From c5b839bda8867b3cb601f7820f6ba0a01563c380 Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Thu, 17 Dec 2015 17:20:08 +0000 Subject: [PATCH 1/5] remove STARTTLS --- ChangeLog | 3 +- src/const-info.c | 2 - src/context.c | 45 ++------- src/context.h | 1 - src/getdns/getdns.h.in | 2 - src/getdns/getdns_extra.h.in | 2 - src/stub.c | 179 +++-------------------------------- src/test/Makefile.in | 2 +- src/test/getdns_query.c | 12 +-- 9 files changed, 26 insertions(+), 222 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e2f2a63..8d87442d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ -* +* + * Remove STARTTLS implementation (no change to SPEC) * Enable TCP Fast Open when possible. Add OSX support for TFO. * Rename return_call_debugging to return_call_reporting diff --git a/src/const-info.c b/src/const-info.c index 462a5cee..1e55a99a 100644 --- a/src/const-info.c +++ b/src/const-info.c @@ -43,7 +43,6 @@ static struct const_info consts_info[] = { { 543, "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN_TEXT }, { 544, "GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT }, { 545, "GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT }, - { 546, "GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN", GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT }, { 550, "GETDNS_APPEND_NAME_ALWAYS", GETDNS_APPEND_NAME_ALWAYS_TEXT }, { 551, "GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE_TEXT }, { 552, "GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE", GETDNS_APPEND_NAME_ONLY_TO_MULTIPLE_LABEL_NAME_AFTER_FAILURE_TEXT }, @@ -88,7 +87,6 @@ static struct const_info consts_info[] = { { 1200, "GETDNS_TRANSPORT_UDP", GETDNS_TRANSPORT_UDP_TEXT }, { 1201, "GETDNS_TRANSPORT_TCP", GETDNS_TRANSPORT_TCP_TEXT }, { 1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT }, - { 1203, "GETDNS_TRANSPORT_STARTTLS", GETDNS_TRANSPORT_STARTTLS_TEXT }, { 1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT }, { 1301, "GETDNS_AUTHENTICATION_HOSTNAME", GETDNS_AUTHENTICATION_HOSTNAME_TEXT }, }; diff --git a/src/context.c b/src/context.c index eb242be0..827660c9 100644 --- a/src/context.c +++ b/src/context.c @@ -73,21 +73,18 @@ typedef struct host_name_addrs { static getdns_transport_list_t getdns_upstream_transports[GETDNS_UPSTREAM_TRANSPORTS] = { - GETDNS_TRANSPORT_STARTTLS, // Define before TCP to ease fallback GETDNS_TRANSPORT_TCP, GETDNS_TRANSPORT_TLS, }; static in_port_t getdns_port_array[GETDNS_UPSTREAM_TRANSPORTS] = { - GETDNS_PORT_DNS, GETDNS_PORT_DNS, GETDNS_PORT_DNS_OVER_TLS }; char* getdns_port_str_array[] = { - GETDNS_STR_PORT_DNS, GETDNS_STR_PORT_DNS, GETDNS_STR_PORT_DNS_OVER_TLS }; @@ -575,8 +572,7 @@ _getdns_upstream_shutdown(getdns_upstream *upstream) static int tls_is_in_transports_list(getdns_context *context) { for (int i=0; i< context->dns_transport_count;i++) { - if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS || - context->dns_transports[i] == GETDNS_TRANSPORT_STARTTLS) + if (context->dns_transports[i] == GETDNS_TRANSPORT_TLS) return 1; } return 0; @@ -586,8 +582,7 @@ static int tls_only_is_in_transports_list(getdns_context *context) { if (context->dns_transport_count != 1) return 0; - if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS || - context->dns_transports[0] == GETDNS_TRANSPORT_STARTTLS) + if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS) return 1; return 0; } @@ -617,7 +612,6 @@ upstream_init(getdns_upstream *upstream, /* For sharing a socket to this upstream with TCP */ upstream->fd = -1; upstream->tls_obj = NULL; - upstream->starttls_req = NULL; upstream->transport = GETDNS_TRANSPORT_TCP; upstream->tls_hs_state = GETDNS_HS_NONE; upstream->tls_auth_failed = 0; @@ -1250,18 +1244,17 @@ getdns_set_base_dns_transports( return GETDNS_RETURN_INVALID_PARAMETER; /* Check for valid transports and that they are used only once*/ - int u=0,t=0,l=0,s=0; + int u=0,t=0,l=0; for(i=0; i1 || t>1 || l>1 || s>1) + if ( u>1 || t>1 || l>1) return GETDNS_RETURN_INVALID_PARAMETER; if (!(new_transports = GETDNS_XMALLOC(context->my_mf, @@ -1298,7 +1291,6 @@ set_ub_dns_transport(struct getdns_context* context) { set_ub_string_opt(context, "do-tcp:", "yes"); break; case GETDNS_TRANSPORT_TLS: - case GETDNS_TRANSPORT_STARTTLS: set_ub_string_opt(context, "do-udp:", "no"); set_ub_string_opt(context, "do-tcp:", "yes"); /* Find out if there is a fallback available. */ @@ -1315,15 +1307,9 @@ set_ub_dns_transport(struct getdns_context* context) { break; } } - if (context->dns_transports[0] == GETDNS_TRANSPORT_TLS) { - if (fallback == 0) - /* Use TLS if it is the only thing.*/ - set_ub_string_opt(context, "ssl-upstream:", "yes"); - break; - } else if (fallback == 0) - /* Can't support STARTTLS with no fallback. This leads to - * timeouts with un stub validation.... */ - set_ub_string_opt(context, "do-tcp:", "no"); + if (fallback == 0) + /* Use TLS if it is the only thing.*/ + set_ub_string_opt(context, "ssl-upstream:", "yes"); break; default: return GETDNS_RETURN_CONTEXT_UPDATE_FAIL; @@ -1380,10 +1366,6 @@ getdns_context_set_dns_transport( context->dns_transports[0] = GETDNS_TRANSPORT_TLS; context->dns_transports[1] = GETDNS_TRANSPORT_TCP; break; - case GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN: - context->dns_transports[0] = GETDNS_TRANSPORT_STARTTLS; - context->dns_transports[1] = GETDNS_TRANSPORT_TCP; - break; default: return GETDNS_RETURN_CONTEXT_UPDATE_FAIL; } @@ -1787,8 +1769,7 @@ getdns_context_set_upstream_recursive_servers(struct getdns_context *context, upstream->addr.ss_family = addr.ss_family; upstream_init(upstream, upstreams, ai); upstream->transport = getdns_upstream_transports[j]; - if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS || - getdns_upstream_transports[j] == GETDNS_TRANSPORT_STARTTLS) { + if (getdns_upstream_transports[j] == GETDNS_TRANSPORT_TLS) { if ((r = getdns_dict_get_bindata( dict, "tls_auth_name", &tls_auth_name)) == GETDNS_RETURN_GOOD) { /*TODO: VALIDATE THIS STRING!*/ @@ -2276,9 +2257,9 @@ _getdns_context_prepare_for_resolution(struct getdns_context *context, } } - /* Block use of STARTTLS/TLS ONLY in recursive mode as it won't work */ + /* Block use of TLS ONLY in recursive mode as it won't work */ /* Note: If TLS is used in recursive mode this will try TLS on port - * 53 so it is blocked here. So is 'STARTTLS only' at the moment. */ + * 53 so it is blocked here. */ if (context->resolution_type == GETDNS_RESOLUTION_RECURSING && tls_only_is_in_transports_list(context) == 1) return GETDNS_RETURN_BAD_CONTEXT; @@ -2823,12 +2804,6 @@ getdns_context_get_dns_transport(getdns_context *context, else return GETDNS_RETURN_WRONG_TYPE_REQUESTED; } - if (transports[0] == GETDNS_TRANSPORT_STARTTLS) { - if (count == 2 && transports[1] == GETDNS_TRANSPORT_TCP) - *value = GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN; - else - return GETDNS_RETURN_WRONG_TYPE_REQUESTED; - } return GETDNS_RETURN_GOOD; } diff --git a/src/context.h b/src/context.h index 1e489d2d..98068f1f 100644 --- a/src/context.h +++ b/src/context.h @@ -97,7 +97,6 @@ typedef struct getdns_upstream { getdns_transport_list_t transport; SSL* tls_obj; getdns_tls_hs_state_t tls_hs_state; - getdns_dns_req * starttls_req; getdns_eventloop_event event; getdns_eventloop *loop; getdns_tcp_state tcp; diff --git a/src/getdns/getdns.h.in b/src/getdns/getdns.h.in index f2cebef2..65e0b2ee 100644 --- a/src/getdns/getdns.h.in +++ b/src/getdns/getdns.h.in @@ -185,7 +185,6 @@ typedef enum getdns_transport_list_t { GETDNS_TRANSPORT_UDP = 1200, GETDNS_TRANSPORT_TCP = 1201, GETDNS_TRANSPORT_TLS = 1202, - GETDNS_TRANSPORT_STARTTLS = 1203 } getdns_transport_list_t; /** @@ -195,7 +194,6 @@ typedef enum getdns_transport_list_t { #define GETDNS_TRANSPORT_UDP_TEXT "See getdns_context_set_dns_transport_list()" #define GETDNS_TRANSPORT_TCP_TEXT "See getdns_context_set_dns_transport_list()" #define GETDNS_TRANSPORT_TLS_TEXT "See getdns_context_set_dns_transport_list()" -#define GETDNS_TRANSPORT_STARTTLS_TEXT "See getdns_context_set_dns_transport_list()" /** @} */ diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in index da6c35e2..bc8d9580 100644 --- a/src/getdns/getdns_extra.h.in +++ b/src/getdns/getdns_extra.h.in @@ -399,8 +399,6 @@ getdns_context_get_tls_authentication(getdns_context *context, #define GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" #define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 545 #define GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" -#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN 546 -#define GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN_TEXT "See getdns_context_set_dns_transport()" #ifdef __cplusplus } diff --git a/src/stub.c b/src/stub.c index dc87418e..375efe24 100644 --- a/src/stub.c +++ b/src/stub.c @@ -256,81 +256,6 @@ match_and_process_server_cookie( return 0; } -static int -create_starttls_request(getdns_dns_req *dnsreq, getdns_upstream *upstream, - getdns_eventloop *loop) -{ - getdns_return_t r = GETDNS_RETURN_GOOD; - getdns_dict* extensions = getdns_dict_create_with_context(dnsreq->context); - if (!extensions) { - return 0; - } - r = getdns_dict_set_int(extensions, "specify_class", GLDNS_RR_CLASS_CH); - if (r != GETDNS_RETURN_GOOD) { - getdns_dict_destroy(extensions); - return 0; - } - upstream->starttls_req = _getdns_dns_req_new(dnsreq->context, loop, - "STARTTLS", GETDNS_RRTYPE_TXT, extensions); - /*TODO[TLS]: TO BIT*/ - if (upstream->starttls_req == NULL) - return 0; - getdns_dict_destroy(extensions); - - upstream->starttls_req->netreqs[0]->upstream = upstream; - return 1; -} - -static int -is_starttls_response(getdns_network_req *netreq) -{ - _getdns_rr_iter rr_iter_storage, *rr_iter; - _getdns_rdf_iter rdf_iter_storage, *rdf_iter; - uint16_t rr_type; - gldns_pkt_section section; - uint8_t starttls_name_space[256], *starttls_name; - uint8_t owner_name_space[256], *owner_name; - size_t starttls_name_len = sizeof(starttls_name_space); - size_t owner_name_len = sizeof(owner_name_space);; - - /* Servers that are not STARTTLS aware will refuse the CH query*/ - if (GLDNS_RCODE_NOERROR != GLDNS_RCODE_WIRE(netreq->response)) - return 0; - - if (GLDNS_ANCOUNT(netreq->response) != 1) - return 0; - - for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage - , netreq->response - , netreq->response_len) - ; rr_iter - ; rr_iter = _getdns_rr_iter_next(rr_iter)) { - - section = _getdns_rr_iter_section(rr_iter); - rr_type = gldns_read_uint16(rr_iter->rr_type); - if (section != GLDNS_SECTION_ANSWER - || rr_type != GETDNS_RRTYPE_TXT) - continue; - - owner_name = _getdns_owner_if_or_as_decompressed( - rr_iter, owner_name_space, &owner_name_len); - if (!_getdns_dname_equal(netreq->owner->name, owner_name)) - continue; - - if (!(rdf_iter = _getdns_rdf_iter_init( - &rdf_iter_storage, rr_iter))) - continue; - - if ((starttls_name = _getdns_rdf_if_or_as_decompressed( - rdf_iter, starttls_name_space, &starttls_name_len)) && - _getdns_dname_equal(starttls_name, owner_name)) - return 1; - - return 0; - } - return 0; -} - /** best effort to set nonblocking */ static void getdns_sock_nonblock(int sockfd) @@ -361,8 +286,7 @@ tcp_connect(getdns_upstream *upstream, getdns_transport_list_t transport) getdns_sock_nonblock(fd); #ifdef USE_TCP_FASTOPEN /* Leave the connect to the later call to sendto() if using TCP*/ - if (transport == GETDNS_TRANSPORT_TCP || - transport == GETDNS_TRANSPORT_STARTTLS) + if (transport == GETDNS_TRANSPORT_TCP) return fd; #elif USE_OSX_TCP_FASTOPEN sa_endpoints_t endpoints; @@ -540,15 +464,6 @@ stub_timeout_cb(void *userarg) { DEBUG_STUB("*** %s(%p)\n", __FUNCTION__, userarg); getdns_network_req *netreq = (getdns_network_req *)userarg; - - /* For now, mark a STARTTLS timeout as a failured negotiation and allow - * fallback but don't close the connection. */ - if (netreq->owner == netreq->upstream->starttls_req) { - netreq->upstream->tls_hs_state = GETDNS_HS_FAILED; - stub_next_upstream(netreq); - stub_cleanup(netreq); - return; - } stub_next_upstream(netreq); stub_cleanup(netreq); @@ -707,6 +622,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) uint16_t query_id; intptr_t query_id_intptr; + DEBUG_STUB("*** %s\n", __FUNCTION__); int q = tcp_connected(netreq->upstream); if (q != 0) return q; @@ -760,6 +676,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) written < pkt_len + 2) { #else written = write(fd, netreq->query - 2, pkt_len + 2); + DEBUG_STUB("*** %s Written: %d\n", __FUNCTION__, (int)written); if ((written == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) || written < pkt_len + 2) { @@ -813,27 +730,22 @@ static int tls_requested(getdns_network_req *netreq) { return (netreq->transports[netreq->transport_current] == - GETDNS_TRANSPORT_TLS || - netreq->transports[netreq->transport_current] == - GETDNS_TRANSPORT_STARTTLS) ? + GETDNS_TRANSPORT_TLS) ? 1 : 0; } static int tls_should_write(getdns_upstream *upstream) { - /* Should messages be written on TLS upstream. Remember that for STARTTLS - * the first message should got over TCP as the handshake isn't started yet.*/ - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + /* Should messages be written on TLS upstream. */ + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && upstream->tls_hs_state != GETDNS_HS_NONE) ? 1 : 0; } static int tls_should_read(getdns_upstream *upstream) { - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && !(upstream->tls_hs_state == GETDNS_HS_FAILED || upstream->tls_hs_state == GETDNS_HS_NONE)) ? 1 : 0; } @@ -842,8 +754,7 @@ static int tls_failed(getdns_upstream *upstream) { /* No messages should be scheduled onto an upstream in this state */ - return ((upstream->transport == GETDNS_TRANSPORT_TLS || - upstream->transport == GETDNS_TRANSPORT_STARTTLS) && + return ((upstream->transport == GETDNS_TRANSPORT_TLS) && upstream->tls_hs_state == GETDNS_HS_FAILED) ? 1 : 0; } @@ -1430,7 +1341,6 @@ upstream_read_cb(void *userarg) DEBUG_STUB("--- READ: %s\n", __FUNCTION__); getdns_upstream *upstream = (getdns_upstream *)userarg; getdns_network_req *netreq; - getdns_dns_req *dnsreq; int q; uint16_t query_id; intptr_t query_id_intptr; @@ -1474,25 +1384,6 @@ upstream_read_cb(void *userarg) * on a working connection until we hit a problem.*/ upstream->upstreams->current = 0; - if (netreq->owner == upstream->starttls_req) { - dnsreq = netreq->owner; - if (is_starttls_response(netreq)) { - upstream->tls_obj = tls_create_object(dnsreq, - upstream->fd, - upstream); - if (upstream->tls_obj == NULL) - upstream->tls_hs_state = GETDNS_HS_FAILED; - upstream->tls_hs_state = GETDNS_HS_WRITE; - } else - upstream->tls_hs_state = GETDNS_HS_FAILED; - - /* Now reschedule the writes on this connection */ - GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); - GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, - netreq->owner->context->timeout, - getdns_eventloop_event_init(&upstream->event, upstream, - NULL, upstream_write_cb, NULL)); - } netreq->debug_end_time = _getdns_get_time_as_uintt64(); /* This also reschedules events for the upstream*/ stub_cleanup(netreq); @@ -1500,9 +1391,6 @@ upstream_read_cb(void *userarg) /* More to read/write for syncronous lookups? */ if (netreq->event.read_cb) upstream_reschedule_netreq_events(upstream, netreq); - - if (netreq->owner != upstream->starttls_req) - _getdns_check_dns_req_complete(netreq->owner); } } @@ -1582,20 +1470,6 @@ upstream_write_cb(void *userarg) GETDNS_SCHEDULE_EVENT(upstream->loop, upstream->fd, TIMEOUT_FOREVER, &upstream->event); } - if (upstream->starttls_req && netreq->owner == upstream->starttls_req) { - /* Now deschedule any further writes on this connection until we get - * the STARTTLS answer*/ - GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); - upstream->event.write_cb = NULL; - GETDNS_SCHEDULE_EVENT(upstream->loop, - upstream->fd, TIMEOUT_FOREVER, &upstream->event); - } else if (upstream->starttls_req) { - /* Delay the cleanup of the STARTTLS req until the write of the next - * req in the queue since for sync req, the event on a request is - * used for the callback that writes the next req. */ - _getdns_dns_req_free(upstream->starttls_req); - upstream->starttls_req = NULL; - } /* With synchonous lookups, schedule the read locally too */ if (netreq->event.write_cb) { GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event); @@ -1603,7 +1477,7 @@ upstream_write_cb(void *userarg) dnsreq->loop, upstream->fd, dnsreq->context->timeout, getdns_eventloop_event_init(&netreq->event, netreq, netreq_upstream_read_cb, - (upstream->write_queue && !upstream->starttls_req ? + (upstream->write_queue ? netreq_upstream_write_cb : NULL), stub_timeout_cb)); } @@ -1639,12 +1513,6 @@ upstream_transport_valid(getdns_upstream *upstream, upstream->tcp.write_error != 0) { return 0; } - /* Allow TCP messages to be sent on a STARTTLS upstream that hasn't - * upgraded to avoid opening a new connection if one is aleady open. */ - if (transport == GETDNS_TRANSPORT_TCP && - upstream->transport == GETDNS_TRANSPORT_STARTTLS && - upstream->tls_hs_state == GETDNS_HS_FAILED) - return 1; /* Otherwise, transport must match, and not have failed */ if (upstream->transport != transport) return 0; @@ -1740,28 +1608,6 @@ upstream_connect(getdns_upstream *upstream, getdns_transport_list_t transport, upstream->loop = dnsreq->context->extension; upstream->fd = fd; break; - case GETDNS_TRANSPORT_STARTTLS: - /* Use existing if available. Let the fallback code handle it if - * STARTTLS isn't availble. */ - if (upstream->fd != -1) - return upstream->fd; - fd = tcp_connect(upstream, transport); - if (fd == -1) return -1; - if (!create_starttls_request(dnsreq, upstream, dnsreq->loop)) - return GETDNS_RETURN_GENERIC_ERROR; - getdns_network_req *starttls_netreq = upstream->starttls_req->netreqs[0]; - upstream->loop = dnsreq->context->extension; - upstream->fd = fd; - upstream_schedule_netreq(upstream, starttls_netreq); - /* Schedule at least the timeout locally, but use less than half the - * context value so by default this timeouts before the TIMEOUT_TLS. - * And also the write if we perform a synchronous lookup */ - GETDNS_SCHEDULE_EVENT( - dnsreq->loop, upstream->fd, dnsreq->context->timeout / 3, - getdns_eventloop_event_init(&starttls_netreq->event, - starttls_netreq, NULL, (dnsreq->loop != upstream->loop - ? netreq_upstream_write_cb : NULL), stub_timeout_cb)); - break; default: return -1; /* Nothing to do*/ @@ -1909,9 +1755,7 @@ upstream_schedule_netreq(getdns_upstream *upstream, getdns_network_req *netreq) GETDNS_CLEAR_EVENT(upstream->loop, &upstream->event); upstream->event.timeout_cb = NULL; upstream->event.write_cb = upstream_write_cb; - if (upstream->tls_hs_state == GETDNS_HS_WRITE || - (upstream->starttls_req && - upstream->starttls_req->netreqs[0] == netreq)) { + if (upstream->tls_hs_state == GETDNS_HS_WRITE) { /* Set a timeout on the upstream so we can catch failed setup*/ /* TODO[TLS]: When generic fallback supported, we should decide how * to split the timeout between transports. */ @@ -1954,8 +1798,7 @@ _getdns_submit_stub_request(getdns_network_req *netreq) NULL, (transport == GETDNS_TRANSPORT_UDP ? stub_udp_write_cb: stub_tcp_write_cb), stub_timeout_cb)); return GETDNS_RETURN_GOOD; - - case GETDNS_TRANSPORT_STARTTLS: + case GETDNS_TRANSPORT_TLS: case GETDNS_TRANSPORT_TCP: upstream_schedule_netreq(netreq->upstream, netreq); diff --git a/src/test/Makefile.in b/src/test/Makefile.in index 3ccf6f34..0f6dd16f 100644 --- a/src/test/Makefile.in +++ b/src/test/Makefile.in @@ -58,7 +58,7 @@ CHECK_EVENT_PROG=@CHECK_EVENT_PROG@ CHECK_EV_PROG=@CHECK_EV_PROG@ CC=@CC@ -CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ +CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ -I/usr/local/opt/openssl/include LDFLAGS=-L.. @LDFLAGS@ LDLIBS=../libgetdns.la @LIBS@ CHECK_LIBS=@CHECK_LIBS@ diff --git a/src/test/getdns_query.c b/src/test/getdns_query.c index 7fc569fa..8159a7d9 100644 --- a/src/test/getdns_query.c +++ b/src/test/getdns_query.c @@ -345,9 +345,6 @@ fill_transport_list(getdns_context *context, char *transport_list_str, case 'L': transports[i] = GETDNS_TRANSPORT_TLS; break; - case 'S': - transports[i] = GETDNS_TRANSPORT_STARTTLS; - break; default: fprintf(stderr, "Unrecognised transport '%c' in string %s\n", *(transport_list_str + i), transport_list_str); @@ -360,7 +357,7 @@ fill_transport_list(getdns_context *context, char *transport_list_str, void print_usage(FILE *out, const char *progname) { - fprintf(out, "usage: %s [@] [+extension] [] []\n", + fprintf(out, "usage: %s [@][~] [+extension] [] []\n", progname); fprintf(out, "options:\n"); fprintf(out, "\t-a\tPerform asynchronous resolution " @@ -394,11 +391,10 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t-O\tSet transport to TCP only keep connections open\n"); fprintf(out, "\t-L\tSet transport to TLS only keep connections open\n"); fprintf(out, "\t-E\tSet transport to TLS with TCP fallback only keep connections open\n"); - fprintf(out, "\t-R\tSet transport to STARTTLS with TCP fallback only keep connections open\n"); fprintf(out, "\t-u\tSet transport to UDP with TCP fallback\n"); fprintf(out, "\t-U\tSet transport to UDP only\n"); fprintf(out, "\t-l \tSet transport list. List can contain 1 of each of the characters\n"); - fprintf(out, "\t\t\t U T L S for UDP, TCP, TLS or STARTTLS e.g 'UT' or 'LST' \n"); + fprintf(out, "\t\t\t U T L S for UDP, TCP or TLS e.g 'UT' or 'LTU' \n"); } @@ -790,10 +786,6 @@ getdns_return_t parse_args(int argc, char **argv) getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); break; - case 'R': - getdns_context_set_dns_transport(context, - GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); - break; case 'u': getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_UDP_FIRST_AND_FALL_BACK_TO_TCP); From 3e97e1f0326da2f32b2fbfc63fa13f35380b90eb Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Fri, 18 Dec 2015 13:33:21 +0000 Subject: [PATCH 2/5] Fix make file --- src/test/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/Makefile.in b/src/test/Makefile.in index 0f6dd16f..f5fe1d14 100644 --- a/src/test/Makefile.in +++ b/src/test/Makefile.in @@ -58,7 +58,7 @@ CHECK_EVENT_PROG=@CHECK_EVENT_PROG@ CHECK_EV_PROG=@CHECK_EV_PROG@ CC=@CC@ -CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ -I/usr/local/opt/openssl/include +CFLAGS=-I$(srcdir)/.. -I$(srcdir) -I.. $(cflags) @CFLAGS@ @CPPFLAGS@ LDFLAGS=-L.. @LDFLAGS@ LDLIBS=../libgetdns.la @LIBS@ CHECK_LIBS=@CHECK_LIBS@ From 13ddf9ad83352ebfe783e8ee1b2f7d8936eeb58d Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Fri, 18 Dec 2015 14:41:59 +0000 Subject: [PATCH 3/5] Update constants --- src/context.c | 3 +++ src/types-internal.h | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/context.c b/src/context.c index 827660c9..95aed89b 100644 --- a/src/context.c +++ b/src/context.c @@ -71,6 +71,9 @@ typedef struct host_name_addrs { uint8_t host_name[]; } host_name_addrs; + +/* If changing these lists also remember to + change the value of GETDNS_UPSTREAM_TRANSPORTS */ static getdns_transport_list_t getdns_upstream_transports[GETDNS_UPSTREAM_TRANSPORTS] = { GETDNS_TRANSPORT_TCP, diff --git a/src/types-internal.h b/src/types-internal.h index ef5a118e..a451f028 100644 --- a/src/types-internal.h +++ b/src/types-internal.h @@ -116,8 +116,8 @@ struct getdns_upstream; #define TIMEOUT_FOREVER ((int64_t)-1) #define ASSERT_UNREACHABLE 0 -#define GETDNS_TRANSPORTS_MAX 4 -#define GETDNS_UPSTREAM_TRANSPORTS 3 +#define GETDNS_TRANSPORTS_MAX 3 +#define GETDNS_UPSTREAM_TRANSPORTS 2 /** @} */ From 4165e874de3e0cd606de1237484828d870518630 Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Fri, 18 Dec 2015 16:11:35 +0000 Subject: [PATCH 4/5] Fix tests --- src/stub.c | 2 ++ src/test/tests_stub_async.c | 3 --- src/test/tests_transports.sh | 6 ++---- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/stub.c b/src/stub.c index 375efe24..eea83cc1 100644 --- a/src/stub.c +++ b/src/stub.c @@ -1391,6 +1391,8 @@ upstream_read_cb(void *userarg) /* More to read/write for syncronous lookups? */ if (netreq->event.read_cb) upstream_reschedule_netreq_events(upstream, netreq); + + _getdns_check_dns_req_complete(netreq->owner); } } diff --git a/src/test/tests_stub_async.c b/src/test/tests_stub_async.c index ceaa54d6..a5b3c995 100644 --- a/src/test/tests_stub_async.c +++ b/src/test/tests_stub_async.c @@ -47,7 +47,6 @@ #define TRANSPORT_PIPELINE "pipeline" #define TRANSPORT_TLS_KEEPOPEN "tls" #define TRANSPORT_TLS_TCP_KEEPOPEN "dns-over-tls" -#define TRANSPORT_STARTTLS_TCP_KEEPOPEN "starttls" #define RESOLUTION_STUB "stub" #define RESOLUTION_REC "rec" @@ -111,8 +110,6 @@ main(int argc, char** argv) getdns_context_set_dns_transport(this_context, GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN); else if (strncmp(transport, TRANSPORT_TLS_TCP_KEEPOPEN, 12) == 0) getdns_context_set_dns_transport(this_context, GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); - else if (strncmp(transport, TRANSPORT_STARTTLS_TCP_KEEPOPEN, 8) == 0) - getdns_context_set_dns_transport(this_context, GETDNS_TRANSPORT_STARTTLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN); else if (strncmp(transport, TRANSPORT_UDP_TCP, 3) != 0) { fprintf(stderr, "Invalid transport %s, must be one of udp, udp_tcp, tcp or pipeline\n", transport); exit(EXIT_FAILURE); diff --git a/src/test/tests_transports.sh b/src/test/tests_transports.sh index 9912edab..9cf7f79d 100755 --- a/src/test/tests_transports.sh +++ b/src/test/tests_transports.sh @@ -49,7 +49,7 @@ usage () { echo "it can be used to check the basic functionality for now. It is recommended that" echo "local or known test servers are used, but it should work with the default servers:" echo " - Google Open DNS for TCP and UDP only " - echo "- the getdnsapi.net test server Open Resolver for TLS, STARTTLS, TCP and UDP" + echo "- the getdnsapi.net test server Open Resolver for TLS, TCP and UDP" echo "NOTE: By default this script assumes it is located in the same directory" echo "as the getdns_query binary. If it is not, then the location of the binary" echo "can be specified via the command line option." @@ -57,7 +57,7 @@ usage () { echo "usage: test_transport.sh" echo " -p path to getdns_query binary" echo " -s server configured for only TCP and UDP" - echo " -t server configured for TLS, STARTTLS, TCP and UDP" + echo " -t server configured for TLS, TCP and UDP" echo " (This must include the hostname e.g. 185.49.141.38~getdnsapi.net)" } @@ -79,7 +79,6 @@ GOOD_QUERIES=( "-s -A -q getdnsapi.net -l T @${SERVER_IP} " "-s -A -q getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" "-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP}") -#"-s -A -q getdnsapi.net -l S @${TLS_SERVER_IP_NO_NAME}") GOOD_FALLBACK_QUERIES=( "-s -A -q getdnsapi.net -l LT @${SERVER_IP}" @@ -91,7 +90,6 @@ GOOD_FALLBACK_QUERIES=( NOT_AVAILABLE_QUERIES=( "-s -A -q getdnsapi.net -l L @${SERVER_IP} " -#"-s -A -q getdnsapi.net -l S @${SERVER_IP} " "-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} " "-s -G -q DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D") From 91a73ab3d0a0161c40f1982431ab0ff5fa628067 Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Fri, 18 Dec 2015 16:22:09 +0000 Subject: [PATCH 5/5] cleanup --- src/stub.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/stub.c b/src/stub.c index eea83cc1..02c86a25 100644 --- a/src/stub.c +++ b/src/stub.c @@ -622,7 +622,6 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) uint16_t query_id; intptr_t query_id_intptr; - DEBUG_STUB("*** %s\n", __FUNCTION__); int q = tcp_connected(netreq->upstream); if (q != 0) return q; @@ -676,7 +675,6 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq) written < pkt_len + 2) { #else written = write(fd, netreq->query - 2, pkt_len + 2); - DEBUG_STUB("*** %s Written: %d\n", __FUNCTION__, (int)written); if ((written == -1 && (errno == EAGAIN || errno == EWOULDBLOCK)) || written < pkt_len + 2) {