||||||
, __FUNC__, context->root_ksk.ids[i]);
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_DEBUG
|
||||||
|
, "Key with id %d found in TA\n"
|
||||||
|
, context->root_ksk.ids[i]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (str_buf && str_buf != str_spc)
|
if (str_buf && str_buf != str_spc)
|
||||||
|
|
|
@ -124,7 +124,11 @@ static struct const_info consts_info[] = {
|
||||||
{ 1402, "GETDNS_TLS1_1", GETDNS_TLS1_1_TEXT },
|
{ 1402, "GETDNS_TLS1_1", GETDNS_TLS1_1_TEXT },
|
||||||
{ 1403, "GETDNS_TLS1_2", GETDNS_TLS1_2_TEXT },
|
{ 1403, "GETDNS_TLS1_2", GETDNS_TLS1_2_TEXT },
|
||||||
{ 1404, "GETDNS_TLS1_3", GETDNS_TLS1_3_TEXT },
|
{ 1404, "GETDNS_TLS1_3", GETDNS_TLS1_3_TEXT },
|
||||||
{ 4096, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
|
{ 8192, "GETDNS_LOG_SYS_STUB", GETDNS_LOG_SYS_STUB_TEXT },
|
||||||
|
{ 12288, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
|
||||||
|
{ 16384, "GETDNS_LOG_SYS_RECURSING", GETDNS_LOG_SYS_RECURSING_TEXT },
|
||||||
|
{ 24576, "GETDNS_LOG_SYS_RESOLVING", GETDNS_LOG_SYS_RESOLVING_TEXT },
|
||||||
|
{ 32768, "GETDNS_LOG_SYS_ANCHOR", GETDNS_LOG_SYS_ANCHOR_TEXT },
|
||||||
};
|
};
|
||||||
|
|
||||||
static int const_info_cmp(const void *a, const void *b)
|
static int const_info_cmp(const void *a, const void *b)
|
||||||
|
@ -225,7 +229,11 @@ static struct const_name_info consts_name_info[] = {
|
||||||
{ "GETDNS_LOG_ERR", 3 },
|
{ "GETDNS_LOG_ERR", 3 },
|
||||||
{ "GETDNS_LOG_INFO", 6 },
|
{ "GETDNS_LOG_INFO", 6 },
|
||||||
{ "GETDNS_LOG_NOTICE", 5 },
|
{ "GETDNS_LOG_NOTICE", 5 },
|
||||||
{ "GETDNS_LOG_UPSTREAM_STATS", 4096 },
|
{ "GETDNS_LOG_SYS_ANCHOR", 32768 },
|
||||||
|
{ "GETDNS_LOG_SYS_RECURSING", 16384 },
|
||||||
|
{ "GETDNS_LOG_SYS_RESOLVING", 24576 },
|
||||||
|
{ "GETDNS_LOG_SYS_STUB", 8192 },
|
||||||
|
{ "GETDNS_LOG_UPSTREAM_STATS", 12288 },
|
||||||
{ "GETDNS_LOG_WARNING", 4 },
|
{ "GETDNS_LOG_WARNING", 4 },
|
||||||
{ "GETDNS_NAMESPACE_DNS", 500 },
|
{ "GETDNS_NAMESPACE_DNS", 500 },
|
||||||
{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
|
{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
|
||||||
|
@ -376,6 +384,7 @@ static struct const_name_info consts_name_info[] = {
|
||||||
{ "GETDNS_RRTYPE_URI", 256 },
|
{ "GETDNS_RRTYPE_URI", 256 },
|
||||||
{ "GETDNS_RRTYPE_WKS", 11 },
|
{ "GETDNS_RRTYPE_WKS", 11 },
|
||||||
{ "GETDNS_RRTYPE_X25", 19 },
|
{ "GETDNS_RRTYPE_X25", 19 },
|
||||||
|
{ "GETDNS_RRTYPE_ZONEMD", 63 },
|
||||||
{ "GETDNS_SSL3", 1400 },
|
{ "GETDNS_SSL3", 1400 },
|
||||||
{ "GETDNS_TLS1", 1401 },
|
{ "GETDNS_TLS1", 1401 },
|
||||||
{ "GETDNS_TLS1_1", 1402 },
|
{ "GETDNS_TLS1_1", 1402 },
|
||||||
|
|
1075
src/context.c
1075
src/context.c
File diff suppressed because it is too large
Load Diff
|
@ -127,7 +127,7 @@ const getdns_tsig_info *_getdns_get_tsig_info(getdns_tsig_algo tsig_alg);
|
||||||
|
|
||||||
/* for doing public key pinning of TLS-capable upstreams: */
|
/* for doing public key pinning of TLS-capable upstreams: */
|
||||||
typedef struct sha256_pin {
|
typedef struct sha256_pin {
|
||||||
char pin[SHA256_DIGEST_LENGTH];
|
uint8_t pin[SHA256_DIGEST_LENGTH];
|
||||||
struct sha256_pin *next;
|
struct sha256_pin *next;
|
||||||
} sha256_pin_t;
|
} sha256_pin_t;
|
||||||
|
|
||||||
|
@ -502,11 +502,38 @@ struct getdns_context {
|
||||||
#endif /* HAVE_MDNS_SUPPORT */
|
#endif /* HAVE_MDNS_SUPPORT */
|
||||||
}; /* getdns_context */
|
}; /* getdns_context */
|
||||||
|
|
||||||
void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
|
static inline int _getdns_check_log(const getdns_log_config *log,
|
||||||
getdns_loglevel_type level, const char *fmt, ...);
|
uint64_t system, getdns_loglevel_type level)
|
||||||
|
{ assert(log)
|
||||||
|
; return log->func && (log->system & system) && level <= log->level; }
|
||||||
|
|
||||||
void _getdns_context_log(getdns_context *context, uint64_t system,
|
static inline void _getdns_log(const getdns_log_config *log,
|
||||||
getdns_loglevel_type level, const char *fmt, ...);
|
uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
|
||||||
|
{
|
||||||
|
va_list args;
|
||||||
|
|
||||||
|
if (!_getdns_check_log(log, system, level))
|
||||||
|
return;
|
||||||
|
|
||||||
|
va_start(args, fmt);
|
||||||
|
log->func(log->userarg, system, level, fmt, args);
|
||||||
|
va_end(args);
|
||||||
|
}
|
||||||
|
|
||||||
|
static inline void _getdns_upstream_log(const getdns_upstream *up,
|
||||||
|
uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
|
||||||
|
{
|
||||||
|
va_list args;
|
||||||
|
|
||||||
|
if (!up || !up->upstreams
|
||||||
|
|| !_getdns_check_log(&up->upstreams->log, system, level))
|
||||||
|
return;
|
||||||
|
|
||||||
|
va_start(args, fmt);
|
||||||
|
up->upstreams->log.func(
|
||||||
|
up->upstreams->log.userarg, system, level, fmt, args);
|
||||||
|
va_end(args);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/** internal functions **/
|
/** internal functions **/
|
||||||
|
@ -563,8 +590,9 @@ void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
|
||||||
|
|
||||||
void _getdns_upstream_shutdown(getdns_upstream *upstream);
|
void _getdns_upstream_shutdown(getdns_upstream *upstream);
|
||||||
|
|
||||||
FILE *_getdns_context_get_priv_fp(getdns_context *context, const char *fn);
|
FILE *_getdns_context_get_priv_fp(
|
||||||
uint8_t *_getdns_context_get_priv_file(getdns_context *context,
|
const getdns_context *context, const char *fn);
|
||||||
|
uint8_t *_getdns_context_get_priv_file(const getdns_context *context,
|
||||||
const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
|
const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
|
||||||
|
|
||||||
int _getdns_context_write_priv_file(getdns_context *context,
|
int _getdns_context_write_priv_file(getdns_context *context,
|
||||||
|
|
|
@ -434,7 +434,7 @@ getdns_dict_create_with_memory_functions(void *(*malloc)(size_t),
|
||||||
|
|
||||||
/*-------------------------- getdns_dict_create_with_context */
|
/*-------------------------- getdns_dict_create_with_context */
|
||||||
struct getdns_dict *
|
struct getdns_dict *
|
||||||
getdns_dict_create_with_context(struct getdns_context *context)
|
getdns_dict_create_with_context(const getdns_context *context)
|
||||||
{
|
{
|
||||||
if (context)
|
if (context)
|
||||||
return getdns_dict_create_with_extended_memory_functions(
|
return getdns_dict_create_with_extended_memory_functions(
|
||||||
|
@ -655,7 +655,8 @@ getdns_dict_set_bindata(
|
||||||
|
|
||||||
/*---------------------------------------- getdns_dict_set_bindata */
|
/*---------------------------------------- getdns_dict_set_bindata */
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value)
|
getdns_dict_util_set_string(getdns_dict *dict,
|
||||||
|
const char *name, const char *value)
|
||||||
{
|
{
|
||||||
getdns_item *item;
|
getdns_item *item;
|
||||||
getdns_bindata *newbindata;
|
getdns_bindata *newbindata;
|
||||||
|
|
67
src/dnssec.c
67
src/dnssec.c
|
@ -523,7 +523,7 @@ static void val_chain_sched(chain_head *head, const uint8_t *dname);
|
||||||
static void val_chain_sched_ds(chain_head *head, const uint8_t *dname);
|
static void val_chain_sched_ds(chain_head *head, const uint8_t *dname);
|
||||||
static void val_chain_sched_signer(chain_head *head, _getdns_rrsig_iter *rrsig);
|
static void val_chain_sched_signer(chain_head *head, _getdns_rrsig_iter *rrsig);
|
||||||
|
|
||||||
static chain_head *add_rrset2val_chain(struct mem_funcs *mf,
|
static chain_head *add_rrset2val_chain(const struct mem_funcs *mf,
|
||||||
chain_head **chain_p, _getdns_rrset *rrset, getdns_network_req *netreq)
|
chain_head **chain_p, _getdns_rrset *rrset, getdns_network_req *netreq)
|
||||||
{
|
{
|
||||||
chain_head *head;
|
chain_head *head;
|
||||||
|
@ -788,7 +788,7 @@ static int is_synthesized_cname(_getdns_rrset *cname)
|
||||||
* When a SOA query was successful, a query for DS will follow for that
|
* When a SOA query was successful, a query for DS will follow for that
|
||||||
* owner name.
|
* owner name.
|
||||||
*/
|
*/
|
||||||
static void add_pkt2val_chain(struct mem_funcs *mf,
|
static void add_pkt2val_chain(const struct mem_funcs *mf,
|
||||||
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
|
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
|
||||||
getdns_network_req *netreq)
|
getdns_network_req *netreq)
|
||||||
{
|
{
|
||||||
|
@ -850,7 +850,7 @@ static void add_pkt2val_chain(struct mem_funcs *mf,
|
||||||
* checked eventually.
|
* checked eventually.
|
||||||
* But only if we know the question of course...
|
* But only if we know the question of course...
|
||||||
*/
|
*/
|
||||||
static void add_question2val_chain(struct mem_funcs *mf,
|
static void add_question2val_chain(const struct mem_funcs *mf,
|
||||||
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
|
chain_head **chain_p, uint8_t *pkt, size_t pkt_len,
|
||||||
const uint8_t *qname, uint16_t qtype, uint16_t qclass,
|
const uint8_t *qname, uint16_t qtype, uint16_t qclass,
|
||||||
getdns_network_req *netreq)
|
getdns_network_req *netreq)
|
||||||
|
@ -1364,8 +1364,9 @@ static int _rr_iter_rdata_cmp(const void *a, const void *b)
|
||||||
* nc_name will be set to the next closer (within rrset->name).
|
* nc_name will be set to the next closer (within rrset->name).
|
||||||
*/
|
*/
|
||||||
#define VAL_RRSET_SPC_SZ 256
|
#define VAL_RRSET_SPC_SZ 256
|
||||||
static int _getdns_verify_rrsig(struct mem_funcs *mf,
|
static int _getdns_verify_rrsig(const struct mem_funcs *mf,
|
||||||
_getdns_rrset *rrset, _getdns_rrsig_iter *rrsig, _getdns_rrtype_iter *key, const uint8_t **nc_name)
|
_getdns_rrset *rrset, _getdns_rrsig_iter *rrsig, _getdns_rrtype_iter *key,
|
||||||
|
const uint8_t **nc_name)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
int to_skip;
|
int to_skip;
|
||||||
|
@ -1683,8 +1684,9 @@ static int check_dates(time_t now, int32_t skew, int32_t exp, int32_t inc)
|
||||||
/* Returns whether dnskey signed rrset. If the rrset was a valid wildcard
|
/* Returns whether dnskey signed rrset. If the rrset was a valid wildcard
|
||||||
* expansion, nc_name will point to the next closer part of the name in rrset.
|
* expansion, nc_name will point to the next closer part of the name in rrset.
|
||||||
*/
|
*/
|
||||||
static int dnskey_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
|
static int dnskey_signed_rrset(const struct mem_funcs *mf, time_t now,
|
||||||
_getdns_rrtype_iter *dnskey, _getdns_rrset *rrset, const uint8_t **nc_name)
|
uint32_t skew, _getdns_rrtype_iter *dnskey, _getdns_rrset *rrset,
|
||||||
|
const uint8_t **nc_name)
|
||||||
{
|
{
|
||||||
_getdns_rrsig_iter rrsig_spc, *rrsig;
|
_getdns_rrsig_iter rrsig_spc, *rrsig;
|
||||||
_getdns_rdf_iter rdf_spc, *rdf;
|
_getdns_rdf_iter rdf_spc, *rdf;
|
||||||
|
@ -1752,7 +1754,7 @@ static int dnskey_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Returns whether a dnskey for keyset signed a non wildcard rrset. */
|
/* Returns whether a dnskey for keyset signed a non wildcard rrset. */
|
||||||
static int a_key_signed_rrset_no_wc(struct mem_funcs *mf, time_t now,
|
static int a_key_signed_rrset_no_wc(const struct mem_funcs *mf, time_t now,
|
||||||
uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset)
|
uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset)
|
||||||
{
|
{
|
||||||
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
||||||
|
@ -1780,13 +1782,13 @@ static int a_key_signed_rrset_no_wc(struct mem_funcs *mf, time_t now,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int find_nsec_covering_name(
|
static int find_nsec_covering_name(const struct mem_funcs *mf,
|
||||||
struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *dnskey,
|
time_t now, uint32_t skew, _getdns_rrset *dnskey,
|
||||||
_getdns_rrset *rrset, const uint8_t *name, int *opt_out);
|
_getdns_rrset *rrset, const uint8_t *name, int *opt_out);
|
||||||
|
|
||||||
/* Returns whether a dnskey for keyset signed rrset. */
|
/* Returns whether a dnskey for keyset signed rrset. */
|
||||||
static int a_key_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
|
static int a_key_signed_rrset(const struct mem_funcs *mf, time_t now,
|
||||||
_getdns_rrset *keyset, _getdns_rrset *rrset)
|
uint32_t skew, _getdns_rrset *keyset, _getdns_rrset *rrset)
|
||||||
{
|
{
|
||||||
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
||||||
const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */
|
const uint8_t *nc_name; /* Initialized by dnskey_signed_rrset() */
|
||||||
|
@ -1827,7 +1829,7 @@ static int a_key_signed_rrset(struct mem_funcs *mf, time_t now, uint32_t skew,
|
||||||
/* Returns whether a DS in ds_set matches a dnskey in dnskey_set which in turn
|
/* Returns whether a DS in ds_set matches a dnskey in dnskey_set which in turn
|
||||||
* signed the dnskey set.
|
* signed the dnskey set.
|
||||||
*/
|
*/
|
||||||
static int ds_authenticates_keys(struct mem_funcs *mf,
|
static int ds_authenticates_keys(const struct mem_funcs *mf,
|
||||||
time_t now, uint32_t skew, _getdns_rrset *ds_set, _getdns_rrset *dnskey_set)
|
time_t now, uint32_t skew, _getdns_rrset *ds_set, _getdns_rrset *dnskey_set)
|
||||||
{
|
{
|
||||||
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
_getdns_rrtype_iter dnskey_spc, *dnskey;
|
||||||
|
@ -2112,8 +2114,8 @@ static int nsec3_covers_name(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static int find_nsec_covering_name(
|
static int find_nsec_covering_name(const struct mem_funcs *mf, time_t now,
|
||||||
struct mem_funcs *mf, time_t now, uint32_t skew, _getdns_rrset *dnskey,
|
uint32_t skew, _getdns_rrset *dnskey,
|
||||||
_getdns_rrset *rrset, const uint8_t *name, int *opt_out)
|
_getdns_rrset *rrset, const uint8_t *name, int *opt_out)
|
||||||
{
|
{
|
||||||
_getdns_rrset_iter i_spc, *i;
|
_getdns_rrset_iter i_spc, *i;
|
||||||
|
@ -2215,7 +2217,7 @@ static int find_nsec_covering_name(
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nsec3_find_next_closer(
|
static int nsec3_find_next_closer(
|
||||||
struct mem_funcs *mf, time_t now, uint32_t skew,
|
const struct mem_funcs *mf, time_t now, uint32_t skew,
|
||||||
_getdns_rrset *dnskey, _getdns_rrset *rrset,
|
_getdns_rrset *dnskey, _getdns_rrset *rrset,
|
||||||
const uint8_t *nc_name, int *opt_out)
|
const uint8_t *nc_name, int *opt_out)
|
||||||
{
|
{
|
||||||
|
@ -2267,7 +2269,7 @@ static int nsec3_find_next_closer(
|
||||||
* verifying key: it returns keytag + NSEC3_ITERATION_COUNT_HIGH (0x20000)
|
* verifying key: it returns keytag + NSEC3_ITERATION_COUNT_HIGH (0x20000)
|
||||||
*/
|
*/
|
||||||
static int key_proves_nonexistance(
|
static int key_proves_nonexistance(
|
||||||
struct mem_funcs *mf, time_t now, uint32_t skew,
|
const struct mem_funcs *mf, time_t now, uint32_t skew,
|
||||||
_getdns_rrset *keyset, _getdns_rrset *rrset, int *opt_out)
|
_getdns_rrset *keyset, _getdns_rrset *rrset, int *opt_out)
|
||||||
{
|
{
|
||||||
_getdns_rrset nsec_rrset, *cover, *ce;
|
_getdns_rrset nsec_rrset, *cover, *ce;
|
||||||
|
@ -2571,7 +2573,7 @@ static int key_proves_nonexistance(
|
||||||
* non-existence of a DS along the path is proofed, and SECURE otherwise.
|
* non-existence of a DS along the path is proofed, and SECURE otherwise.
|
||||||
*/
|
*/
|
||||||
static int chain_node_get_trusted_keys(
|
static int chain_node_get_trusted_keys(
|
||||||
struct mem_funcs *mf, time_t now, uint32_t skew,
|
const struct mem_funcs *mf, time_t now, uint32_t skew,
|
||||||
chain_node *node, _getdns_rrset *ta, _getdns_rrset **keys)
|
chain_node *node, _getdns_rrset *ta, _getdns_rrset **keys)
|
||||||
{
|
{
|
||||||
int s, keytag;
|
int s, keytag;
|
||||||
|
@ -2714,7 +2716,7 @@ static int chain_node_get_trusted_keys(
|
||||||
* For this first a secure keyset is looked up, with which the keyset is
|
* For this first a secure keyset is looked up, with which the keyset is
|
||||||
* evaluated.
|
* evaluated.
|
||||||
*/
|
*/
|
||||||
static int chain_head_validate_with_ta(struct mem_funcs *mf,
|
static int chain_head_validate_with_ta(const struct mem_funcs *mf,
|
||||||
time_t now, uint32_t skew, chain_head *head, _getdns_rrset *ta)
|
time_t now, uint32_t skew, chain_head *head, _getdns_rrset *ta)
|
||||||
{
|
{
|
||||||
_getdns_rrset *keys;
|
_getdns_rrset *keys;
|
||||||
|
@ -2801,8 +2803,8 @@ static int chain_head_validate_with_ta(struct mem_funcs *mf,
|
||||||
/* The DNSSEC status of the rrset in head is evaluated by trying the trust
|
/* The DNSSEC status of the rrset in head is evaluated by trying the trust
|
||||||
* anchors in tas in turn. The best outcome counts.
|
* anchors in tas in turn. The best outcome counts.
|
||||||
*/
|
*/
|
||||||
static int chain_head_validate(struct mem_funcs *mf, time_t now, uint32_t skew,
|
static int chain_head_validate(const struct mem_funcs *mf, time_t now,
|
||||||
chain_head *head, _getdns_rrset_iter *tas)
|
uint32_t skew, chain_head *head, _getdns_rrset_iter *tas)
|
||||||
{
|
{
|
||||||
_getdns_rrset_iter *i;
|
_getdns_rrset_iter *i;
|
||||||
_getdns_rrset *ta, dnskey_ta, ds_ta;
|
_getdns_rrset *ta, dnskey_ta, ds_ta;
|
||||||
|
@ -2951,7 +2953,7 @@ static void chain_clear_netreq_dnssec_status(chain_head *chain)
|
||||||
* processing each head in turn. The worst outcome is the dnssec status for
|
* processing each head in turn. The worst outcome is the dnssec status for
|
||||||
* the whole.
|
* the whole.
|
||||||
*/
|
*/
|
||||||
static int chain_validate_dnssec(struct mem_funcs *mf,
|
static int chain_validate_dnssec(const struct mem_funcs *mf,
|
||||||
time_t now, uint32_t skew, chain_head *chain, _getdns_rrset_iter *tas)
|
time_t now, uint32_t skew, chain_head *chain, _getdns_rrset_iter *tas)
|
||||||
{
|
{
|
||||||
int s = GETDNS_DNSSEC_INDETERMINATE, t;
|
int s = GETDNS_DNSSEC_INDETERMINATE, t;
|
||||||
|
@ -3287,7 +3289,6 @@ static void check_chain_complete(chain_head *chain)
|
||||||
|
|
||||||
} else if (_getdns_bogus(dnsreq)) {
|
} else if (_getdns_bogus(dnsreq)) {
|
||||||
_getdns_rrsig_iter rrsig_spc;
|
_getdns_rrsig_iter rrsig_spc;
|
||||||
DEBUG_ANCHOR("Request was bogus!\n");
|
|
||||||
|
|
||||||
if ((head = chain) && (node = _to_the_root(head->parent))
|
if ((head = chain) && (node = _to_the_root(head->parent))
|
||||||
/* The root DNSKEY rrset */
|
/* The root DNSKEY rrset */
|
||||||
|
@ -3300,7 +3301,9 @@ static void check_chain_complete(chain_head *chain)
|
||||||
&& _getdns_rrsig_iter_init(&rrsig_spc, &node->dnskey)
|
&& _getdns_rrsig_iter_init(&rrsig_spc, &node->dnskey)
|
||||||
){
|
){
|
||||||
|
|
||||||
DEBUG_ANCHOR("root DNSKEY set was bogus!\n");
|
_getdns_log( &context->log
|
||||||
|
, GETDNS_LOG_SYS_ANCHOR, GETDNS_LOG_NOTICE
|
||||||
|
, "root DNSKEY set was bogus!\n");
|
||||||
if (!dnsreq->waiting_for_ta) {
|
if (!dnsreq->waiting_for_ta) {
|
||||||
uint64_t now_ms = 0;
|
uint64_t now_ms = 0;
|
||||||
|
|
||||||
|
@ -3606,7 +3609,7 @@ void _getdns_get_validation_chain(getdns_dns_req *dnsreq)
|
||||||
*****************************************************************************/
|
*****************************************************************************/
|
||||||
|
|
||||||
|
|
||||||
static int wire_validate_dnssec(struct mem_funcs *mf,
|
static int wire_validate_dnssec(const struct mem_funcs *mf,
|
||||||
time_t now, uint32_t skew, uint8_t *to_val, size_t to_val_len,
|
time_t now, uint32_t skew, uint8_t *to_val, size_t to_val_len,
|
||||||
uint8_t *support, size_t support_len, uint8_t *tas, size_t tas_len)
|
uint8_t *support, size_t support_len, uint8_t *tas, size_t tas_len)
|
||||||
{
|
{
|
||||||
|
@ -3688,9 +3691,9 @@ static int wire_validate_dnssec(struct mem_funcs *mf,
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_validate_dnssec2(getdns_list *records_to_validate,
|
getdns_validate_dnssec2(const getdns_list *records_to_validate,
|
||||||
getdns_list *support_records,
|
const getdns_list *support_records,
|
||||||
getdns_list *trust_anchors,
|
const getdns_list *trust_anchors,
|
||||||
time_t now, uint32_t skew)
|
time_t now, uint32_t skew)
|
||||||
{
|
{
|
||||||
uint8_t to_val_buf[4096], *to_val,
|
uint8_t to_val_buf[4096], *to_val,
|
||||||
|
@ -3702,7 +3705,7 @@ getdns_validate_dnssec2(getdns_list *records_to_validate,
|
||||||
tas_len = sizeof(tas_buf);
|
tas_len = sizeof(tas_buf);
|
||||||
|
|
||||||
int r = GETDNS_RETURN_MEMORY_ERROR;
|
int r = GETDNS_RETURN_MEMORY_ERROR;
|
||||||
struct mem_funcs *mf;
|
const struct mem_funcs *mf;
|
||||||
|
|
||||||
size_t i;
|
size_t i;
|
||||||
getdns_dict *reply;
|
getdns_dict *reply;
|
||||||
|
@ -3783,9 +3786,9 @@ exit_free_support:
|
||||||
|
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_validate_dnssec(getdns_list *records_to_validate,
|
getdns_validate_dnssec(const getdns_list *records_to_validate,
|
||||||
getdns_list *support_records,
|
const getdns_list *support_records,
|
||||||
getdns_list *trust_anchors)
|
const getdns_list *trust_anchors)
|
||||||
{
|
{
|
||||||
return getdns_validate_dnssec2(records_to_validate, support_records,
|
return getdns_validate_dnssec2(records_to_validate, support_records,
|
||||||
trust_anchors, time(NULL), 0);
|
trust_anchors, time(NULL), 0);
|
||||||
|
|
|
@ -243,7 +243,6 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
|
||||||
#if defined(REQ_DEBUG) && REQ_DEBUG
|
#if defined(REQ_DEBUG) && REQ_DEBUG
|
||||||
debug_req("getting validation chain for ", *dns_req->netreqs);
|
debug_req("getting validation chain for ", *dns_req->netreqs);
|
||||||
#endif
|
#endif
|
||||||
DEBUG_ANCHOR("Valchain lookup\n");
|
|
||||||
_getdns_get_validation_chain(dns_req);
|
_getdns_get_validation_chain(dns_req);
|
||||||
} else
|
} else
|
||||||
_getdns_call_user_callback(
|
_getdns_call_user_callback(
|
||||||
|
|
|
@ -416,6 +416,7 @@ typedef enum getdns_callback_type_t {
|
||||||
#define GETDNS_RRTYPE_CDNSKEY 60
|
#define GETDNS_RRTYPE_CDNSKEY 60
|
||||||
#define GETDNS_RRTYPE_OPENPGPKEY 61
|
#define GETDNS_RRTYPE_OPENPGPKEY 61
|
||||||
#define GETDNS_RRTYPE_CSYNC 62
|
#define GETDNS_RRTYPE_CSYNC 62
|
||||||
|
#define GETDNS_RRTYPE_ZONEMD 63
|
||||||
#define GETDNS_RRTYPE_SPF 99
|
#define GETDNS_RRTYPE_SPF 99
|
||||||
#define GETDNS_RRTYPE_UINFO 100
|
#define GETDNS_RRTYPE_UINFO 100
|
||||||
#define GETDNS_RRTYPE_UID 101
|
#define GETDNS_RRTYPE_UID 101
|
||||||
|
@ -743,7 +744,7 @@ getdns_list *getdns_list_create();
|
||||||
* used to create and initialize the list.
|
* used to create and initialize the list.
|
||||||
* @return pointer to an allocated list, NULL if insufficient memory
|
* @return pointer to an allocated list, NULL if insufficient memory
|
||||||
*/
|
*/
|
||||||
getdns_list *getdns_list_create_with_context(getdns_context *context);
|
getdns_list *getdns_list_create_with_context(const getdns_context *context);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* create a new list with no items, creating and initializing it with the
|
* create a new list with no items, creating and initializing it with the
|
||||||
|
@ -863,7 +864,7 @@ getdns_dict *getdns_dict_create();
|
||||||
* used to create and initialize the dict.
|
* used to create and initialize the dict.
|
||||||
* @return pointer to an allocated dict, NULL if insufficient memory
|
* @return pointer to an allocated dict, NULL if insufficient memory
|
||||||
*/
|
*/
|
||||||
getdns_dict *getdns_dict_create_with_context(getdns_context *context);
|
getdns_dict *getdns_dict_create_with_context(const getdns_context *context);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* create a new dict with no items, creating and initializing it with the
|
* create a new dict with no items, creating and initializing it with the
|
||||||
|
@ -1341,9 +1342,8 @@ char *getdns_convert_alabel_to_ulabel(const char *alabel);
|
||||||
* depending on the validation status.
|
* depending on the validation status.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_validate_dnssec(getdns_list *to_validate,
|
getdns_validate_dnssec(const getdns_list *to_validate,
|
||||||
getdns_list *support_records,
|
const getdns_list *support_records, const getdns_list *trust_anchors);
|
||||||
getdns_list *trust_anchors);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the default list of trust anchor records that is used by the library
|
* Get the default list of trust anchor records that is used by the library
|
||||||
|
@ -1816,7 +1816,7 @@ getdns_context_set_extended_memory_functions(getdns_context *context,
|
||||||
* object with getdns_dict_destroy.
|
* object with getdns_dict_destroy.
|
||||||
*/
|
*/
|
||||||
getdns_dict*
|
getdns_dict*
|
||||||
getdns_context_get_api_information(getdns_context* context);
|
getdns_context_get_api_information(const getdns_context *context);
|
||||||
|
|
||||||
/** @}
|
/** @}
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -377,7 +377,7 @@ getdns_context_set_eventloop(getdns_context* context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or evenloop were NULL
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or evenloop were NULL
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_eventloop(getdns_context* context,
|
getdns_context_get_eventloop(const getdns_context *context,
|
||||||
getdns_eventloop **eventloop);
|
getdns_eventloop **eventloop);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -557,8 +557,18 @@ typedef enum getdns_loglevel_type {
|
||||||
#define GETDNS_LOG_INFO_TEXT "Informational message"
|
#define GETDNS_LOG_INFO_TEXT "Informational message"
|
||||||
#define GETDNS_LOG_DEBUG_TEXT "Debug-level message"
|
#define GETDNS_LOG_DEBUG_TEXT "Debug-level message"
|
||||||
|
|
||||||
#define GETDNS_LOG_UPSTREAM_STATS 4096
|
#define GETDNS_LOG_UPSTREAM_STATS 0x3000
|
||||||
#define GETDNS_LOG_UPSTREAM_STATS_TEXT "Log messages about upstream statistics"
|
#define GETDNS_LOG_UPSTREAM_STATS_TEXT "Log messages about upstream statistics"
|
||||||
|
#define GETDNS_LOG_SYS_STUB 0x2000
|
||||||
|
#define GETDNS_LOG_SYS_STUB_TEXT "Log messages about stub resolving"
|
||||||
|
#define GETDNS_LOG_SYS_RECURSING 0x4000
|
||||||
|
#define GETDNS_LOG_SYS_RECURSING_TEXT "Log messages about recursive resolving"
|
||||||
|
#define GETDNS_LOG_SYS_RESOLVING 0x6000
|
||||||
|
#define GETDNS_LOG_SYS_RESOLVING_TEXT "Log messages about resolving"
|
||||||
|
#define GETDNS_LOG_SYS_ANCHOR 0x8000
|
||||||
|
#define GETDNS_LOG_SYS_ANCHOR_TEXT "Log messages about fetching trust anchors"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
|
typedef void (*getdns_logfunc_type) (void *userarg, uint64_t log_systems,
|
||||||
getdns_loglevel_type, const char *, va_list ap);
|
getdns_loglevel_type, const char *, va_list ap);
|
||||||
|
@ -847,7 +857,7 @@ getdns_context_set_tls_min_version(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_min_version(
|
getdns_context_get_tls_min_version(
|
||||||
getdns_context *context, getdns_tls_version_t *min_version);
|
const getdns_context *context, getdns_tls_version_t *min_version);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Configure context for maximum supported TLS version.
|
* Configure context for maximum supported TLS version.
|
||||||
|
@ -877,7 +887,7 @@ getdns_context_set_tls_max_version(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_max_version(
|
getdns_context_get_tls_max_version(
|
||||||
getdns_context *context, getdns_tls_version_t *max_version);
|
const getdns_context *context, getdns_tls_version_t *max_version);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the current resolution type setting from this context.
|
* Get the current resolution type setting from this context.
|
||||||
|
@ -890,7 +900,7 @@ getdns_context_get_tls_max_version(
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_resolution_type(getdns_context *context,
|
getdns_context_get_resolution_type(const getdns_context *context,
|
||||||
getdns_resolution_t *value);
|
getdns_resolution_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -905,7 +915,7 @@ getdns_context_get_resolution_type(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_namespaces(getdns_context *context,
|
getdns_context_get_namespaces(const getdns_context *context,
|
||||||
size_t *namespace_count, getdns_namespace_t **namespaces);
|
size_t *namespace_count, getdns_namespace_t **namespaces);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -919,7 +929,7 @@ getdns_context_get_namespaces(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_dns_transport(getdns_context *context,
|
getdns_context_get_dns_transport(const getdns_context *context,
|
||||||
getdns_transport_t *value);
|
getdns_transport_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -935,7 +945,7 @@ getdns_context_get_dns_transport(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when any of the arguments was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_dns_transport_list(getdns_context *context,
|
getdns_context_get_dns_transport_list(const getdns_context *context,
|
||||||
size_t *transport_count, getdns_transport_list_t **transports);
|
size_t *transport_count, getdns_transport_list_t **transports);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -947,7 +957,7 @@ getdns_context_get_dns_transport_list(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_limit_outstanding_queries(getdns_context *context,
|
getdns_context_get_limit_outstanding_queries(const getdns_context *context,
|
||||||
uint16_t *limit);
|
uint16_t *limit);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -961,7 +971,7 @@ getdns_context_get_limit_outstanding_queries(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or limit was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_timeout(getdns_context *context, uint64_t* timeout);
|
getdns_context_get_timeout(const getdns_context *context, uint64_t *timeout);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the current number of milliseconds the API will leave an idle TCP or TLS
|
* Get the current number of milliseconds the API will leave an idle TCP or TLS
|
||||||
|
@ -975,7 +985,8 @@ getdns_context_get_timeout(getdns_context *context, uint64_t* timeout);
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or timeout was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or timeout was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_idle_timeout(getdns_context *context, uint64_t* timeout);
|
getdns_context_get_idle_timeout(
|
||||||
|
const getdns_context *context, uint64_t *timeout);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the setting that says whether or not DNS queries follow redirects.
|
* Get the setting that says whether or not DNS queries follow redirects.
|
||||||
|
@ -987,7 +998,7 @@ getdns_context_get_idle_timeout(getdns_context *context, uint64_t* timeout);
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_follow_redirects(getdns_context *context,
|
getdns_context_get_follow_redirects(const getdns_context *context,
|
||||||
getdns_redirects_t *value);
|
getdns_redirects_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1005,7 +1016,7 @@ getdns_context_get_follow_redirects(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_dns_root_servers(getdns_context *context,
|
getdns_context_get_dns_root_servers(const getdns_context *context,
|
||||||
getdns_list **addresses);
|
getdns_list **addresses);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1023,7 +1034,7 @@ getdns_context_get_dns_root_servers(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_append_name(getdns_context *context,
|
getdns_context_get_append_name(const getdns_context *context,
|
||||||
getdns_append_name_t *value);
|
getdns_append_name_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1040,7 +1051,7 @@ getdns_context_get_append_name(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_suffix(getdns_context *context, getdns_list **value);
|
getdns_context_get_suffix(const getdns_context *context, getdns_list **value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get a copy of the list of DNSSEC trust anchors in use by context.
|
* Get a copy of the list of DNSSEC trust anchors in use by context.
|
||||||
|
@ -1055,7 +1066,7 @@ getdns_context_get_suffix(getdns_context *context, getdns_list **value);
|
||||||
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_dnssec_trust_anchors(getdns_context *context,
|
getdns_context_get_dnssec_trust_anchors(const getdns_context *context,
|
||||||
getdns_list **value);
|
getdns_list **value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1069,7 +1080,7 @@ getdns_context_get_dnssec_trust_anchors(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_dnssec_allowed_skew(getdns_context *context,
|
getdns_context_get_dnssec_allowed_skew(const getdns_context *context,
|
||||||
uint32_t *value);
|
uint32_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1086,7 +1097,7 @@ getdns_context_get_dnssec_allowed_skew(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_upstream_recursive_servers(getdns_context *context,
|
getdns_context_get_upstream_recursive_servers(const getdns_context *context,
|
||||||
getdns_list **upstream_list);
|
getdns_list **upstream_list);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1101,7 +1112,7 @@ getdns_context_get_upstream_recursive_servers(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
|
getdns_context_get_edns_maximum_udp_payload_size(const getdns_context *context,
|
||||||
uint16_t *value);
|
uint16_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1113,7 +1124,7 @@ getdns_context_get_edns_maximum_udp_payload_size(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_edns_extended_rcode(getdns_context *context,
|
getdns_context_get_edns_extended_rcode(const getdns_context *context,
|
||||||
uint8_t *value);
|
uint8_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1125,7 +1136,7 @@ getdns_context_get_edns_extended_rcode(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_edns_version(getdns_context *context, uint8_t* value);
|
getdns_context_get_edns_version(const getdns_context *context, uint8_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the DO bit advertised in an EDNS0 OPT record setting from context
|
* Get the DO bit advertised in an EDNS0 OPT record setting from context
|
||||||
|
@ -1137,7 +1148,7 @@ getdns_context_get_edns_version(getdns_context *context, uint8_t* value);
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_edns_do_bit(getdns_context *context, uint8_t* value);
|
getdns_context_get_edns_do_bit(const getdns_context *context, uint8_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get whether queries with this context will have the EDNS Client Subnet
|
* Get whether queries with this context will have the EDNS Client Subnet
|
||||||
|
@ -1150,7 +1161,8 @@ getdns_context_get_edns_do_bit(getdns_context *context, uint8_t* value);
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_edns_client_subnet_private(getdns_context *context, uint8_t* value);
|
getdns_context_get_edns_client_subnet_private(const getdns_context *context,
|
||||||
|
uint8_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the blocksize that will be used to pad outgoing queries over TLS.
|
* Get the blocksize that will be used to pad outgoing queries over TLS.
|
||||||
|
@ -1162,7 +1174,8 @@ getdns_context_get_edns_client_subnet_private(getdns_context *context, uint8_t*
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_query_padding_blocksize(getdns_context *context, uint16_t* value);
|
getdns_context_get_tls_query_padding_blocksize(
|
||||||
|
const getdns_context *context, uint16_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get whether the upstream needs to be authenticated with DNS over TLS.
|
* Get whether the upstream needs to be authenticated with DNS over TLS.
|
||||||
|
@ -1180,7 +1193,7 @@ getdns_context_get_tls_query_padding_blocksize(getdns_context *context, uint16_t
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_authentication(getdns_context *context,
|
getdns_context_get_tls_authentication(const getdns_context *context,
|
||||||
getdns_tls_authentication_t *value);
|
getdns_tls_authentication_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1193,7 +1206,7 @@ getdns_context_get_tls_authentication(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_round_robin_upstreams(getdns_context *context,
|
getdns_context_get_round_robin_upstreams(const getdns_context *context,
|
||||||
uint8_t *value);
|
uint8_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1208,7 +1221,7 @@ getdns_context_get_round_robin_upstreams(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_backoff_time(getdns_context *context,
|
getdns_context_get_tls_backoff_time(const getdns_context *context,
|
||||||
uint16_t *value);
|
uint16_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1223,7 +1236,7 @@ getdns_context_get_tls_backoff_time(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context or value was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_connection_retries(getdns_context *context,
|
getdns_context_get_tls_connection_retries(const getdns_context *context,
|
||||||
uint16_t *value);
|
uint16_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -1241,7 +1254,8 @@ getdns_context_get_tls_connection_retries(getdns_context *context,
|
||||||
* @return GETDNS_RETURN_GOOD on success or an error code on failure.
|
* @return GETDNS_RETURN_GOOD on success or an error code on failure.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_update_callback(getdns_context *context, void **userarg,
|
getdns_context_get_update_callback(const getdns_context *context,
|
||||||
|
void **userarg,
|
||||||
void (**value) (getdns_context *, getdns_context_code_t, void *));
|
void (**value) (getdns_context *, getdns_context_code_t, void *));
|
||||||
|
|
||||||
|
|
||||||
|
@ -1295,7 +1309,7 @@ getdns_context_get_update_callback(getdns_context *context, void **userarg,
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_trust_anchors_url(
|
getdns_context_get_trust_anchors_url(
|
||||||
getdns_context *context, const char **url);
|
const getdns_context *context, const char **url);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the public certificate for the Certificate Authority with which to
|
* Gets the public certificate for the Certificate Authority with which to
|
||||||
|
@ -1314,7 +1328,7 @@ getdns_context_get_trust_anchors_url(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_trust_anchors_verify_CA(
|
getdns_context_get_trust_anchors_verify_CA(
|
||||||
getdns_context *context, const char **verify_CA);
|
const getdns_context *context, const char **verify_CA);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Gets the email address for the Subject of the signer's certificate from the
|
* Gets the email address for the Subject of the signer's certificate from the
|
||||||
|
@ -1331,7 +1345,7 @@ getdns_context_get_trust_anchors_verify_CA(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_trust_anchors_verify_email(
|
getdns_context_get_trust_anchors_verify_email(
|
||||||
getdns_context *context, const char **verify_email);
|
const getdns_context *context, const char **verify_email);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the amount of milliseconds the trust anchors will not be tried to be
|
* Get the amount of milliseconds the trust anchors will not be tried to be
|
||||||
|
@ -1345,7 +1359,7 @@ getdns_context_get_trust_anchors_verify_email(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_trust_anchors_backoff_time(
|
getdns_context_get_trust_anchors_backoff_time(
|
||||||
getdns_context *context, uint64_t *value);
|
const getdns_context *context, uint64_t *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the value with which the context's upstream recursive servers
|
* Get the value with which the context's upstream recursive servers
|
||||||
|
@ -1358,7 +1372,8 @@ getdns_context_get_trust_anchors_backoff_time(
|
||||||
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
|
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_resolvconf(getdns_context *context, const char **resolvconf);
|
getdns_context_get_resolvconf(
|
||||||
|
const getdns_context *context, const char **resolvconf);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the value with which the context's GETDNS_NAMESPACE_LOCALNAMES namespace
|
* Get the value with which the context's GETDNS_NAMESPACE_LOCALNAMES namespace
|
||||||
|
@ -1371,7 +1386,8 @@ getdns_context_get_resolvconf(getdns_context *context, const char **resolvconf);
|
||||||
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
|
* @return GETDNS_RETURN_GOOD when successful and error code otherwise.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_hosts(getdns_context *context, const char **hosts);
|
getdns_context_get_hosts(
|
||||||
|
const getdns_context *context, const char **hosts);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the location of the directory for CA certificates for verification
|
* Get the location of the directory for CA certificates for verification
|
||||||
|
@ -1385,7 +1401,8 @@ getdns_context_get_hosts(getdns_context *context, const char **hosts);
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path);
|
getdns_context_get_tls_ca_path(
|
||||||
|
const getdns_context *context, const char **tls_ca_path);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the file location with CA certificates for verification purposes.
|
* Get the file location with CA certificates for verification purposes.
|
||||||
|
@ -1398,7 +1415,8 @@ getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path
|
||||||
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file);
|
getdns_context_get_tls_ca_file(
|
||||||
|
const getdns_context *context, const char **tls_ca_file);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the list of available ciphers for authenticated TLS upstreams.
|
* Get the list of available ciphers for authenticated TLS upstreams.
|
||||||
|
@ -1410,7 +1428,7 @@ getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_cipher_list(
|
getdns_context_get_tls_cipher_list(
|
||||||
getdns_context *context, const char **cipher_list);
|
const getdns_context *context, const char **cipher_list);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the configured available TLS1.3 ciphersuited for authenticated TLS
|
* Get the configured available TLS1.3 ciphersuited for authenticated TLS
|
||||||
|
@ -1423,7 +1441,7 @@ getdns_context_get_tls_cipher_list(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_ciphersuites(
|
getdns_context_get_tls_ciphersuites(
|
||||||
getdns_context *context, const char **ciphersuites);
|
const getdns_context *context, const char **ciphersuites);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the supported curves list if one has been set earlier.
|
* Get the supported curves list if one has been set earlier.
|
||||||
|
@ -1438,7 +1456,7 @@ getdns_context_get_tls_ciphersuites(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_context_get_tls_curves_list(
|
getdns_context_get_tls_curves_list(
|
||||||
getdns_context *context, const char **curves_list);
|
const getdns_context *context, const char **curves_list);
|
||||||
|
|
||||||
/** @}
|
/** @}
|
||||||
*/
|
*/
|
||||||
|
@ -1526,7 +1544,8 @@ const char *getdns_get_errorstr_by_id(uint16_t err);
|
||||||
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
* @return GETDNS_RETURN_MEMORY_ERROR when the copy could not be allocated
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value);
|
getdns_dict_util_set_string(
|
||||||
|
getdns_dict *dict, const char *name, const char *value);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the string associated with the speicifed name. The string should not
|
* Get the string associated with the speicifed name. The string should not
|
||||||
|
@ -1539,7 +1558,8 @@ getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value);
|
||||||
* @return GETDNS_RETURN_NO_SUCH_DICT_NAME if dict is invalid or name does not exist
|
* @return GETDNS_RETURN_NO_SUCH_DICT_NAME if dict is invalid or name does not exist
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result);
|
getdns_dict_util_get_string(
|
||||||
|
const getdns_dict * dict, const char *name, char **result);
|
||||||
|
|
||||||
/** @}
|
/** @}
|
||||||
*/
|
*/
|
||||||
|
@ -1580,9 +1600,9 @@ getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result);
|
||||||
* return code.
|
* return code.
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_validate_dnssec2(getdns_list *to_validate,
|
getdns_validate_dnssec2(const getdns_list *to_validate,
|
||||||
getdns_list *support_records,
|
const getdns_list *support_records,
|
||||||
getdns_list *trust_anchors,
|
const getdns_list *trust_anchors,
|
||||||
time_t validation_time, uint32_t skew);
|
time_t validation_time, uint32_t skew);
|
||||||
|
|
||||||
|
|
||||||
|
@ -1626,7 +1646,7 @@ getdns_validate_dnssec2(getdns_list *to_validate,
|
||||||
* @return a dict created from ctx, or NULL if the string did not match.
|
* @return a dict created from ctx, or NULL if the string did not match.
|
||||||
*/
|
*/
|
||||||
getdns_dict *getdns_pubkey_pin_create_from_string(
|
getdns_dict *getdns_pubkey_pin_create_from_string(
|
||||||
getdns_context* context,
|
const getdns_context *context,
|
||||||
const char *str);
|
const char *str);
|
||||||
|
|
||||||
|
|
||||||
|
@ -2293,7 +2313,7 @@ getdns_context_set_listen_addresses(
|
||||||
*/
|
*/
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_reply(getdns_context *context,
|
getdns_reply(getdns_context *context,
|
||||||
getdns_dict *reply, getdns_transaction_t request_id);
|
const getdns_dict *reply, getdns_transaction_t request_id);
|
||||||
|
|
||||||
|
|
||||||
/** @}
|
/** @}
|
||||||
|
@ -2325,7 +2345,7 @@ getdns_return_t getdns_context_process_async(getdns_context* context);
|
||||||
* WARNING! Do not use this function. This function will be removed in
|
* WARNING! Do not use this function. This function will be removed in
|
||||||
* future versions of getdns.
|
* future versions of getdns.
|
||||||
*/
|
*/
|
||||||
uint32_t getdns_context_get_num_pending_requests(getdns_context* context,
|
uint32_t getdns_context_get_num_pending_requests(const getdns_context *context,
|
||||||
struct timeval *next_timeout);
|
struct timeval *next_timeout);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -150,6 +150,9 @@ static const gldns_rdf_type type_openpgpkey_wireformat[] = {
|
||||||
static const gldns_rdf_type type_csync_wireformat[] = {
|
static const gldns_rdf_type type_csync_wireformat[] = {
|
||||||
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_NSEC
|
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_NSEC
|
||||||
};
|
};
|
||||||
|
static const gldns_rdf_type type_zonemd_wireformat[] = {
|
||||||
|
GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_HEX
|
||||||
|
};
|
||||||
/* nsec3 is some vars, followed by same type of data of nsec */
|
/* nsec3 is some vars, followed by same type of data of nsec */
|
||||||
static const gldns_rdf_type type_nsec3_wireformat[] = {
|
static const gldns_rdf_type type_nsec3_wireformat[] = {
|
||||||
/* GLDNS_RDF_TYPE_NSEC3_VARS, GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER, GLDNS_RDF_TYPE_NSEC*/
|
/* GLDNS_RDF_TYPE_NSEC3_VARS, GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER, GLDNS_RDF_TYPE_NSEC*/
|
||||||
|
@ -372,7 +375,8 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
|
||||||
{GLDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
{GLDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
/* 62 */
|
/* 62 */
|
||||||
{GLDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
{GLDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
{GLDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
/* 63 */
|
||||||
|
{GLDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
{GLDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
{GLDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
{GLDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
{GLDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
{GLDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
{GLDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
|
||||||
|
|
|
@ -195,6 +195,7 @@ enum gldns_enum_rr_type
|
||||||
GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
|
GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
|
||||||
GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
|
GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
|
||||||
GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
|
GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
|
||||||
|
GLDNS_RR_TYPE_ZONEMD = 63, /* draft-wessels-dns-zone-digest */
|
||||||
|
|
||||||
GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
|
||||||
|
|
||||||
|
|
|
@ -418,7 +418,7 @@ getdns_list_create_with_memory_functions(void *(*malloc)(size_t),
|
||||||
|
|
||||||
/*-------------------------- getdns_list_create_with_context */
|
/*-------------------------- getdns_list_create_with_context */
|
||||||
struct getdns_list *
|
struct getdns_list *
|
||||||
getdns_list_create_with_context(struct getdns_context *context)
|
getdns_list_create_with_context(const getdns_context *context)
|
||||||
{
|
{
|
||||||
if (context)
|
if (context)
|
||||||
return getdns_list_create_with_extended_memory_functions(
|
return getdns_list_create_with_extended_memory_functions(
|
||||||
|
|
|
@ -14,7 +14,7 @@ cat > const-info.c << END_OF_HEAD
|
||||||
static struct const_info consts_info[] = {
|
static struct const_info consts_info[] = {
|
||||||
{ -1, NULL, "/* <unknown getdns value> */" },
|
{ -1, NULL, "/* <unknown getdns value> */" },
|
||||||
END_OF_HEAD
|
END_OF_HEAD
|
||||||
gawk '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z0-9_]+[ ]+[0-9]+/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
|
gawk --non-decimal-data '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%7d", $3); consts[key] = $1; }/^#define GETDNS_[A-Z0-9_]+[ ]+(0[xX][0-9a-fA-F]+|[0-9]+)/ && !/^#define GETDNS_RRTYPE/ && !/^#define GETDNS_RRCLASS/ && !/^#define GETDNS_OPCODE/ && !/^#define GETDNS_RCODE/ && !/_TEXT/{ key = sprintf("%7d", $3); consts[key] = $2; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%7d", $4); consts[key] = $2; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ "val", \""name"\", "name"_TEXT },"}}' getdns/getdns_extra.h.in getdns/getdns.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
|
||||||
cat >> const-info.c << END_OF_TAIL
|
cat >> const-info.c << END_OF_TAIL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -49,7 +49,7 @@ getdns_get_errorstr_by_id(uint16_t err)
|
||||||
|
|
||||||
static struct const_name_info consts_name_info[] = {
|
static struct const_name_info consts_name_info[] = {
|
||||||
END_OF_TAIL
|
END_OF_TAIL
|
||||||
gawk '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%d", $3); consts[$1] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+[0-9]+/ && !/_TEXT/{ key = sprintf("%d", $3); consts[$2] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%d", $4); consts[$2] = key; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ \""val"\", "name" },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
|
gawk --non-decimal-data '/^[ ]+GETDNS_[A-Z0-9_]+[ ]+=[ ]+[0-9]+/{ key = sprintf("%d", $3); consts[$1] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+(0[xX][0-9a-fA-F]+|[0-9]+)/ && !/_TEXT/{ key = sprintf("%d", $3); consts[$2] = key; }/^#define GETDNS_[A-Z0-9_]+[ ]+\(\(getdns_(return|append_name)_t) [0-9]+ \)/{ key = sprintf("%d", $4); consts[$2] = key; }END{ n = asorti(consts, const_vals); for ( i = 1; i <= n; i++) { val = const_vals[i]; name = consts[val]; print "\t{ \""val"\", "name" },"}}' getdns/getdns.h.in getdns/getdns_extra.h.in const-info.h| sed 's/,,/,/g' >> const-info.c
|
||||||
cat >> const-info.c << END_OF_TAIL
|
cat >> const-info.c << END_OF_TAIL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "context.h"
|
#include "context.h"
|
||||||
#include "util-internal.h"
|
#include "util-internal.h"
|
||||||
|
#include "gldns/parseutil.h"
|
||||||
|
|
||||||
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
|
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
|
||||||
#define X509_STORE_CTX_get0_untrusted(store) store->untrusted
|
#define X509_STORE_CTX_get0_untrusted(store) store->untrusted
|
||||||
|
@ -93,8 +94,7 @@ static const getdns_bindata sha256 = {
|
||||||
it is no longer needed.
|
it is no longer needed.
|
||||||
*/
|
*/
|
||||||
getdns_dict *getdns_pubkey_pin_create_from_string(
|
getdns_dict *getdns_pubkey_pin_create_from_string(
|
||||||
getdns_context* context,
|
const getdns_context *context, const char *str)
|
||||||
const char* str)
|
|
||||||
{
|
{
|
||||||
BIO *bio = NULL;
|
BIO *bio = NULL;
|
||||||
size_t i;
|
size_t i;
|
||||||
|
@ -270,7 +270,7 @@ _getdns_get_pubkey_pinset_from_list(const getdns_list *pinset_list,
|
||||||
}
|
}
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
_getdns_get_pubkey_pinset_list(getdns_context *ctx,
|
_getdns_get_pubkey_pinset_list(const getdns_context *ctx,
|
||||||
const sha256_pin_t *pinset_in,
|
const sha256_pin_t *pinset_in,
|
||||||
getdns_list **pinset_list)
|
getdns_list **pinset_list)
|
||||||
{
|
{
|
||||||
|
@ -378,19 +378,19 @@ _getdns_associate_upstream_with_SSL(SSL *ssl,
|
||||||
}
|
}
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
_getdns_verify_pinset_match(const sha256_pin_t *pinset,
|
_getdns_verify_pinset_match(const getdns_upstream *upstream,
|
||||||
X509_STORE_CTX *store)
|
const sha256_pin_t *pinset, X509_STORE_CTX *store)
|
||||||
{
|
{
|
||||||
getdns_return_t ret = GETDNS_RETURN_GENERIC_ERROR;
|
|
||||||
X509 *x, *prev = NULL;
|
X509 *x, *prev = NULL;
|
||||||
|
char x_name_spc[1024], *x_name, prev_name_spc[1024];
|
||||||
int i, len;
|
int i, len;
|
||||||
unsigned char raw[4096];
|
unsigned char raw[4096];
|
||||||
unsigned char *next;
|
unsigned char *next;
|
||||||
unsigned char buf[sizeof(pinset->pin)];
|
unsigned char buf[sizeof(pinset->pin)];
|
||||||
const sha256_pin_t *p;
|
const sha256_pin_t *p;
|
||||||
|
|
||||||
if (pinset == NULL || store == NULL)
|
assert(pinset);
|
||||||
return GETDNS_RETURN_GENERIC_ERROR;
|
assert(store);
|
||||||
|
|
||||||
/* start at the base of the chain (the end-entity cert) and
|
/* start at the base of the chain (the end-entity cert) and
|
||||||
* make sure that some valid element of the chain does match
|
* make sure that some valid element of the chain does match
|
||||||
|
@ -407,29 +407,74 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
|
||||||
|
|
||||||
/* TODO: how do we handle raw public keys? */
|
/* TODO: how do we handle raw public keys? */
|
||||||
|
|
||||||
for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++, prev = x) {
|
for ( i = 0
|
||||||
|
; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store))
|
||||||
|
; i++, prev = x) {
|
||||||
x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
|
x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
|
||||||
#if defined(STUB_DEBUG) && STUB_DEBUG
|
x_name = NULL;
|
||||||
DEBUG_STUB("%s %-35s: Name of cert: %d ",
|
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i);
|
if (upstream->upstreams
|
||||||
X509_NAME_print_ex_fp(stderr, X509_get_subject_name(x), 1, XN_FLAG_ONELINE);
|
&& _getdns_check_log(&upstream->upstreams->log,
|
||||||
fprintf(stderr, "\n");
|
GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG)) {
|
||||||
#endif
|
|
||||||
|
x_name = X509_NAME_oneline( X509_get_subject_name(x)
|
||||||
|
, x_name_spc
|
||||||
|
, sizeof(x_name_spc));
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG
|
||||||
|
, "%-40s : Verifying pinsets with cert: %d %s\n"
|
||||||
|
, upstream->addr_str, i, x_name);
|
||||||
|
}
|
||||||
if (i > 0) {
|
if (i > 0) {
|
||||||
/* we ensure that "prev" is signed by "x" */
|
/* we ensure that "prev" is signed by "x" */
|
||||||
EVP_PKEY *pkey = X509_get_pubkey(x);
|
EVP_PKEY *pkey = X509_get_pubkey(x);
|
||||||
int verified;
|
int verified;
|
||||||
|
|
||||||
if (!pkey) {
|
if (!pkey) {
|
||||||
DEBUG_STUB("%s %-35s: Could not get pubkey from cert %d (%p)\n",
|
if (!upstream->upstreams
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void*)x);
|
|| !_getdns_check_log(
|
||||||
|
&upstream->upstreams->log
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_ERR
|
||||||
|
))
|
||||||
|
return GETDNS_RETURN_GENERIC_ERROR;
|
||||||
|
|
||||||
|
if (!x_name)
|
||||||
|
x_name = X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(x)
|
||||||
|
, x_name_spc, sizeof(x_name_spc));
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
|
||||||
|
, "%-40s : Could not get pubkey from cert "
|
||||||
|
"cert: %d %s\n"
|
||||||
|
, upstream->addr_str, i, x_name);
|
||||||
return GETDNS_RETURN_GENERIC_ERROR;
|
return GETDNS_RETURN_GENERIC_ERROR;
|
||||||
}
|
}
|
||||||
verified = X509_verify(prev, pkey);
|
verified = X509_verify(prev, pkey);
|
||||||
EVP_PKEY_free(pkey);
|
EVP_PKEY_free(pkey);
|
||||||
if (!verified) {
|
if (!verified) {
|
||||||
DEBUG_STUB("%s %-35s: cert %d (%p) was not signed by cert %d\n",
|
if (!upstream->upstreams
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i-1, (void*)prev, i);
|
|| !_getdns_check_log(
|
||||||
|
&upstream->upstreams->log
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_ERR
|
||||||
|
))
|
||||||
|
return GETDNS_RETURN_GENERIC_ERROR;
|
||||||
|
|
||||||
|
if (!x_name)
|
||||||
|
x_name = X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(x)
|
||||||
|
, x_name_spc, sizeof(x_name_spc));
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
|
||||||
|
, "%-40s : Cert: %d %swas not signed "
|
||||||
|
"by cert %d %s\n", upstream->addr_str
|
||||||
|
, i - 1
|
||||||
|
, X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(prev)
|
||||||
|
, prev_name_spc
|
||||||
|
, sizeof(prev_name_spc) )
|
||||||
|
, i, x_name);
|
||||||
return GETDNS_RETURN_GENERIC_ERROR;
|
return GETDNS_RETURN_GENERIC_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -437,31 +482,85 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
|
||||||
/* digest the cert with sha256 */
|
/* digest the cert with sha256 */
|
||||||
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
|
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), NULL);
|
||||||
if (len > (int)sizeof(raw)) {
|
if (len > (int)sizeof(raw)) {
|
||||||
DEBUG_STUB("%s %-35s: Pubkey %d is larger than %"PRIsz" octets\n",
|
if (!upstream->upstreams
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i, sizeof(raw));
|
|| !_getdns_check_log( &upstream->upstreams->log
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_WARNING ))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (!x_name)
|
||||||
|
x_name = X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(x)
|
||||||
|
, x_name_spc, sizeof(x_name_spc));
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING
|
||||||
|
, "%-40s : Skipping cert %d %s, because pubkey is "
|
||||||
|
"larger than buffer size (%"PRIsz" octets)\n"
|
||||||
|
, upstream->addr_str, i, x_name, sizeof(raw));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
next = raw;
|
next = raw;
|
||||||
i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &next);
|
i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &next);
|
||||||
if (next - raw != len) {
|
if (next - raw != len) {
|
||||||
DEBUG_STUB("%s %-35s: Pubkey %d claimed it needed %d octets, really needed %"PRIsz"\n",
|
if (!upstream->upstreams
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i, len, next - raw);
|
|| !_getdns_check_log( &upstream->upstreams->log
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_WARNING ))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
if (!x_name)
|
||||||
|
x_name = X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(x)
|
||||||
|
, x_name_spc, sizeof(x_name_spc));
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_WARNING
|
||||||
|
, "%-40s : Skipping cert %d %s, because pubkey si"
|
||||||
|
"ze %"PRIsz" differs from earlier reported %d\n"
|
||||||
|
, upstream->addr_str, i, x_name, next - raw, len);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
SHA256(raw, len, buf);
|
SHA256(raw, len, buf);
|
||||||
|
|
||||||
/* compare it */
|
/* compare it */
|
||||||
for (p = pinset; p; p = p->next)
|
for (p = pinset; p; p = p->next) {
|
||||||
if (0 == memcmp(buf, p->pin, sizeof(p->pin))) {
|
char pin_str[1024];
|
||||||
DEBUG_STUB("%s %-35s: Pubkey %d matched pin %p (%"PRIsz")\n",
|
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void*)p, sizeof(p->pin));
|
|
||||||
return GETDNS_RETURN_GOOD;
|
|
||||||
} else
|
|
||||||
DEBUG_STUB("%s %-35s: Pubkey %d did not match pin %p\n",
|
|
||||||
STUB_DEBUG_SETUP_TLS, __FUNC__, i, (void*)p);
|
|
||||||
}
|
|
||||||
|
|
||||||
return ret;
|
if (x_name) /* only when debugging */
|
||||||
|
gldns_b64_ntop( p->pin , sizeof(p->pin)
|
||||||
|
, pin_str, sizeof(pin_str) );
|
||||||
|
|
||||||
|
if (0 == memcmp(buf, p->pin, sizeof(p->pin))) {
|
||||||
|
if (!upstream->upstreams
|
||||||
|
|| !_getdns_check_log(
|
||||||
|
&upstream->upstreams->log
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_INFO))
|
||||||
|
return GETDNS_RETURN_GOOD;
|
||||||
|
|
||||||
|
if (!x_name) {
|
||||||
|
x_name = X509_NAME_oneline(
|
||||||
|
X509_get_subject_name(x)
|
||||||
|
, x_name_spc, sizeof(x_name_spc));
|
||||||
|
gldns_b64_ntop( p->pin , sizeof(p->pin)
|
||||||
|
, pin_str
|
||||||
|
, sizeof(pin_str) );
|
||||||
|
}
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS
|
||||||
|
, GETDNS_LOG_INFO
|
||||||
|
, "%-40s : Pubkey of cert %d %s matched "
|
||||||
|
"pin %s\n", upstream->addr_str
|
||||||
|
, i, x_name, pin_str);
|
||||||
|
return GETDNS_RETURN_GOOD;
|
||||||
|
}
|
||||||
|
_getdns_upstream_log( upstream
|
||||||
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_DEBUG
|
||||||
|
, "%-40s : Pubkey of cert %d %s did not match"
|
||||||
|
" pin %s\n", upstream->addr_str
|
||||||
|
, i, x_name, pin_str);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return GETDNS_RETURN_GENERIC_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* pubkey-pinning.c */
|
/* pubkey-pinning.c */
|
||||||
|
|
|
@ -44,7 +44,7 @@ _getdns_get_pubkey_pinset_from_list(const getdns_list *pinset_list,
|
||||||
|
|
||||||
/* create a getdns_list version of the pinset */
|
/* create a getdns_list version of the pinset */
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
_getdns_get_pubkey_pinset_list(getdns_context *ctx,
|
_getdns_get_pubkey_pinset_list(const getdns_context *ctx,
|
||||||
const sha256_pin_t *pinset_in,
|
const sha256_pin_t *pinset_in,
|
||||||
getdns_list **pinset_list);
|
getdns_list **pinset_list);
|
||||||
|
|
||||||
|
@ -61,8 +61,8 @@ _getdns_associate_upstream_with_SSL(SSL *ssl,
|
||||||
getdns_upstream *upstream);
|
getdns_upstream *upstream);
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
_getdns_verify_pinset_match(const sha256_pin_t *pinset,
|
_getdns_verify_pinset_match(const getdns_upstream *upstream,
|
||||||
X509_STORE_CTX *store);
|
const sha256_pin_t *pinset, X509_STORE_CTX *store);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
/* pubkey-pinning.h */
|
/* pubkey-pinning.h */
|
||||||
|
|
|
@ -613,6 +613,11 @@ static _getdns_rdata_def csync_rdata[] = {
|
||||||
{ "serial" , GETDNS_RDF_I4 , NULL },
|
{ "serial" , GETDNS_RDF_I4 , NULL },
|
||||||
{ "flags" , GETDNS_RDF_I2 , NULL },
|
{ "flags" , GETDNS_RDF_I2 , NULL },
|
||||||
{ "type_bit_maps" , GETDNS_RDF_X , NULL }};
|
{ "type_bit_maps" , GETDNS_RDF_X , NULL }};
|
||||||
|
static _getdns_rdata_def zonemd_rdata[] = {
|
||||||
|
{ "serial" , GETDNS_RDF_I4 , NULL },
|
||||||
|
{ "digest_type" , GETDNS_RDF_I1 , NULL },
|
||||||
|
{ "reserved" , GETDNS_RDF_I1 , NULL },
|
||||||
|
{ "digest" , GETDNS_RDF_X , NULL }};
|
||||||
static _getdns_rdata_def spf_rdata[] = {
|
static _getdns_rdata_def spf_rdata[] = {
|
||||||
{ "text" , GETDNS_RDF_S_M , NULL }};
|
{ "text" , GETDNS_RDF_S_M , NULL }};
|
||||||
static _getdns_rdata_def nid_rdata[] = {
|
static _getdns_rdata_def nid_rdata[] = {
|
||||||
|
@ -723,9 +728,9 @@ static _getdns_rr_def _getdns_rr_defs[] = {
|
||||||
{ "TALINK", talink_rdata, ALEN( talink_rdata) },
|
{ "TALINK", talink_rdata, ALEN( talink_rdata) },
|
||||||
{ "CDS", ds_rdata, ALEN( ds_rdata) },
|
{ "CDS", ds_rdata, ALEN( ds_rdata) },
|
||||||
{ "CDNSKEY", dnskey_rdata, ALEN( dnskey_rdata) },
|
{ "CDNSKEY", dnskey_rdata, ALEN( dnskey_rdata) },
|
||||||
{ "OPENPGPKEY", openpgpkey_rdata, ALEN(openpgpkey_rdata) }, /* 61 - */
|
{ "OPENPGPKEY", openpgpkey_rdata, ALEN(openpgpkey_rdata) },
|
||||||
{ "CSYNC", csync_rdata, ALEN( csync_rdata) }, /* - 62 */
|
{ "CSYNC", csync_rdata, ALEN( csync_rdata) },
|
||||||
{ NULL, NULL, 0 },
|
{ "ZONEMD", zonemd_rdata, ALEN( zonemd_rdata) }, /* - 63 */
|
||||||
{ NULL, NULL, 0 },
|
{ NULL, NULL, 0 },
|
||||||
{ NULL, NULL, 0 },
|
{ NULL, NULL, 0 },
|
||||||
{ NULL, NULL, 0 },
|
{ NULL, NULL, 0 },
|
||||||
|
|
|
@ -287,8 +287,8 @@ _getdns_cancel_reply(getdns_context *context, connection *conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_reply(
|
getdns_reply(getdns_context *context,
|
||||||
getdns_context *context, getdns_dict *reply, getdns_transaction_t request_id)
|
const getdns_dict *reply, getdns_transaction_t request_id)
|
||||||
{
|
{
|
||||||
/* TODO: Check request_id at context->outbound_requests */
|
/* TODO: Check request_id at context->outbound_requests */
|
||||||
connection *conn = (connection *)(intptr_t)request_id;
|
connection *conn = (connection *)(intptr_t)request_id;
|
||||||
|
|
|
@ -887,7 +887,8 @@ tls_verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||||
|
|
||||||
/* Deal with the pinset validation */
|
/* Deal with the pinset validation */
|
||||||
if (upstream->tls_pubkey_pinset)
|
if (upstream->tls_pubkey_pinset)
|
||||||
pinset_ret = _getdns_verify_pinset_match(upstream->tls_pubkey_pinset, ctx);
|
pinset_ret = _getdns_verify_pinset_match(
|
||||||
|
upstream, upstream->tls_pubkey_pinset, ctx);
|
||||||
|
|
||||||
if (pinset_ret != GETDNS_RETURN_GOOD) {
|
if (pinset_ret != GETDNS_RETURN_GOOD) {
|
||||||
DEBUG_STUB("%s %-35s: FD: %d, WARNING: Pinset validation failure!\n",
|
DEBUG_STUB("%s %-35s: FD: %d, WARNING: Pinset validation failure!\n",
|
||||||
|
@ -2402,9 +2403,9 @@ upstream_find_for_netreq(getdns_network_req *netreq)
|
||||||
return fd;
|
return fd;
|
||||||
}
|
}
|
||||||
/* Handle better, will give generic error*/
|
/* Handle better, will give generic error*/
|
||||||
DEBUG_STUB("%s %-35s: MSG: %p No valid upstream! \n", STUB_DEBUG_SCHEDULE, __FUNC__, (void*)netreq);
|
_getdns_log(&netreq->owner->context->log
|
||||||
_getdns_context_log(netreq->owner->context, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR,
|
, GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
|
||||||
" *FAILURE* no valid transports or upstreams available!\n");
|
, " *FAILURE* no valid transports or upstreams available!\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -192,7 +192,7 @@
|
||||||
CONTEXT_CREATE(TRUE);
|
CONTEXT_CREATE(TRUE);
|
||||||
EVENT_BASE_CREATE;
|
EVENT_BASE_CREATE;
|
||||||
|
|
||||||
ASSERT_RC(getdns_address(context, "localhost", NULL,
|
ASSERT_RC(getdns_address(context, "localhost.", NULL,
|
||||||
&fn_ref, &transaction_id, callbackfn),
|
&fn_ref, &transaction_id, callbackfn),
|
||||||
GETDNS_RETURN_GOOD, "Return code from getdns_address()");
|
GETDNS_RETURN_GOOD, "Return code from getdns_address()");
|
||||||
|
|
||||||
|
|
|
@ -127,7 +127,7 @@
|
||||||
|
|
||||||
CONTEXT_CREATE(TRUE);
|
CONTEXT_CREATE(TRUE);
|
||||||
|
|
||||||
ASSERT_RC(getdns_address_sync(context, "localhost", NULL, &response),
|
ASSERT_RC(getdns_address_sync(context, "localhost.", NULL, &response),
|
||||||
GETDNS_RETURN_GOOD, "Return code from getdns_address_sync()");
|
GETDNS_RETURN_GOOD, "Return code from getdns_address_sync()");
|
||||||
|
|
||||||
EXTRACT_LOCAL_RESPONSE;
|
EXTRACT_LOCAL_RESPONSE;
|
||||||
|
|
|
@ -70,6 +70,7 @@ void extract_response(struct getdns_dict *response, struct extracted_response *e
|
||||||
* If it is absent, do not try to decompose the replies_tree, because the
|
* If it is absent, do not try to decompose the replies_tree, because the
|
||||||
* answer most likely came not from DNS.
|
* answer most likely came not from DNS.
|
||||||
*/
|
*/
|
||||||
|
ex_response->response = response;
|
||||||
have_answer_type = getdns_dict_get_int(response, "answer_type", &ex_response->top_answer_type) ==
|
have_answer_type = getdns_dict_get_int(response, "answer_type", &ex_response->top_answer_type) ==
|
||||||
GETDNS_RETURN_GOOD;
|
GETDNS_RETURN_GOOD;
|
||||||
|
|
||||||
|
@ -233,11 +234,14 @@ void assert_address_in_answer(struct extracted_response *ex_response, int a, int
|
||||||
*/
|
*/
|
||||||
void assert_address_in_just_address_answers(struct extracted_response *ex_response)
|
void assert_address_in_just_address_answers(struct extracted_response *ex_response)
|
||||||
{
|
{
|
||||||
size_t length;
|
size_t length = 0;
|
||||||
|
char *resp_str = "";
|
||||||
ASSERT_RC(getdns_list_get_length(ex_response->just_address_answers, &length),
|
ASSERT_RC(getdns_list_get_length(ex_response->just_address_answers, &length),
|
||||||
GETDNS_RETURN_GOOD, "Failed to extract \"just_address_answers\" length");
|
GETDNS_RETURN_GOOD, "Failed to extract \"just_address_answers\" length");
|
||||||
|
|
||||||
ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d", length);
|
if (length == 0) resp_str = getdns_pretty_print_dict(ex_response->response);
|
||||||
|
ck_assert_msg(length > 0, "Expected \"just_address_answers\" length > 0, got %d\n%s", length, resp_str);
|
||||||
|
if (length == 0) free(resp_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -41,6 +41,7 @@
|
||||||
|
|
||||||
struct extracted_response {
|
struct extracted_response {
|
||||||
uint32_t top_answer_type;
|
uint32_t top_answer_type;
|
||||||
|
struct getdns_dict *response;
|
||||||
struct getdns_bindata *top_canonical_name;
|
struct getdns_bindata *top_canonical_name;
|
||||||
struct getdns_list *just_address_answers;
|
struct getdns_list *just_address_answers;
|
||||||
struct getdns_list *replies_full;
|
struct getdns_list *replies_full;
|
||||||
|
|
|
@ -54,7 +54,8 @@
|
||||||
|
|
||||||
|
|
||||||
getdns_return_t
|
getdns_return_t
|
||||||
getdns_dict_util_get_string(getdns_dict * dict, char *name, char **result)
|
getdns_dict_util_get_string(const getdns_dict *dict,
|
||||||
|
const char *name, char **result)
|
||||||
{
|
{
|
||||||
struct getdns_bindata *bindata = NULL;
|
struct getdns_bindata *bindata = NULL;
|
||||||
if (!result) {
|
if (!result) {
|
||||||
|
@ -1454,7 +1455,7 @@ _getdns_validate_dname(const char* dname) {
|
||||||
} /* _getdns_validate_dname */
|
} /* _getdns_validate_dname */
|
||||||
|
|
||||||
|
|
||||||
static void _getdns_reply2wire_buf(gldns_buffer *buf, getdns_dict *reply)
|
static void _getdns_reply2wire_buf(gldns_buffer *buf, const getdns_dict *reply)
|
||||||
{
|
{
|
||||||
getdns_dict *rr_dict, *q_dict, *h_dict;
|
getdns_dict *rr_dict, *q_dict, *h_dict;
|
||||||
getdns_list *section;
|
getdns_list *section;
|
||||||
|
@ -1510,7 +1511,7 @@ static void _getdns_reply2wire_buf(gldns_buffer *buf, getdns_dict *reply)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void _getdns_list2wire_buf(gldns_buffer *buf, getdns_list *l)
|
static void _getdns_list2wire_buf(gldns_buffer *buf, const getdns_list *l)
|
||||||
{
|
{
|
||||||
getdns_dict *rr_dict;
|
getdns_dict *rr_dict;
|
||||||
size_t i, pkt_start;
|
size_t i, pkt_start;
|
||||||
|
@ -1548,8 +1549,8 @@ static void _getdns_list2wire_buf(gldns_buffer *buf, getdns_list *l)
|
||||||
gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_ANCOUNT_OFF, ancount);
|
gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_ANCOUNT_OFF, ancount);
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t *_getdns_list2wire(
|
uint8_t *_getdns_list2wire(const getdns_list *l,
|
||||||
getdns_list *l, uint8_t *buf, size_t *buf_len, struct mem_funcs *mf)
|
uint8_t *buf, size_t *buf_len, const struct mem_funcs *mf)
|
||||||
{
|
{
|
||||||
gldns_buffer gbuf;
|
gldns_buffer gbuf;
|
||||||
size_t sz;
|
size_t sz;
|
||||||
|
@ -1569,8 +1570,8 @@ uint8_t *_getdns_list2wire(
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t *_getdns_reply2wire(
|
uint8_t *_getdns_reply2wire(const getdns_dict *r,
|
||||||
getdns_dict *r, uint8_t *buf, size_t *buf_len, struct mem_funcs *mf)
|
uint8_t *buf, size_t *buf_len, const struct mem_funcs *mf)
|
||||||
{
|
{
|
||||||
gldns_buffer gbuf;
|
gldns_buffer gbuf;
|
||||||
size_t sz;
|
size_t sz;
|
||||||
|
@ -1590,7 +1591,7 @@ uint8_t *_getdns_reply2wire(
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
void _getdns_wire2list(uint8_t *pkt, size_t pkt_len, getdns_list *l)
|
void _getdns_wire2list(const uint8_t *pkt, size_t pkt_len, getdns_list *l)
|
||||||
{
|
{
|
||||||
_getdns_rr_iter rr_spc, *rr;
|
_getdns_rr_iter rr_spc, *rr;
|
||||||
getdns_dict *rr_dict;
|
getdns_dict *rr_dict;
|
||||||
|
|
|
@ -147,17 +147,18 @@ _getdns_rr_iter2rr_dict_canonical(
|
||||||
struct mem_funcs *mf, _getdns_rr_iter *i, uint32_t *orig_ttl);
|
struct mem_funcs *mf, _getdns_rr_iter *i, uint32_t *orig_ttl);
|
||||||
|
|
||||||
struct getdns_dns_req;
|
struct getdns_dns_req;
|
||||||
struct getdns_dict *_getdns_create_getdns_response(struct getdns_dns_req *completed_request);
|
struct getdns_dict *_getdns_create_getdns_response(
|
||||||
|
struct getdns_dns_req *completed_request);
|
||||||
|
|
||||||
getdns_return_t _getdns_validate_dname(const char* dname);
|
getdns_return_t _getdns_validate_dname(const char* dname);
|
||||||
|
|
||||||
uint8_t *_getdns_list2wire(
|
uint8_t *_getdns_list2wire(const getdns_list *l,
|
||||||
getdns_list *l, uint8_t *buf, size_t *buf_len, struct mem_funcs *mf);
|
uint8_t *buf, size_t *buf_len, const struct mem_funcs *mf);
|
||||||
|
|
||||||
uint8_t *_getdns_reply2wire(
|
uint8_t *_getdns_reply2wire(const getdns_dict *r,
|
||||||
getdns_dict *r, uint8_t *buf, size_t *buf_len, struct mem_funcs *mf);
|
uint8_t *buf, size_t *buf_len, const struct mem_funcs *mf);
|
||||||
|
|
||||||
void _getdns_wire2list(uint8_t *pkt, size_t pkt_len, getdns_list *l);
|
void _getdns_wire2list(const uint8_t *pkt, size_t pkt_len, getdns_list *l);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -218,16 +219,43 @@ INLINE uint64_t _getdns_ms_until_expiry2(uint64_t expires, uint64_t *now_ms)
|
||||||
return *now_ms >= expires ? 0 : expires - *now_ms;
|
return *now_ms >= expires ? 0 : expires - *now_ms;
|
||||||
}
|
}
|
||||||
|
|
||||||
# if defined(HAVE_DECL_SSL_SET_MIN_PROTO_VERSION) && HAVE_DECL_SSL_SET_MIN_PROTO_VERSION
|
#if defined(HAVE_DECL_SSL_SET_MIN_PROTO_VERSION) \
|
||||||
|
&& HAVE_DECL_SSL_SET_MIN_PROTO_VERSION
|
||||||
|
|
||||||
INLINE int _getdns_tls_version2openssl_version(getdns_tls_version_t v)
|
INLINE int _getdns_tls_version2openssl_version(getdns_tls_version_t v)
|
||||||
{
|
{
|
||||||
switch (v) {
|
switch (v) {
|
||||||
|
# ifdef SSL3_VERSION
|
||||||
case GETDNS_SSL3 : return SSL3_VERSION;
|
case GETDNS_SSL3 : return SSL3_VERSION;
|
||||||
|
# endif
|
||||||
|
# ifdef TLS1_VERSION
|
||||||
case GETDNS_TLS1 : return TLS1_VERSION;
|
case GETDNS_TLS1 : return TLS1_VERSION;
|
||||||
|
# endif
|
||||||
|
# ifdef TLS1_1_VERSION
|
||||||
case GETDNS_TLS1_1: return TLS1_1_VERSION;
|
case GETDNS_TLS1_1: return TLS1_1_VERSION;
|
||||||
|
# endif
|
||||||
|
# ifdef TLS1_2_VERSION
|
||||||
case GETDNS_TLS1_2: return TLS1_2_VERSION;
|
case GETDNS_TLS1_2: return TLS1_2_VERSION;
|
||||||
|
# endif
|
||||||
|
# ifdef TLS1_3_VERSION
|
||||||
case GETDNS_TLS1_3: return TLS1_3_VERSION;
|
case GETDNS_TLS1_3: return TLS1_3_VERSION;
|
||||||
default : return TLS_MAX_VERSION;
|
# endif
|
||||||
|
default :
|
||||||
|
# if defined(TLS_MAX_VERSION)
|
||||||
|
return TLS_MAX_VERSION;
|
||||||
|
# elif defined(TLS1_3_VERSION)
|
||||||
|
return TLS1_3_VERSION;
|
||||||
|
# elif defined(TLS1_2_VERSION)
|
||||||
|
return TLS1_2_VERSION;
|
||||||
|
# elif defined(TLS1_1_VERSION)
|
||||||
|
return TLS1_1_VERSION;
|
||||||
|
# elif defined(TLS1_VERSION)
|
||||||
|
return TLS1_VERSION;
|
||||||
|
# elif defined(SSL3_VERSION)
|
||||||
|
return SSL3_VERSION;
|
||||||
|
# else
|
||||||
|
return -1;
|
||||||
|
# endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
2
stubby
2
stubby
|
@ -1 +1 @@
|
||||||
Subproject commit 8fb853ac8d6148fd9b53fdcbc107ecd375071ec5
|
Subproject commit 919b7d914ca618f4a843464d5825383f45809f3e
|
Loading…
Reference in New Issue