Merge pull request #368 from getdnsapi/devel/tls_settings

TLS settings have tls_ prefixed name
This commit is contained in:
wtoorop 2017-12-21 14:25:01 +01:00 committed by GitHub
commit efb0539c15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 64 additions and 63 deletions

View File

@ -11,7 +11,8 @@
* Report default extension settings with * Report default extension settings with
getdns_context_get_api_information() getdns_context_get_api_information()
* Specify locations at which CA certificates for verification purposes * Specify locations at which CA certificates for verification purposes
are located: getdns_context_set_CApath() getdns_context_set_CAfile() are located: getdns_context_set_tls_ca_path()
getdns_context_set_tls_ca_file()
* getdns_context_set_resolvconf() function to initialize a context * getdns_context_set_resolvconf() function to initialize a context
upstreams and suffices with a resolv.conf file. upstreams and suffices with a resolv.conf file.
getdns_context_get_resolvconf() to get the file used to initialize getdns_context_get_resolvconf() to get the file used to initialize

View File

@ -89,8 +89,8 @@ static struct const_info consts_info[] = {
{ 628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT }, { 628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
{ 629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT }, { 629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT },
{ 630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT }, { 630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT },
{ 631, "GETDNS_CONTEXT_CODE_CAPATH", GETDNS_CONTEXT_CODE_CAPATH_TEXT }, { 631, "GETDNS_CONTEXT_CODE_TLS_CA_PATH", GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT },
{ 632, "GETDNS_CONTEXT_CODE_CAFILE", GETDNS_CONTEXT_CODE_CAFILE_TEXT }, { 632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT },
{ 633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT }, { 633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
{ 700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT }, { 700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
{ 701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT }, { 701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
@ -162,8 +162,6 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_CALLBACK_TIMEOUT", 702 }, { "GETDNS_CALLBACK_TIMEOUT", 702 },
{ "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 }, { "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 },
{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 }, { "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
{ "GETDNS_CONTEXT_CODE_CAFILE", 632 },
{ "GETDNS_CONTEXT_CODE_CAPATH", 631 },
{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 }, { "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 }, { "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
{ "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 }, { "GETDNS_CONTEXT_CODE_DNS_ROOT_SERVERS", 604 },
@ -187,6 +185,8 @@ static struct const_name_info consts_name_info[] = {
{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 }, { "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 }, { "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 }, { "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
{ "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 },
{ "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 },
{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 }, { "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 }, { "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 }, { "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },

View File

@ -1530,8 +1530,8 @@ getdns_context_create_with_extended_memory_functions(
result->trust_anchors_verify_email = NULL; result->trust_anchors_verify_email = NULL;
result->trust_anchors_verify_CA = NULL; result->trust_anchors_verify_CA = NULL;
result->appdata_dir = NULL; result->appdata_dir = NULL;
result->CApath = NULL; result->tls_ca_path = NULL;
result->CAfile = NULL; result->tls_ca_file = NULL;
result->tls_cipher_list = NULL; result->tls_cipher_list = NULL;
(void) memset(&result->root_ksk, 0, sizeof(result->root_ksk)); (void) memset(&result->root_ksk, 0, sizeof(result->root_ksk));
@ -1797,10 +1797,10 @@ getdns_context_destroy(struct getdns_context *context)
, context->trust_anchors_verify_email); , context->trust_anchors_verify_email);
if (context->appdata_dir) if (context->appdata_dir)
GETDNS_FREE(context->mf, context->appdata_dir); GETDNS_FREE(context->mf, context->appdata_dir);
if (context->CApath) if (context->tls_ca_path)
GETDNS_FREE(context->mf, context->CApath); GETDNS_FREE(context->mf, context->tls_ca_path);
if (context->CAfile) if (context->tls_ca_file)
GETDNS_FREE(context->mf, context->CAfile); GETDNS_FREE(context->mf, context->tls_ca_file);
if (context->tls_cipher_list) if (context->tls_cipher_list)
GETDNS_FREE(context->mf, context->tls_cipher_list); GETDNS_FREE(context->mf, context->tls_cipher_list);
@ -3608,9 +3608,9 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
return GETDNS_RETURN_BAD_CONTEXT; return GETDNS_RETURN_BAD_CONTEXT;
/* For strict authentication, we must have local root certs available /* For strict authentication, we must have local root certs available
Set up is done only when the tls_ctx is created (per getdns_context)*/ Set up is done only when the tls_ctx is created (per getdns_context)*/
if ((context->CAfile || context->CApath) && if ((context->tls_ca_file || context->tls_ca_path) &&
SSL_CTX_load_verify_locations(context->tls_ctx SSL_CTX_load_verify_locations(context->tls_ctx
, context->CAfile, context->CApath)) , context->tls_ca_file, context->tls_ca_path))
; /* pass */ ; /* pass */
# ifndef USE_WINSOCK # ifndef USE_WINSOCK
else if (!SSL_CTX_set_default_verify_paths(context->tls_ctx)) { else if (!SSL_CTX_set_default_verify_paths(context->tls_ctx)) {
@ -3916,10 +3916,10 @@ _get_context_settings(getdns_context* context)
(void) getdns_dict_util_set_string(result, "resolvconf", str_value); (void) getdns_dict_util_set_string(result, "resolvconf", str_value);
if (!getdns_context_get_hosts(context, &str_value) && str_value) if (!getdns_context_get_hosts(context, &str_value) && str_value)
(void) getdns_dict_util_set_string(result, "hosts", str_value); (void) getdns_dict_util_set_string(result, "hosts", str_value);
if (!getdns_context_get_CApath(context, &str_value) && str_value) if (!getdns_context_get_tls_ca_path(context, &str_value) && str_value)
(void) getdns_dict_util_set_string(result, "CApath", str_value); (void) getdns_dict_util_set_string(result, "tls_ca_path", str_value);
if (!getdns_context_get_CAfile(context, &str_value) && str_value) if (!getdns_context_get_tls_ca_file(context, &str_value) && str_value)
(void) getdns_dict_util_set_string(result, "CAfile", str_value); (void) getdns_dict_util_set_string(result, "tls_ca_file", str_value);
if (!getdns_context_get_tls_cipher_list(context, &str_value) && str_value) if (!getdns_context_get_tls_cipher_list(context, &str_value) && str_value)
(void) getdns_dict_util_set_string(result, "tls_cipher_list", str_value); (void) getdns_dict_util_set_string(result, "tls_cipher_list", str_value);
@ -4717,8 +4717,8 @@ _getdns_context_config_setting(getdns_context *context,
CONTEXT_SETTING_STRING(resolvconf) CONTEXT_SETTING_STRING(resolvconf)
#endif #endif
CONTEXT_SETTING_STRING(hosts) CONTEXT_SETTING_STRING(hosts)
CONTEXT_SETTING_STRING(CApath) CONTEXT_SETTING_STRING(tls_ca_path)
CONTEXT_SETTING_STRING(CAfile) CONTEXT_SETTING_STRING(tls_ca_file)
CONTEXT_SETTING_STRING(tls_cipher_list) CONTEXT_SETTING_STRING(tls_cipher_list)
/**************************************/ /**************************************/
@ -5225,48 +5225,48 @@ getdns_context *_getdns_context_get_sys_ctxt(
} }
getdns_return_t getdns_return_t
getdns_context_set_CApath(getdns_context *context, const char *CApath) getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path)
{ {
if (!context || !CApath) if (!context || !tls_ca_path)
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
if (context->CApath) if (context->tls_ca_path)
GETDNS_FREE(context->mf, context->CApath); GETDNS_FREE(context->mf, context->tls_ca_path);
context->CApath = _getdns_strdup(&context->mf, CApath); context->tls_ca_path = _getdns_strdup(&context->mf, tls_ca_path);
dispatch_updated(context, GETDNS_CONTEXT_CODE_CAPATH); dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_PATH);
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
} }
getdns_return_t getdns_return_t
getdns_context_get_CApath(getdns_context *context, const char **CApath) getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path)
{ {
if (!context || !CApath) if (!context || !tls_ca_path)
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
*CApath = context->CApath; *tls_ca_path = context->tls_ca_path;
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
} }
getdns_return_t getdns_return_t
getdns_context_set_CAfile(getdns_context *context, const char *CAfile) getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file)
{ {
if (!context || !CAfile) if (!context || !tls_ca_file)
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
if (context->CAfile) if (context->tls_ca_file)
GETDNS_FREE(context->mf, context->CAfile); GETDNS_FREE(context->mf, context->tls_ca_file);
context->CAfile = _getdns_strdup(&context->mf, CAfile); context->tls_ca_file = _getdns_strdup(&context->mf, tls_ca_file);
dispatch_updated(context, GETDNS_CONTEXT_CODE_CAFILE); dispatch_updated(context, GETDNS_CONTEXT_CODE_TLS_CA_FILE);
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
} }
getdns_return_t getdns_return_t
getdns_context_get_CAfile(getdns_context *context, const char **CAfile) getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file)
{ {
if (!context || !CAfile) if (!context || !tls_ca_file)
return GETDNS_RETURN_INVALID_PARAMETER; return GETDNS_RETURN_INVALID_PARAMETER;
*CAfile = context->CAfile; *tls_ca_file = context->tls_ca_file;
return GETDNS_RETURN_GOOD; return GETDNS_RETURN_GOOD;
} }

View File

@ -344,8 +344,8 @@ struct getdns_context {
char *appdata_dir; char *appdata_dir;
_getdns_property can_write_appdata; _getdns_property can_write_appdata;
char *CApath; char *tls_ca_path;
char *CAfile; char *tls_ca_file;
char *tls_cipher_list; char *tls_cipher_list;
getdns_upstreams *upstreams; getdns_upstreams *upstreams;

View File

@ -94,10 +94,10 @@ extern "C" {
#define GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT "Change related to getdns_context_set_resolvconf" #define GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT "Change related to getdns_context_set_resolvconf"
#define GETDNS_CONTEXT_CODE_HOSTS 630 #define GETDNS_CONTEXT_CODE_HOSTS 630
#define GETDNS_CONTEXT_CODE_HOSTS_TEXT "Change related to getdns_context_set_hosts" #define GETDNS_CONTEXT_CODE_HOSTS_TEXT "Change related to getdns_context_set_hosts"
#define GETDNS_CONTEXT_CODE_CAPATH 631 #define GETDNS_CONTEXT_CODE_TLS_CA_PATH 631
#define GETDNS_CONTEXT_CODE_CAPATH_TEXT "Change related to getdns_context_set_CApath" #define GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT "Change related to getdns_context_set_tls_ca_path"
#define GETDNS_CONTEXT_CODE_CAFILE 632 #define GETDNS_CONTEXT_CODE_TLS_CA_FILE 632
#define GETDNS_CONTEXT_CODE_CAFILE_TEXT "Change related to getdns_context_set_CAfile" #define GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT "Change related to getdns_context_set_tls_ca_file"
#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST 633 #define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST 633
#define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list" #define GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT "Change related to getdns_context_set_tls_cipher_list"
@ -719,27 +719,27 @@ getdns_context_set_hosts(getdns_context *context, const char *hosts);
/** /**
* Specify where the location for CA certificates for verification purposes * Specify where the location for CA certificates for verification purposes
* are located. * are located.
* @see getdns_context_get_CApath * @see getdns_context_get_tls_ca_path
* @see getdns_context_set_CAfile * @see getdns_context_set_tls_ca_file
* @param[in] context The context to configure * @param[in] context The context to configure
* @param[in] CApath Directory with Certificate Authority certificates. * @param[in] tls_ca_path Directory with Certificate Authority certificates.
* @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/ */
getdns_return_t getdns_return_t
getdns_context_set_CApath(getdns_context *context, const char *CApath); getdns_context_set_tls_ca_path(getdns_context *context, const char *tls_ca_path);
/** /**
* Specify the file with CA certificates for verification purposes. * Specify the file with CA certificates for verification purposes.
* @see getdns_context_get_CAfile * @see getdns_context_get_tls_ca_file
* @see getdns_context_set_CApath * @see getdns_context_set_tls_ca_path
* @param[in] context The context to configure * @param[in] context The context to configure
* @param[in] CAfile The file with Certificate Authority certificates. * @param[in] tls_ca_file The file with Certificate Authority certificates.
* @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/ */
getdns_return_t getdns_return_t
getdns_context_set_CAfile(getdns_context *context, const char *CAfile); getdns_context_set_tls_ca_file(getdns_context *context, const char *tls_ca_file);
/** /**
* Sets the list of available ciphers for authenticated TLS upstreams. * Sets the list of available ciphers for authenticated TLS upstreams.
@ -1236,29 +1236,29 @@ getdns_context_get_hosts(getdns_context *context, const char **hosts);
/** /**
* Get the location of the directory for CA certificates for verification * Get the location of the directory for CA certificates for verification
* purposes. * purposes.
* @see getdns_context_set_CApath * @see getdns_context_set_tls_ca_path
* @see getdns_context_get_CAfile * @see getdns_context_get_tls_ca_file
* @param[in] context The context to configure * @param[in] context The context to configure
* @param[out] CApath Directory with Certificate Authority certificates * @param[out] tls_ca_path Directory with Certificate Authority certificates
* or NULL when one was not configured. * or NULL when one was not configured.
* @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/ */
getdns_return_t getdns_return_t
getdns_context_get_CApath(getdns_context *context, const char **CApath); getdns_context_get_tls_ca_path(getdns_context *context, const char **tls_ca_path);
/** /**
* Get the file location with CA certificates for verification purposes. * Get the file location with CA certificates for verification purposes.
* @see getdns_context_set_CAfile * @see getdns_context_set_tls_ca_file
* @see getdns_context_get_CApath * @see getdns_context_get_tls_ca_path
* @param[in] context The context to configure * @param[in] context The context to configure
* @param[out] CAfile The file with Certificate Authority certificates * @param[out] tls_ca_file The file with Certificate Authority certificates
* or NULL when one was not configured. * or NULL when one was not configured.
* @return GETDNS_RETURN_GOOD when successful * @return GETDNS_RETURN_GOOD when successful
* @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL. * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
*/ */
getdns_return_t getdns_return_t
getdns_context_get_CAfile(getdns_context *context, const char **CAfile); getdns_context_get_tls_ca_file(getdns_context *context, const char **tls_ca_file);
/** /**
* Get the list of available ciphers for authenticated TLS upstreams. * Get the list of available ciphers for authenticated TLS upstreams.

View File

@ -7,8 +7,6 @@ getdns_context_create_with_extended_memory_functions
getdns_context_create_with_memory_functions getdns_context_create_with_memory_functions
getdns_context_destroy getdns_context_destroy
getdns_context_detach_eventloop getdns_context_detach_eventloop
getdns_context_get_CAfile
getdns_context_get_CApath
getdns_context_get_api_information getdns_context_get_api_information
getdns_context_get_append_name getdns_context_get_append_name
getdns_context_get_dns_root_servers getdns_context_get_dns_root_servers
@ -35,6 +33,8 @@ getdns_context_get_suffix
getdns_context_get_timeout getdns_context_get_timeout
getdns_context_get_tls_authentication getdns_context_get_tls_authentication
getdns_context_get_tls_backoff_time getdns_context_get_tls_backoff_time
getdns_context_get_tls_ca_file
getdns_context_get_tls_ca_path
getdns_context_get_tls_cipher_list getdns_context_get_tls_cipher_list
getdns_context_get_tls_connection_retries getdns_context_get_tls_connection_retries
getdns_context_get_tls_query_padding_blocksize getdns_context_get_tls_query_padding_blocksize
@ -45,8 +45,6 @@ getdns_context_get_update_callback
getdns_context_get_upstream_recursive_servers getdns_context_get_upstream_recursive_servers
getdns_context_process_async getdns_context_process_async
getdns_context_run getdns_context_run
getdns_context_set_CAfile
getdns_context_set_CApath
getdns_context_set_appdata_dir getdns_context_set_appdata_dir
getdns_context_set_append_name getdns_context_set_append_name
getdns_context_set_context_update_callback getdns_context_set_context_update_callback
@ -78,6 +76,8 @@ getdns_context_set_suffix
getdns_context_set_timeout getdns_context_set_timeout
getdns_context_set_tls_authentication getdns_context_set_tls_authentication
getdns_context_set_tls_backoff_time getdns_context_set_tls_backoff_time
getdns_context_set_tls_ca_file
getdns_context_set_tls_ca_path
getdns_context_set_tls_cipher_list getdns_context_set_tls_cipher_list
getdns_context_set_tls_connection_retries getdns_context_set_tls_connection_retries
getdns_context_set_tls_query_padding_blocksize getdns_context_set_tls_query_padding_blocksize