interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,623 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2623 Commits

Author SHA1 Message Date
Willem Toorop 0c3b6fb2f6 Symbols & constants 2018-02-12 15:57:28 +01:00
Willem Toorop 401aa2e3b8 Specify the supported curves with TLS 2018-02-12 15:40:17 +01:00
Willem Toorop e944203e55 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2018-02-07 13:50:53 +01:00
Willem Toorop 82c00eb0a5 version.bind CH TXT for getdns_query 2018-02-07 13:50:29 +01:00
wtoorop 7e915b0601
Merge pull request #379 from getdnsapi/devel/tcp-server-stability 
Devel/tcp server stability

Thanks @maddie & @ArchangeGabriel
 2018-02-02 10:44:55 +01:00
Willem Toorop ec8b8ba903 One more fixing the fixes fix that slipped through 2018-01-31 14:41:13 +01:00
Willem Toorop 9bc98272a1 Fixing the fixes 2018-01-31 14:33:31 +01:00
Willem Toorop 97b056c355 Prevent erred TCP connection to be rescheduled ... 
for reading (or writing) when an reply comes in.

Thanks Maddie!
 2018-01-30 15:21:46 +01:00
Willem Toorop 1f401f7253 Do not return freed netreqs! 2018-01-30 12:40:47 +01:00
Willem Toorop 2e03d3799c Memory leak on some TLS creation error cases 2018-01-30 12:23:23 +01:00
Willem Toorop 4f37d2b933 No wildcard expansions allowed for RRs used in DNSSEC proofs 
Signatures of DNSKEYs, DSs, NSECs and NSEC3s can not be wildcard expansions when used with DNSSEC proofs.
Only direct queries for those types are allowed to be wildcard expansions.

This in response to https://unbound.net/downloads/CVE-2017-15105.txt, although getdns was not vulnerable for this specific issue.
 2018-01-23 16:50:05 +01:00
Willem Toorop d38f233a80 Track readbuf free's 
As tcp_connection_destroy() might be called more than once per connection (depending on outstanding work)
 2018-01-22 16:56:48 +01:00
Willem Toorop 155b035cd8 Forgot to surround surround yaml include with defines 2018-01-17 17:07:36 +01:00
Willem Toorop 9e34588f19 logic error 2018-01-08 16:04:40 +01:00
Willem Toorop 546b75a9b1 libidn2 support. Thanks Paul Wouters 2018-01-08 12:54:48 +01:00
Willem Toorop 2ff1bf6152 Merge branch 'release/1.3.0' into develop 2017-12-22 12:42:47 +01:00
Willem Toorop 25a31e6b35 Bump version 2017-12-21 17:06:43 +01:00
Willem Toorop 03d4950470 We need to set transport list before first query 
(this needs to be reviewed...)
 2017-12-21 16:49:19 +01:00
Willem Toorop 9aa1d067d2 Detect dnsmasq and skip the unit test that fails with it 
This actually resolves issue #300
Thanks Tim Rühsen and Konomi Kitten
 2017-12-21 16:21:10 +01:00
Willem Toorop aa419a88d0 Skip some more truncation issues with dnsmasq 2017-12-21 16:01:48 +01:00
Willem Toorop 81ffa2f48d Skip test that breaks with dnsmasq 
when SKIP_DNSMASQ_ISSUE variable is test.
Helps out a little with issue #300
 2017-12-21 15:45:58 +01:00
Willem Toorop 0ef910b9ee read_buf's may remain on canceled tcp requests 2017-12-21 14:53:54 +01:00
wtoorop efb0539c15
Merge pull request #368 from getdnsapi/devel/tls_settings 
TLS settings have tls_ prefixed name
 2017-12-21 14:25:01 +01:00
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
wtoorop f173f4667f
Merge pull request #367 from getdnsapi/features/set_cipher_list 
Features/set cipher list
 2017-12-21 13:00:08 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 8f88981efe rename set_cipher_list() to set_tls_cipher_list() 2017-12-21 11:35:05 +01:00
Willem Toorop 7fe3bd6a1f getdns_context_set_ciphers_list() 2017-12-20 13:13:02 +01:00
Willem Toorop 2bd5df4959 Update to Stubby v0.2.1 2017-12-20 09:53:11 +01:00
Willem Toorop d35fae5038 Bump version (to 1.3.0-rc2), update ChangeLog 2017-12-20 09:43:45 +01:00
Willem Toorop 274bc9bc4a Merge branch 'develop' into release/1.2.2 2017-12-20 09:37:56 +01:00
wtoorop 76d8f11b44
Merge pull request #366 from hardfalcon/develop 
Add support for TLS 1.3 and Chacha20-Poly1305
 2017-12-20 09:36:59 +01:00
wtoorop 7b20414ee0
Merge pull request #365 from saradickinson/fix_windows_build 
Fix windows build
 2017-12-19 11:25:33 +01:00
Pascal Ernster 65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305 
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).

Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.

Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
 2017-12-15 20:01:30 +00:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop ac17d4ebed We need a specific install location for tests builds ... 
to not load default library
 2017-12-14 11:53:15 +01:00
wtoorop 9c35fa1643
Merge pull request #364 from saradickinson/move_macos_script 
Update makefile because a file in Stubby was moved
 2017-12-13 16:35:32 +01:00
Willem Toorop 2b5b59537f Getting Stubby ready to merge PR #364 2017-12-13 16:33:37 +01:00
Willem Toorop fd16d7b5eb Bugfix in stubby.c (copy/paste error) 2017-12-13 15:59:42 +01:00
Willem Toorop 0615457dfa Resolve constant conflict 2017-12-13 15:43:36 +01:00
Willem Toorop 9f566de65d DNSSEC segfault issue 2017-12-13 15:41:08 +01:00
Sara Dickinson d232353f93 Update makefile because a file in Stubby was moved 2017-12-13 14:22:52 +00:00
Willem Toorop d7864ee0df Stubby disabling DNSSEC validation update 2017-12-13 14:52:49 +01:00
Willem Toorop 2c66487635 Merge branch 'devel/dnssec_meta_queries' into release/1.2.2 2017-12-13 14:52:00 +01:00
Willem Toorop 5f1a2f8659 Merge branch 'features/CA_verify_locations' into release/1.2.2 2017-12-13 14:49:42 +01:00
Willem Toorop cfeaefbe3f Merge branch 'features/resolvconf' into release/1.2.2 2017-12-13 14:44:06 +01:00
Willem Toorop 825e2fd15f Bump version 2017-12-13 14:42:18 +01:00
Willem Toorop 090b076d96 Zero configuration DNSSEC meta queries on existing transports 
Should fix bug #356
 2017-12-13 13:08:24 +01:00
Willem Toorop a63e5edb86 trust-anchor meta queries need to be done opportunistic too 
In anticipation of DANE authenticated upstreams
 2017-12-13 12:58:24 +01:00
Willem Toorop e691312a3f Schedule DNSSEC meta queries against existing context 2017-12-13 12:50:03 +01:00