Jim Hague
3438c68591
Prefix TLS-only options with 'tls-'.
2018-01-15 13:26:09 +00:00
Jim Hague
08b5976f9c
Decouple from getdns config. This is now a pure getdns client.
2018-01-15 13:19:48 +00:00
Jim Hague
3298b5cd50
Extract common processing into search_check() and parse_search_check().
2018-01-15 12:37:57 +00:00
Jim Hague
cb7af33488
Some tests imply TLS. Explicitly make sure these always go over TLS.
2018-01-15 11:28:11 +00:00
Jim Hague
77a5a15cdf
Minor output corrections.
2018-01-15 11:02:14 +00:00
Jim Hague
22996bf07d
If TLS auth name given, lookup is to go over TLS.
2018-01-15 11:00:12 +00:00
Jim Hague
c0d7d2c279
Print exit status at end of main output line.
2018-01-15 10:27:10 +00:00
Jim Hague
5d4bc8bc96
Add rtt test.
2018-01-15 10:16:26 +00:00
Jim Hague
b9312e790f
Correct certificate expiry custom threshold handling.
2018-01-15 10:01:01 +00:00
Jim Hague
3258fdfd5a
Tabs? Spaces? Currently both, switch to spaces only.
2018-01-14 23:28:55 +00:00
Jim Hague
379662a3f3
Add plain lookup test.
2018-01-14 13:41:44 +00:00
Jim Hague
60118e9241
Improve cert-valid argument order to most likely first.
2018-01-13 14:56:55 +00:00
Jim Hague
e7618321ce
Add cert-valid test.
2018-01-12 18:21:38 +00:00
Jim Hague
e597daa4c0
Add 'auth' test.
2018-01-12 17:23:42 +00:00
Jim Hague
305daab9aa
Add first version of getdns_server_mon.
...
Currently only QNAME minimisation check is working.
2018-01-12 16:11:48 +00:00
Norbert Copones
0fa6d1fe2d
src/stub.c: LibreSSL has hostname verification turned on by default
2018-01-12 05:44:27 +08:00
Willem Toorop
d44237554d
No warnings from danessl allowed
2018-01-11 12:40:01 +01:00
Willem Toorop
dd433ede68
Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking
2018-01-10 14:36:43 +01:00
Willem Toorop
a746ea5e08
Dependencies
2018-01-10 14:36:33 +01:00
Willem Toorop
6b4446c7cd
Suppress compiler warnings in danessl library
2018-01-10 14:34:25 +01:00
Willem Toorop
712617e568
Dead assignment (without stub debugging)
2018-01-10 13:54:18 +01:00
Willem Toorop
7c5bdd5431
Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0
2018-01-10 12:47:14 +01:00
Willem Toorop
9e34588f19
logic error
2018-01-08 16:04:40 +01:00
Willem Toorop
546b75a9b1
libidn2 support. Thanks Paul Wouters
2018-01-08 12:54:48 +01:00
Willem Toorop
a1e5cc44a0
Add https://github.com/vdukhovni/ssl_dane submodule
2018-01-08 10:33:25 +01:00
Willem Toorop
608189710c
Log printing in getdns_query
2018-01-04 16:35:22 +01:00
Willem Toorop
2471f43dea
Less logging with successful authenticated upstreams
2018-01-04 16:15:50 +01:00
Willem Toorop
540735a956
Check pins with DANE functions when available
2018-01-04 15:58:09 +01:00
Willem Toorop
fe7d6678cf
Merge branch 'develop'
2017-12-22 12:43:06 +01:00
Willem Toorop
2ff1bf6152
Merge branch 'release/1.3.0' into develop
2017-12-22 12:42:47 +01:00
Willem Toorop
25a31e6b35
Bump version
2017-12-21 17:06:43 +01:00
Willem Toorop
03d4950470
We need to set transport list before first query
...
(this needs to be reviewed...)
2017-12-21 16:49:19 +01:00
Willem Toorop
9aa1d067d2
Detect dnsmasq and skip the unit test that fails with it
...
This actually resolves issue #300
Thanks Tim Rühsen and Konomi Kitten
2017-12-21 16:21:10 +01:00
Willem Toorop
aa419a88d0
Skip some more truncation issues with dnsmasq
2017-12-21 16:01:48 +01:00
Willem Toorop
81ffa2f48d
Skip test that breaks with dnsmasq
...
when SKIP_DNSMASQ_ISSUE variable is test.
Helps out a little with issue #300
2017-12-21 15:45:58 +01:00
Willem Toorop
0ef910b9ee
read_buf's may remain on canceled tcp requests
2017-12-21 14:53:54 +01:00
wtoorop
efb0539c15
Merge pull request #368 from getdnsapi/devel/tls_settings
...
TLS settings have tls_ prefixed name
2017-12-21 14:25:01 +01:00
Willem Toorop
97cc67d026
s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g
2017-12-21 13:08:01 +01:00
wtoorop
f173f4667f
Merge pull request #367 from getdnsapi/features/set_cipher_list
...
Features/set cipher list
2017-12-21 13:00:08 +01:00
Willem Toorop
ae38a29a50
Upstream specific tls_cipher_list's
2017-12-21 12:30:15 +01:00
Willem Toorop
8f88981efe
rename set_cipher_list() to set_tls_cipher_list()
2017-12-21 11:35:05 +01:00
Willem Toorop
7fe3bd6a1f
getdns_context_set_ciphers_list()
2017-12-20 13:13:02 +01:00
Willem Toorop
2bd5df4959
Update to Stubby v0.2.1
2017-12-20 09:53:11 +01:00
Willem Toorop
d35fae5038
Bump version (to 1.3.0-rc2), update ChangeLog
2017-12-20 09:43:45 +01:00
Willem Toorop
274bc9bc4a
Merge branch 'develop' into release/1.2.2
2017-12-20 09:37:56 +01:00
wtoorop
76d8f11b44
Merge pull request #366 from hardfalcon/develop
...
Add support for TLS 1.3 and Chacha20-Poly1305
2017-12-20 09:36:59 +01:00
wtoorop
7b20414ee0
Merge pull request #365 from saradickinson/fix_windows_build
...
Fix windows build
2017-12-19 11:25:33 +01:00
Pascal Ernster
65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305
...
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).
Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.
Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
2017-12-15 20:01:30 +00:00
Sara Dickinson
00d3232ba4
Fix windows build
2017-12-15 16:53:23 +00:00
Willem Toorop
ac17d4ebed
We need a specific install location for tests builds ...
...
to not load default library
2017-12-14 11:53:15 +01:00