interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
3,042 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

340 Commits

Author SHA1 Message Date
Jim Hague effd229ef6 Don't dump includes of OpenSSL headers into config.h. 
Where they are required, they are included in the source files.
 2019-10-16 10:34:36 +01:00
Jim Hague 5db0d03b13 Enable building on Windows with Visual Studio. 
The change mostly consists of removing or replacing non-standard (usually POSIX) header includes.

Guards for replacements for inet_ntop(), inet_pton() and gettimeofday() are updated; the first two are macros on Windows, so the guards are changed to HAVE_DECL. gettimeofday() is present on MinGW builds but not Visual Studio, so that has a function check.
 2019-10-15 10:09:17 +01:00
Willem Toorop ffe471543b Bumb versions for 1.5.2 release 2019-04-03 12:36:04 +02:00
Willem Toorop 1527979129 Release candidate need dashes before rc 2019-03-15 21:16:13 +01:00
Willem Toorop 5b20971464 Setup branch for the 1.5.2 release process 2019-03-15 20:45:04 +01:00
Willem Toorop 324370c537 GnuTLS with Zero configuration DNSSEC 2019-03-15 16:50:10 +01:00
Willem Toorop 7438de712a Issue #422: Update server & client TFO 
Seems to work for TLS now too.
At least on Linux.
Thanks Craig Andrews
 2019-03-15 12:13:38 +01:00
Jim Hague a7a17f3725 Fix builds in mingw32. 
On mingw64, configure does not find declarations for inet_ntop() and inet_pton(), but does find implementations, and so does not try to compile the compat versions.
On mingw32, configure find neither declarations or implementations, and so tries to compile the compat versions. However, there are declarations in ws2tcpip.h, and these do not have the same prototype as compat. The build fails, complaining about conflicting types for inet_ntop().

The declarations in ws2tcpip.h are #defines to Windows functions InetNtopA() and InetPtonA(). Which is not good, but we're stuck with it. Try to work around this by including ws2tcpip.h in the headers while checking for declarations. Unfortunately it looks like you can't do that when checking for implementations and substituting compat versions when not found. So only do that if we don't find declarations; we're already making sure that ws2tcpip.h is included via config.h in source modules.
 2019-02-20 11:06:21 +00:00
Jim Hague ee6bc7d978 Remove development test erroneously checked in. 2019-01-15 12:39:02 +00:00
Jim Hague 9e4add2219 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:15:53 +00:00
Jim Hague 3fe0c94357 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:09:20 +00:00
Jim Hague 51cb570809 Re-add support for OpenSSL prior to 1.1, but now require at least 1.0.2 and drop LibreSSL support. 2019-01-11 11:16:48 +00:00
Willem Toorop 35077bdc6d Update ChangeLog & bumb version 2019-01-11 12:08:38 +01:00
Willem Toorop 4be406ce1f Bump version 2018-12-21 15:40:13 +01:00
Jim Hague bf011d9294 Add GnuTLS DANE library to configure detection when using GnuTLS. 2018-12-11 18:02:03 +00:00
Willem Toorop ab700e70fe DNS Cookies with libnettle too 2018-12-11 15:13:17 +01:00
Willem Toorop a6ab7ffe41 ed25519 and ecdsa support with libnettle 2018-12-11 15:05:09 +01:00
Jim Hague c6dffa1239 Add use of libnettle, and enable val_secalgo routines from existing Nettle implementation. 
Link to the openssl val_secalgo implementation and use that, after adjusting the source of Nettle includes.

GnuTLS uses Nettle itself, so this is not adding a new dependency.
 2018-12-06 10:41:58 +00:00
Willem Toorop 46f0b06f24 Start release processes for getdns-1.5.0 2018-12-04 14:17:20 +01:00
Willem Toorop c80aa72725 ED25519 & ED448 support 2018-12-03 15:35:03 +01:00
Willem Toorop 390e383a1a ED25519 & ED448 DNSSEC validation support 2018-12-03 14:33:21 +01:00
Jim Hague 27a7e4e28f Attempt minimal autoconf changes to use GnuTLS instead of OpenSSL. 
I could waste the rest of the available time trying to turn configure.ac into something that cleanly ignores OpenSSL, uses GnuTLS instead and retains all the options. Or even better scrap the whole autoconf mess and start again.

But in the interests of prototyping, do something quick and dirty. This means GnuTLS must for now be configured thus:

$ CFLAGS="-g" ../configure --enable-stub-only --with-gnutls --disable-gost --disable-ecdsa --disable-edns-cookies

to evade other items with hardcoded OpenSSL checks in them.
 2018-11-23 17:49:06 +00:00
Willem Toorop 1904ee7318 Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130 
Configurable TLS version
 2018-11-21 15:02:28 +01:00
Jim Hague e7593541ef Ensure that compat/getentropy* don't get used, and so drag in OpenSSL. 2018-11-20 17:37:46 +00:00
Willem Toorop 6a5e96d4e1 tls_ciphersuites + bugfix in strdup2!! 2018-11-20 16:13:57 +01:00
Willem Toorop e5a53fb1d2 Bumb version 2018-11-20 13:57:13 +01:00
Jim Hague 5d353d9efb To aid proof-of-concept work, insist on OpenSSL 1.1.1 or later. 
Remove ssl_dane as now surplus to requirements.
 2018-11-16 17:58:29 +00:00
Willem Toorop 9b4e8e9e91 X509_get_notAfter not in OpenSSL 1.1.1 anymore 2018-06-12 16:37:46 +02:00
Willem Toorop 0d283fc63f 1.4.2 release 2018-05-11 12:02:49 +02:00
Willem Toorop 48e0ea013c Include Stubby - v0.2.3 release 2018-05-11 11:56:00 +02:00
Willem Toorop caab2e8592 Bump versions and include release/0.2.3 Stubby release branch 2018-05-03 17:21:58 +02:00
Willem Toorop 6c075e2ad8 Bugfix #395 : Clarify that libidn2 dependency is for version 2.0.0 or higher 2018-05-02 14:01:00 +02:00
Willem Toorop 75f59b9dfc Bump version 2018-03-12 12:05:09 +01:00
Willem Toorop ef0a77e061 Forgot the dash before the rc1 again 2018-03-05 16:34:50 +01:00
Willem Toorop 06e1c741e8 PR #387: Compile with OpenSSL with deprecated APIs disabled. 
Thanks Rosen Penev
 2018-03-05 15:40:16 +01:00
Willem Toorop 8a2fc5f5a9 max_udp_backoff should not be public 
At least, not with this point release
 2018-03-05 12:42:27 +01:00
Willem Toorop c057ca52e4 Merge remote-tracking branch 'dkg/spelling' into release/1.4.1 2018-03-05 11:30:33 +01:00
Willem Toorop 984aeefab2 Setup branch for the 1.4.1 release 2018-03-05 11:26:20 +01:00
Daniel Kahn Gillmor 9301f8970c Fix minor spelling and formatting. 
These issues were found with the codespell tool.
 2018-02-23 14:12:11 -08:00
Willem Toorop a037398156 Bump version 2018-02-21 16:45:26 +01:00
Willem Toorop 9999907593 update Stubby + other dist tarball fixes 2018-02-13 15:05:29 +01:00
Willem Toorop 5a420a2aed Bump versions 2018-02-12 17:14:45 +01:00
Willem Toorop 223e85bc02 Merge branch 'features/tls_curves_list' into release/1.4.0 2018-02-12 16:04:49 +01:00
Willem Toorop 401aa2e3b8 Specify the supported curves with TLS 2018-02-12 15:40:17 +01:00
Willem Toorop c3e4061fe2 hostname auth with libressl 2018-02-09 15:18:44 +01:00
Willem Toorop 87fec7f9b4 Merge branch 'feature/monitor-tool' into release/1.4.0 2018-02-07 17:11:28 +01:00
Willem Toorop 0eba73a945 LibreSSL like OpenSSL < 1.0.2 2018-02-07 16:42:11 +01:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Willem Toorop dd433ede68 Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-01-10 14:36:43 +01:00
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00