interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,919 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2919 Commits

Author SHA1 Message Date
Jim Hague 4ec93a3df0 Add Doxygen for remaining tls.h functions. 2018-11-26 11:32:18 +00:00
Jim Hague 27a7e4e28f Attempt minimal autoconf changes to use GnuTLS instead of OpenSSL. 
I could waste the rest of the available time trying to turn configure.ac into something that cleanly ignores OpenSSL, uses GnuTLS instead and retains all the options. Or even better scrap the whole autoconf mess and start again.

But in the interests of prototyping, do something quick and dirty. This means GnuTLS must for now be configured thus:

$ CFLAGS="-g" ../configure --enable-stub-only --with-gnutls --disable-gost --disable-ecdsa --disable-edns-cookies

to evade other items with hardcoded OpenSSL checks in them.
 2018-11-23 17:49:06 +00:00
Jim Hague 2267863a53 Attempt to improve the preprocessor horror that is util/val_secalgo.h. 
Convert the main util/val_secalgo.h to a plain interface. Move the preprocessor redefines into validator/val_secalgo.h, and move THAT under openssl, because it is OpenSSL implementation specific at present - you can compile with NSS and Nettle if config allows.
 2018-11-23 16:28:55 +00:00
Willem Toorop 2d76a5fd52 We had complaints for serving the root, so.. 
TCP only full recursion test now starting from K-root
	(because other roots are unreliable TCP-wise)
 2018-11-22 12:16:19 +01:00
Willem Toorop b90ba236ae tls_ciphersuites, tls_cipher_list, tls_curve_list, 
tls_min_version & tls_max_version settings must cause
	failure when not supported by the TLS library.  Not during
	configure time, but during connection setup so it doesn't
	hamper alternative transports.
 2018-11-22 11:37:28 +01:00
Willem Toorop 6b10570842 DNSSEC bugfix found with static analysis 
* Fix for DNSSEC bug in finding most specific key when
  trust anchor proves non-existance of one of the labels
  along the authentication chain other than the non-
  existance of a DS record on a zonecut.
 2018-11-22 10:21:48 +01:00
Willem Toorop 4ff9816e39 google now supports DoT 2018-11-21 17:00:03 +01:00
Willem Toorop 73868643d2 Fix compile warnings 2018-11-21 16:07:47 +01:00
Willem Toorop 1904ee7318 Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130 
Configurable TLS version
 2018-11-21 15:02:28 +01:00
Jim Hague e7593541ef Ensure that compat/getentropy* don't get used, and so drag in OpenSSL. 2018-11-20 17:37:46 +00:00
Jim Hague 4f67491971 Remove unnecessary OpenSSL include in dnssec.c. 2018-11-20 17:36:56 +00:00
Jim Hague 05f9d30e89 Move anchor.c to under openssl. 2018-11-20 16:57:48 +00:00
Jim Hague f3e0f2b9e6 Split OpenSSL specific bits of keyraw.hc into keyraw-internal.hc. 
All usage is internal to val_secalgo.c, which is already in openssl.
 2018-11-20 16:51:17 +00:00
Jim Hague da94b52f74 Move val_secalgo.c to openssl. 
It contains ports other than OpenSSL (NSS and NETTLE), but we're not worrying about those for our purposes at present.
 2018-11-20 16:21:06 +00:00
Jim Hague 4eb845bc58 Move internal-only functions from public pubkey-pinning interface. 
The interface now only exposes functions used by the main getdns code.
 2018-11-20 15:55:34 +00:00
Jim Hague ff9cde2087 Remove SSL type from pubkey-pinning interface. 2018-11-20 15:49:26 +00:00
Jim Hague 756eda96d8 Remove ssl_dane dir from dependency generation search. 2018-11-20 15:47:56 +00:00
Jim Hague cfa78707a3 Add openssl subdir to distribution. 2018-11-20 15:35:59 +00:00
Willem Toorop 6a5e96d4e1 tls_ciphersuites + bugfix in strdup2!! 2018-11-20 16:13:57 +01:00
Jim Hague 52421be5f4 Correct error checking result of _getdns_tls_context_set_ca(). 2018-11-20 15:12:10 +00:00
Jim Hague 1b0a09a23f Wrap hostname/certificate verification. 
This removes the last OpenSSL items from stub.c.
 2018-11-20 14:53:31 +00:00
Willem Toorop e5a53fb1d2 Bumb version 2018-11-20 13:57:13 +01:00
Jim Hague fb73bcb77e Correct return value error from _getdns_tls_connection_(read|write)(). 2018-11-20 12:43:17 +00:00
Jim Hague 2e8c48544b Move pubkey-pinning implementation under openssl/. 2018-11-19 13:55:02 +00:00
Jim Hague aba0e2fb4c Move non-TLS-library specific parts of tls.h to ~/src/tls.h and have it include lib-specific tls-internal.h. 
Update dependencies.
 2018-11-19 09:49:54 +00:00
Jim Hague 5d353d9efb To aid proof-of-concept work, insist on OpenSSL 1.1.1 or later. 
Remove ssl_dane as now surplus to requirements.
 2018-11-16 17:58:29 +00:00
Jim Hague 0fd6fd4c5c Replace (one instance of) SSL_get_peer_certificate(). 2018-11-16 17:09:26 +00:00
Jim Hague 4b8c9d1bd7 Replace SSL_get_version(). 2018-11-15 17:53:37 +00:00
Jim Hague 09019bee75 Replace SSL_write(). 2018-11-15 17:53:29 +00:00
Jim Hague e7453522d5 Replace SSL_read(). 2018-11-15 17:51:52 +00:00
Jim Hague e22c01e212 tls_do_handshake: move handshake and check for new session into abstraction layer. 2018-11-15 14:28:04 +00:00
Jim Hague ffd1136e94 tls_create_object(): Move setting client state and auto-retry into connection_new and add setting connection session. 2018-11-15 13:23:00 +00:00
Jim Hague d9fdd4c10d Abstracting TLS; let's start with context only. 
Change data types in context.h and fix up context.c. Do minimal fixups to stub.c.
 2018-11-15 11:01:13 +00:00
Willem Toorop 12589d85c2 Wild guess at OpenSSL without engine support 2018-06-12 17:00:45 +02:00
Willem Toorop 9b4e8e9e91 X509_get_notAfter not in OpenSSL 1.1.1 anymore 2018-06-12 16:37:46 +02:00
Willem Toorop 884f6ddc5e DS is always a delegation and never at the apex 2018-06-10 16:57:40 +02:00
Willem Toorop 25231aa686 Fix finding signer of NSEC and NSEC3s 
Thanks Philip Homburg
 2018-06-08 21:39:59 +02:00
Willem Toorop 000fa94ae2 Sync ldns & utils with unbound 2018-05-22 12:44:13 +02:00
Willem Toorop 799bd2f6b1 Bugfix #399: Reinclude <linux/sysctl.h> in getentropy_linux.c 2018-05-15 08:11:55 +02:00
Willem Toorop f9ab894936 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2018-05-11 13:29:59 +02:00
Willem Toorop 8c108fb761 Merge branch 'release/1.4.2' 2018-05-11 13:29:24 +02:00
Willem Toorop e481273ff4 Last minute update 2018-05-11 13:20:08 +02:00
wtoorop 0510fb00d3
Merge pull request #397 from ehmry/tcp_sendto 
No TCP sendto without TCP_FASTOPEN
 2018-05-11 12:04:49 +01:00
wtoorop fa133fcb92
Merge pull request #393 from saradickinson/bugfix/windows_certs 
Temporary fix for https://github.com/getdnsapi/stubby/issues/87. Dete…
 2018-05-11 11:52:18 +01:00
wtoorop 7fe45a7012
Merge pull request #396 from saradickinson/bugfix/windows_certs 
Temporary fix for https://github.com/getdnsapi/stubby/issues/87. Dete…
 2018-05-11 11:51:33 +01:00
Willem Toorop 86e5c39159 Release 1.4.2 
-----BEGIN PGP SIGNATURE-----
 
 iQIxBAABCAAbBQJa9XQrFBx3aWxsZW1AbmxuZXRsYWJzLm5sAAoJEOX4+CEvd6SY
 QjYP/1hDH9Y1+JZFVdcDk0JLrMhrhfnPq1RdefiEzXPwcoFvbahwb7G5ARXQCkUz
 dgiJoae1euaCeQQyscJ83Vv9zxRetxCquuaA6j3eeiR3HtVJr6ayGfg1JPHcgO+O
 S7IJkUuRcpSB7PK4f/FqyrnrJNSFUfN25y9WvXOS5mJBq1OX8QhqWHN63uHXKVQt
 lfipQE/WiQic07a1bObNJcdmot4M6cCa6QcSc1JS37dvvHCHZc0HQox/VCUJpqrr
 rx1hbRCZFZ3B+DY4Fded4rIZSYG9Y/J64X7IW5hdv2z2G//Q9YBf16rkzz6xcpA/
 CIniaFXNliaugkHD7Nag/D32yMpUhDnJt2BloNQodZNMPRzerfLj9R8IKOjjM+py
 vEe+xCyrs7s7TKyK9nSacyJ5BWZDE1vOKDF1tNHK9KzJ4YtfGtmxjjmB1VytNy6O
 BXs3ml/VSgVgBZbmcevWDXn6anByacKADDkiyVJ9PRCL2+qFOt3CR3t8GWlCwK5O
 GvrKmNkeUYfjyw03qCXXJ54Ti6xrmBJPcUeBE1NdTF7OgYhSyImhQqAnInG/Z3ZU
 c1j7pKYw2LNQ7F/CaW+AQ4HpizltIHRiBHhMvaArhp4idvyFMTr1YV7MrCWixqpx
 2fGSVuaLSYGOxsqM7m2lrbTckIESBAxX+f4vGj2nxP9qzna0
 =DfcS
 -----END PGP SIGNATURE-----

Merge tag 'v1.4.2'

Release 1.4.2
 2018-05-11 12:45:26 +02:00
Willem Toorop 0d283fc63f 1.4.2 release 2018-05-11 12:02:49 +02:00
Willem Toorop 48e0ea013c Include Stubby - v0.2.3 release 2018-05-11 11:56:00 +02:00
Willem Toorop 6c99e7b8a6 Bugfix getdnsapi/stubby#106: Core dump when ... 
printing certain configuration. Thanks Han Vinke
 2018-05-11 11:28:52 +02:00
Willem Toorop 98b1ff624a Memory loss with empty string bindata's 2018-05-11 11:23:19 +02:00