Willem Toorop
c53b15bd9a
target-fetch-policy only with unbound-event-api
2016-03-31 07:49:40 -03:00
Willem Toorop
c9fab8c242
target-fetch-policy for more resilient recursion
2016-03-30 10:56:46 -03:00
wtoorop
4e0073ae6f
Merge pull request #157 from gmadkat/develop
...
Added code to read the domain from the registry and use it if search …
2016-03-29 16:13:04 +02:00
gmadkat
af7f384cf3
Added code to read the domain from the registry and use it if search suffixes are missing
2016-03-27 22:37:54 -07:00
Melinda Shore
1f45bf7e43
Merge pull request #154 from wtoorop/devel/no-sync-side-effects
...
No more side effects with synchronous calls
2016-03-24 10:53:05 -08:00
Melinda Shore
4b033c766b
Merge pull request #156 from wtoorop/devel/std-suffix-handling
...
Devel/std suffix handling
2016-03-24 10:52:36 -08:00
Willem Toorop
fdd3992f65
openssl 1.1 support
2016-03-24 14:02:18 +01:00
Willem Toorop
e7c77290cc
GETDNS_APPEND_NAME_TO_SINGLE_LABEL_FIRST
2016-03-23 23:27:27 +01:00
Willem Toorop
b0ecda5d2e
No more side effects with synchronous calls
...
(and upstreams that keep connections open)
2016-03-23 22:13:31 +01:00
Willem Toorop
e934c100a2
Merge branch 'develop' into devel/codebase-maintenance
2016-03-22 13:22:13 +01:00
gmadkat
5d2a05f5e0
Added search suffix for Windows from registry
2016-03-21 21:10:57 -07:00
Willem Toorop
90beaaff1d
Use non-copying list_append_this_dict
2016-03-21 14:56:09 +01:00
Willem Toorop
4551f0850b
Use non-copying dict_set_list
2016-03-21 12:50:43 +01:00
Willem Toorop
6f157854ce
Use non-copying dict_set_dict
2016-03-21 11:55:21 +01:00
Sara Dickinson
c1f15fc0ac
Minor tweaks
2016-03-18 12:02:40 +00:00
Sara Dickinson
c08371ebb0
First pass at updating DEBUG_STUB output
2016-03-18 11:34:51 +00:00
Willem Toorop
ab742b34b6
Miscelaneous scheduling fixes and improvements
2016-03-17 16:49:05 +01:00
Melinda Shore
cf451d2b2b
Merge pull request #146 from wtoorop/devel/direct_root_servers
...
Devel/direct root servers
2016-03-14 20:06:07 -08:00
Melinda Shore
4b5c61145a
Merge pull request #144 from wtoorop/devel/default_eventloop
...
Devel/default eventloop
2016-03-14 20:02:57 -08:00
Willem Toorop
d938c433ab
Set root servers without temporary file
2016-03-14 11:33:06 +01:00
Willem Toorop
a83c54387d
Reuse sync eventloop per context
...
So recursive resolution can depend on and continue with outstanding queries it depends on
2016-03-09 11:16:19 +01:00
Willem Toorop
70cc65f786
Replace default append_name setting
...
to GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE
2016-03-09 10:37:05 +01:00
Willem Toorop
4230961e9f
Basic usage of unbound pluggable event loop
2016-03-01 16:29:37 +01:00
Willem Toorop
6fd05675aa
Fix memory leak with getdns_get_api_information()
...
Thanks Robert Groenenberg.
2016-02-26 12:24:45 +01:00
Willem Toorop
e6f5cdb45b
Merge branch 'develop' into devel/default_eventloop
2016-02-04 15:17:25 +01:00
wtoorop
60be402062
Merge pull request #139 from ln5/parsing-resolvconf
...
Don't treat "domain" or "search" as a nameserver.
Thank you Linus
2016-02-04 10:06:40 +01:00
Linus Nordberg
466302131e
Don't treat "domain" or "search" as a nameserver.
...
Continue the while fgets() loop as soon as we're done with "domain" or
"search".
Simplify the logic of the function by removing the if else constructs.
2016-02-03 14:57:09 +01:00
unknown
db4207f60d
More review changes and made comments C style, req Willem.
2016-02-01 11:02:24 -05:00
unknown
170795ad06
More review changes and made comments C style, req Willem.
2016-02-01 10:56:45 -05:00
unknown
f5290b6a68
add change from Sara to return if a cert conversion or add to store fails
2016-01-31 00:13:09 -05:00
unknown
504881fc6f
Minor fixes to compile and run the CA trust store adapter from Windows to openopenSSL
2016-01-27 16:30:50 -05:00
Sara Dickinson
111794158c
Improve Windows CA handling code
2016-01-27 12:50:16 +00:00
unknown
7e9563faed
Added a wincrypt adapter to read CA trust certs from Windows CA store and feed them into openssl for TLS hostname authentication
2016-01-23 18:47:03 -05:00
Willem Toorop
ca36c879a0
Set unbound target fetch policy to on demand only
2016-01-20 10:21:05 +01:00
Willem Toorop
ae2b16665b
Setup getdns eventloop in libunbound
...
When unbound supports this
2016-01-19 16:52:11 +01:00
Willem Toorop
2a6318afd2
Disable scheduling ub_fd()
2016-01-12 16:38:10 +01:00
Willem Toorop
4fd8d3dddd
Replace mini_event extension by default_eventloop
...
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
* It interfaces directly with the scheduling primitives of getdns.
* It can operate entirely from stack and does not have to do
any memory allocations or deallocations.
* Adapted configure.ac to allow libunbound to be linked with Windows
(with the removal of winsock_event.c we have no symbol clashed anymore)
* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
2016-01-12 15:52:14 +01:00
Willem Toorop
39f7e87f1a
Get rid of unkown format specifiers on windows
2016-01-11 12:11:17 +01:00
Willem Toorop
16a82eede2
Deal with roadblock avoid. + stub-only at run time
...
And make the single usage function validate_extension static
2016-01-05 12:38:35 +01:00
Sara Dickinson
1f9424ccf2
Fix output of get_api_settings functions
2016-01-05 09:25:49 +00:00
Willem Toorop
08c0c4d6e4
Fixes from testing on different platforms
2015-12-30 14:39:11 +01:00
Willem Toorop
8c46e969d6
Notify for not implemented namespaces and ...
...
follow_redirects.
2015-12-30 13:55:45 +01:00
Willem Toorop
11b0346ded
Miscelaneous TSIG bugfixes
2015-12-30 12:25:58 +01:00
Willem Toorop
875ef3f9d4
Successive suffix append retries
2015-12-29 23:06:02 +01:00
Willem Toorop
89b6c04d4f
First query append
2015-12-29 17:34:14 +01:00
Willem Toorop
54498cd556
Distinct between suffix and suffixes more clearly
2015-12-29 16:23:04 +01:00
Willem Toorop
ebe3d361ea
Returning strings does include the null byte
2015-12-29 16:17:17 +01:00
Willem Toorop
5a388386b4
Store suffixes in wireformat
2015-12-29 16:00:15 +01:00
Willem Toorop
3e2464af6d
Changes that came out of portability tests
2015-12-24 15:28:12 +01:00
Willem Toorop
a2bdfb2f22
Merge branch 'features/windows-support' into develop
2015-12-24 14:44:18 +01:00
Willem Toorop
9d3905459e
Miscellaneous fixes to compile on windows
...
Also without warnings.
2015-12-24 14:41:50 +01:00
saradickinson
b777552f34
Merge pull request #131 from saradickinson/feature/pubkey-pinning
...
Feature/pubkey pinning
2015-12-24 10:13:53 +00:00
Willem Toorop
caba5f19d5
Merge branch 'develop' into features/windows-support
2015-12-24 11:01:26 +01:00
Willem Toorop
8bde787703
Use mkstemp instead of tmpnam to eliminate warning
2015-12-24 10:50:58 +01:00
Willem Toorop
71b2a44945
Remove root_servers comment leftovers
2015-12-23 21:19:52 +01:00
Daniel Kahn Gillmor
77802808ce
rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED
2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor
0d2256df09
set and return the pubkey_pinsets on the upstream resolvers
2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor
4dbe1813e4
added simple sha256 public key pinning linked list to getdns_upstream
2015-12-23 17:59:50 +00:00
Willem Toorop
fbae577a54
Setting of root servers
...
test with
getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status
where yeti.key comes from:
https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache
and yeti.hints from:
https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
2015-12-23 17:15:45 +01:00
Willem Toorop
fe7a1e89e3
Constify new work
2015-12-22 11:32:15 +01:00
Willem Toorop
5bbcbb97a1
Merge branch 'develop' into features/conversion_functions
2015-12-22 11:28:27 +01:00
Willem Toorop
ee2a1fbfe6
Merge branch 'features/tsig' into develop
2015-12-22 01:08:25 +01:00
Sara Dickinson
746a827baa
Implement client side edns-tcp-keepalive
2015-12-21 17:05:56 +00:00
Willem Toorop
98dc4018c3
Setting & getting of tsig info per upstream
2015-12-21 12:22:59 +01:00
Sara Dickinson
13ddf9ad83
Update constants
2015-12-18 16:14:54 +00:00
Sara Dickinson
c5b839bda8
remove STARTTLS
2015-12-18 16:14:54 +00:00
Willem Toorop
5663f914fb
Mode debug marco's to own header
...
To reduce dependency location fixes in test directory.
2015-12-18 13:40:52 +01:00
Willem Toorop
a2e15a169d
Revert syntactic/style changes
...
So actual changes aren't obfuscated
2015-12-17 12:37:33 +01:00
Willem Toorop
d67949d1e7
iterators go over const wireformat data
2015-12-07 16:43:41 +01:00
unknown
22a8550caa
Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2
2015-12-04 16:12:43 -05:00
unknown
2d58ed465c
Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms.
2015-11-22 22:38:13 -05:00
Sara Dickinson
d75ba83013
Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication
2015-11-13 13:28:43 +00:00
Willem Toorop
1bb2daff1e
ub_setup_recursing not used without libunbound
2015-11-11 14:03:16 +01:00
Willem Toorop
c7f4fc3625
Fix disabling roadblock avoidance with configure
2015-11-05 07:43:33 +09:00
Willem Toorop
8a6f7d5b90
Merge branch 'develop' into features/dnssec_roadblock_avoidance
2015-11-04 17:49:21 +09:00
Daniel Kahn Gillmor
b3128652f4
add tls_query_padding_blocksize property for getdns_context
...
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.
It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.
Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.
This is a simplistic padding policy. Suggestions for improved padding
policies are welcome!
2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor
df3725e635
added edns_client_subnet_private to getdns_context
...
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04
Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.
Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
2015-11-01 15:49:50 +09:00
Willem Toorop
b062974fb1
ub_setup_recursion also for non roadblock avoidance
2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor
3e90795680
enable talking to servers with ECDSA certs
...
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.
(also, clean up comments about opportunistic TLS)
2015-11-01 15:47:03 +09:00
Willem Toorop
af6947cbb3
Merge branch 'develop' into features/dnssec_roadblock_avoidance
2015-11-01 15:34:21 +09:00
Willem Toorop
8b9041325b
Bugfix don't grow upstreams memory
...
upstreams have internal references and cannot be realloc'ed easily
2015-11-01 15:23:26 +09:00
Willem Toorop
ae2cc39a36
Full roadblock avoidance functionality
2015-11-01 12:28:43 +09:00
Willem Toorop
de59b700ce
Fix libidn really absent + NetBSD fixes
2015-10-29 19:13:39 +01:00
Willem Toorop
973fcbddcc
Don't assume mini_event loop
2015-10-22 14:38:34 +02:00
Willem Toorop
47b77c948a
Fix small memory leak when switching event loops
2015-10-22 14:16:53 +02:00
Willem Toorop
fbc3b2d6a8
Use the NOT_IMPLEMENTED return code!
2015-10-22 12:13:40 +02:00
Willem Toorop
b88c74b4c8
Synchronize with October 2015 spec
2015-10-22 12:02:04 +02:00
Sara Dickinson
b74c62066c
Cleanup
2015-10-16 18:31:57 +01:00
Sara Dickinson
689447509a
Change port used for TLS to 853
2015-10-16 17:00:14 +01:00
Sara Dickinson
28ffb2fdf6
Add ls_authentication to API
2015-10-16 17:00:14 +01:00
Sara Dickinson
6b4ee4ed31
Block authenticated requests on unauthenticated connection
2015-10-16 17:00:14 +01:00
Sara Dickinson
af617e92a7
Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement.
2015-10-16 17:00:14 +01:00
Sara Dickinson
e710286e45
Start work on better authentication
2015-10-16 16:57:13 +01:00
Willem Toorop
bb29789d24
Merge branch 'v0.3.3' into develop
2015-09-08 12:01:08 +02:00
Willem Toorop
84ad5850c9
get_api_information():version_string also for RCs
2015-09-08 11:20:52 +02:00
Willem Toorop
c3b59e76fa
Merge branch 'v0.3.3' into develop
2015-09-04 16:14:41 +02:00
Willem Toorop
b5ac8c1b50
Don't alter events before clearing...
2015-09-04 16:13:49 +02:00
Willem Toorop
87b7c6a834
Merge branch 'v0.3.2' into develop
2015-09-04 11:04:08 +02:00
Willem Toorop
75f1aa6ccd
Typo
2015-09-04 11:02:39 +02:00
Willem Toorop
53e23f1358
Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth""
...
This reverts commit 6d29e6044e
.
2015-09-04 10:56:30 +02:00
Willem Toorop
a3f02905b0
thread instead of a process for ub_fd() signalling
2015-09-04 10:33:08 +02:00
Willem Toorop
0e66d28be8
Set processing flag around user callbacks
...
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
2015-09-03 15:07:29 +02:00
Willem Toorop
b1489eac1f
One more priv_ name renamed to _
2015-09-03 13:13:57 +02:00
Willem Toorop
cbb668379f
One more string2bindata case...
2015-09-03 12:15:22 +02:00
Willem Toorop
8ca93a22de
--enable-stub-only configure option
2015-08-28 11:09:32 +02:00
Willem Toorop
6d29e6044e
Revert "Merge pull request #112 from saradickinson/features/tls_auth"
...
This reverts commit d436165a88
, reversing
changes made to 7c902bf73c
.
2015-08-27 13:31:22 +02:00
Willem Toorop
f312a6cfc5
Revert "plain_mem_funcs_user_arg need not be exposed"
...
This reverts commit d0ff5d8fea
.
It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
2015-08-24 14:37:02 +02:00
Willem Toorop
d0ff5d8fea
plain_mem_funcs_user_arg need not be exposed
2015-08-24 14:15:31 +02:00
Willem Toorop
015e387ea5
Final internal symbols rename to _getdns prefix
2015-08-19 16:33:19 +02:00
Willem Toorop
b9e8455e27
Internal symbols always prefixed with _getdns
2015-08-19 16:30:15 +02:00
Willem Toorop
1f638ccd0b
Internal getdns_mini_event to _getdns_mini_event
2015-08-19 16:26:39 +02:00
Willem Toorop
fcd595298a
Rename all priv_getdns internal symbols to _getdns
2015-08-19 16:22:38 +02:00
Willem Toorop
7971152742
Make all private functions static
2015-08-19 16:15:26 +02:00
Willem Toorop
450aabefcc
Make util symbols private (i.e. prefix _getdns)
2015-08-19 16:07:01 +02:00
Willem Toorop
6350b4fad4
--without-libunbound option to configure
2015-08-19 10:47:46 +02:00
Sara Dickinson
dc7d7e7689
Fix openssl dependancy
2015-08-15 16:35:30 +01:00
Sara Dickinson
2404cc2c8e
Extend regression test
2015-08-15 15:27:58 +01:00
Sara Dickinson
45de1f65b3
Update docs with details of OS X certificate handling.
2015-08-15 14:40:16 +01:00
Sara Dickinson
dbad8a9003
Restrict transport list to 1 entry for each valid transport
2015-08-15 14:40:16 +01:00
saradickinson
cb1dff1ac7
Add ability to verify server certificate using hostname for TLS/STARTTLS
...
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:
https://wiki.openssl.org/index.php/Hostname_validation
2015-08-15 14:40:15 +01:00
Willem Toorop
0c5dd59035
Fix upstream/transport array in 1 upstream dict
2015-07-19 09:43:12 +02:00
Willem Toorop
3c80a8a1af
Check destruction of upstreams in correct way
2015-07-14 11:11:06 +02:00
Willem Toorop
554f015931
Deschedule idle_timeouts on context destroy
2015-07-14 10:44:15 +02:00
Willem Toorop
a8adf662d1
Fix memory leak setting transports
2015-07-13 16:39:43 +02:00
Willem Toorop
5c61954427
Fix geting recursive_upstream_servers
2015-07-13 16:22:39 +02:00
Willem Toorop
431415bd3d
rm debugging fprintf leftover
2015-07-10 10:18:00 +02:00
Willem Toorop
2884abe870
Allow alternative trust anchors + ...
...
Switch freely between stub and recursive resolving
2015-07-10 00:05:26 +02:00
Willem Toorop
4135f633ac
Fix invalid memory reads
2015-07-09 15:40:00 +02:00
Willem Toorop
f066d5ef73
Merge branch 'features/native-stub-dnssec' into develop
...
Conflicts:
configure.ac
src/stub.c
2015-07-02 10:27:27 +02:00
Willem Toorop
41cf772fb3
Trust anchors in wireformat in context
2015-06-30 14:43:52 +02:00
Willem Toorop
8d5ac3afde
Store dnsreq->name in wire format
2015-06-29 23:32:49 +02:00
Sara Dickinson
e20d679bc8
Improve TCP close handling and sync connection closing
2015-06-29 09:09:13 +01:00
Willem Toorop
0411668cb4
blah
2015-06-26 11:39:44 +02:00
Willem Toorop
fe4b7095b3
Set has_ta before unbound context initialization
2015-06-26 00:29:20 +02:00
Sara Dickinson
cb5bbac26d
Do better with unbound transport mapping and fix problems with sync fallback
2015-06-25 20:21:00 +01:00
Sara Dickinson
8819d29535
Implement TCP fallback and hack for lack of sync idle timeout.
2015-06-24 18:49:34 +01:00
Willem Toorop
1babc715b7
Init context->dnssec_trust_anchors with default
2015-06-23 16:40:47 +02:00
Sara Dickinson
67e282edd1
More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly
2015-06-22 18:02:28 +01:00
Sara Dickinson
b73b5b2792
Fix some bugs...
2015-06-21 16:55:12 +01:00
Sara Dickinson
635cf9e182
Re-factor of internal handing of transport list.
2015-06-19 18:28:29 +01:00
Sara Dickinson
0acdcc34b0
Changelog, idle_timeout test, formatting
2015-06-18 17:29:23 +01:00
Sara Dickinson
68dfb15706
Add context idle timeout
2015-06-18 17:11:11 +01:00
Sara Dickinson
8dd8d90e74
Commit addition of transport list to the API.
...
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
2015-06-17 17:18:09 +01:00
Willem Toorop
97f0dddb1e
remove ldns dependency from rr-dict.c
...
Only dnssec.c left
2015-06-12 13:51:36 +02:00
Willem Toorop
011b504496
Fix misplaced freeaddrinfo
2015-05-13 12:39:24 +02:00
saradickinson
3ac5e660f9
Address few minor bugs pointed out by willem
2015-05-11 22:01:31 +02:00
Sara Dickinson
9d967317d3
Improve the timeout handling for TLS.
2015-05-03 15:11:46 +01:00
Sara Dickinson
01adce8299
Organise code in stub.c and add some utility methods.
2015-05-02 18:08:45 +01:00
Sara Dickinson
d6d83b219d
Make sure UDP only uses 1 upstream per IP address. Fix a couple of other bugs.
2015-04-30 19:07:49 +01:00
Sara Dickinson
450a3bc6ff
Fix STARTTLS fallback.
2015-04-30 14:52:16 +01:00