interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,373 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

224 Commits

Author SHA1 Message Date
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00
Willem Toorop 8b9041325b Bugfix don't grow upstreams memory 
upstreams have internal references and cannot be realloc'ed easily
 2015-11-01 15:23:26 +09:00
Willem Toorop ae2cc39a36 Full roadblock avoidance functionality 2015-11-01 12:28:43 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 973fcbddcc Don't assume mini_event loop 2015-10-22 14:38:34 +02:00
Willem Toorop 47b77c948a Fix small memory leak when switching event loops 2015-10-22 14:16:53 +02:00
Willem Toorop fbc3b2d6a8 Use the NOT_IMPLEMENTED return code! 2015-10-22 12:13:40 +02:00
Willem Toorop b88c74b4c8 Synchronize with October 2015 spec 2015-10-22 12:02:04 +02:00
Sara Dickinson b74c62066c Cleanup 2015-10-16 18:31:57 +01:00
Sara Dickinson 689447509a Change port used for TLS to 853 2015-10-16 17:00:14 +01:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks 
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
 2015-09-03 15:07:29 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed" 
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
 2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 2404cc2c8e Extend regression test 2015-08-15 15:27:58 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
Sara Dickinson dbad8a9003 Restrict transport list to 1 entry for each valid transport 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Willem Toorop 0c5dd59035 Fix upstream/transport array in 1 upstream dict 2015-07-19 09:43:12 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00