interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,866 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1363 Commits

Author SHA1 Message Date
Willem Toorop 16a82eede2 Deal with roadblock avoid. + stub-only at run time 
And make the single usage function validate_extension static
 2016-01-05 12:38:35 +01:00
Willem Toorop a58037904f Default is stub when compiling stub only 2016-01-05 12:30:58 +01:00
Sara Dickinson 1f9424ccf2 Fix output of get_api_settings functions 2016-01-05 09:25:49 +00:00
Willem Toorop f0bd64d57a Pretty print "bad_dns" list with constant names 2015-12-31 12:40:20 +01:00
Willem Toorop 03425d192d Miscellaneous Makefile issues 2015-12-31 11:53:46 +01:00
Willem Toorop 6b2d9a2d70 Unused var compile warning in certain conditions 2015-12-31 11:26:29 +01:00
Willem Toorop 08c0c4d6e4 Fixes from testing on different platforms 2015-12-30 14:39:11 +01:00
Willem Toorop 9b97eb9361 Update dependencies 2015-12-30 14:18:19 +01:00
Willem Toorop 1128ebdd54 Unit test fail with unimplemented follow_redirect 2015-12-30 14:10:36 +01:00
Willem Toorop 8c46e969d6 Notify for not implemented namespaces and ... 
follow_redirects.
 2015-12-30 13:55:45 +01:00
Willem Toorop 2a9dd53d8d Complement getdns_query documentation 
+ +specify_class extension
 2015-12-30 13:38:14 +01:00
Willem Toorop 11b0346ded Miscelaneous TSIG bugfixes 2015-12-30 12:25:58 +01:00
Willem Toorop 853bc6c150 Merge branch 'features/suffix_handling' into develop 2015-12-30 10:51:37 +01:00
Willem Toorop d85d395770 Options to getdns_query to test suffix appending 2015-12-30 10:44:08 +01:00
Willem Toorop 875ef3f9d4 Successive suffix append retries 2015-12-29 23:06:02 +01:00
Willem Toorop 89b6c04d4f First query append 2015-12-29 17:34:14 +01:00
Willem Toorop 54498cd556 Distinct between suffix and suffixes more clearly 2015-12-29 16:23:04 +01:00
Willem Toorop ebe3d361ea Returning strings does include the null byte 2015-12-29 16:17:17 +01:00
Willem Toorop 5a388386b4 Store suffixes in wireformat 2015-12-29 16:00:15 +01:00
Willem Toorop f91e263f09 Simplify _set_string functions 2015-12-29 15:57:55 +01:00
Willem Toorop f3e3e47e15 Implement bad_dns extension 2015-12-29 14:10:18 +01:00
Willem Toorop d79884f10a Replace ssize_t with int in conversion funcs tpkg 2015-12-24 16:22:38 +01:00
Willem Toorop 240b34e215 Missing file removals with distclean 2015-12-24 16:22:03 +01:00
Willem Toorop 3e2464af6d Changes that came out of portability tests 2015-12-24 15:28:12 +01:00
Willem Toorop a09a051ed5 New code, new dependencies... 2015-12-24 15:01:45 +01:00
Willem Toorop a2bdfb2f22 Merge branch 'features/windows-support' into develop 2015-12-24 14:44:18 +01:00
Willem Toorop 9d3905459e Miscellaneous fixes to compile on windows 
Also without warnings.
 2015-12-24 14:41:50 +01:00
saradickinson b777552f34 Merge pull request #131 from saradickinson/feature/pubkey-pinning 
Feature/pubkey pinning
 2015-12-24 10:13:53 +00:00
Willem Toorop caba5f19d5 Merge branch 'develop' into features/windows-support 2015-12-24 11:01:26 +01:00
Sara Dickinson f94798b237 Final mixups 2015-12-24 10:00:15 +00:00
Willem Toorop 8bde787703 Use mkstemp instead of tmpnam to eliminate warning 2015-12-24 10:50:58 +01:00
Willem Toorop 71b2a44945 Remove root_servers comment leftovers 2015-12-23 21:19:52 +01:00
Sara Dickinson 3afba25dad Update test case and changeling 2015-12-23 18:00:44 +00:00
Sara Dickinson a5027981d9 Change how the aliasing is done so the tpkg tests will pass 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 2a50f4d2ac Set tls_auth_failed when any present authentication mechanism fails 
We used to only have hostnames available.  now we have pubkey_pinsets
available as well.

We want upstream->tls_auth_failed to be 1 when any authentication
mechanism we've been asked for fails (and also when we haven't been
given any authentication mechanism at all).
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 57a04f61db Allow AUTHENTICATION_REQUIRED w/o hostname when pubkey pinset is available 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Sara Dickinson 792ecd65b8 Add missing constant to const-info.c 2015-12-23 18:00:43 +00:00
Sara Dickinson 2ce806c05b Tinker with debug statements/comments. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor a9eb9ccca9 Check that the pinset matches if it is configured 
if the upstream is configured to allow fallback, this will not be a
fatal error, but it will still be checked.

Future work:

 * verify any certs higher in the chain than the end-entity cert
 * deal with raw public keys
 * in the fallback case, report to the user whether the pinset match failed
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 614d317fd8 getdns_query: add -K option to attach pinsets to getdns_contexts. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 0d2256df09 set and return the pubkey_pinsets on the upstream resolvers 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor b305f073fe add functions to translate between getdns_list and sha256_pin linked list 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 5e64f1262b add getdns_pubkey_pinset_sanity_check() 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 91f04ecd5e add getdns_pubkey_pin_create_from_string() 2015-12-23 17:59:50 +00:00
Willem Toorop 29b033c14c off-by-one bugfixes 2015-12-23 17:38:36 +01:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop 746c26dafc Update Makefile dependencies 2015-12-23 12:26:39 +01:00
Willem Toorop f9c2f96996 Fixes for miscelanous little zone parse errors 
Hopefully the tpkg test is more deterministic now too...
 2015-12-23 12:06:09 +01:00
Willem Toorop 11cd892662 Clean boundries on wireformat scans 2015-12-22 19:14:18 +01:00
Willem Toorop e4fa06a57b getdns_fp2rr_list conversion function 
+ private conversion functions that respect custom memory handlers
+ converage of more different example functions in 260-conversion-functions test package
 2015-12-22 18:37:24 +01:00
Willem Toorop 0cb513e9b7 Doc of (|_buf|_scan) style conversion funcs 
+ (|_buf|_scan) versions of most of the conversion directions.
+ mk-const-info handles new return_t's defines
 2015-12-22 16:04:43 +01:00
Willem Toorop 6519a05780 all debug config option for broadest src coverage 
With the 300 tpkg test
 2015-12-22 11:43:06 +01:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop 0a809cb7d8 Allow truncated answers to be returned 2015-12-22 10:56:20 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Willem Toorop 8a8a017fc5 Validate received TSIG reply 2015-12-22 01:03:31 +01:00
Willem Toorop 6c1e00fc3f Send TSIG 2015-12-21 22:11:16 +01:00
Sara Dickinson f55721d261 Update unit test. Since 0 is the default, it can be set via the function. 2015-12-21 17:36:59 +00:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson 91a73ab3d0 cleanup 2015-12-18 16:22:09 +00:00
Sara Dickinson 4165e874de Fix tests 2015-12-18 16:14:54 +00:00
Sara Dickinson 13ddf9ad83 Update constants 2015-12-18 16:14:54 +00:00
Sara Dickinson 3e97e1f032 Fix make file 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop bc2ec7cee3 Specify TSIG parameters with getdns_query 2015-12-18 15:16:48 +01:00
Willem Toorop 95e9fa1f35 Better/shorter tpkg descriptions 2015-12-18 14:09:30 +01:00
Willem Toorop 0129550130 Dependencies 2015-12-18 14:04:16 +01:00
Willem Toorop 54f3179c0e Fix libmini_event getting context's mem funcs 2015-12-18 13:57:20 +01:00
Willem Toorop c8a9da69ea Fix libuv.c dependencies 2015-12-18 13:50:17 +01:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop e60afbdf0c Leave space with builddir recplacements 
in make depend
 2015-12-18 13:21:14 +01:00
Willem Toorop 8eab1530bf Fix make depend from builddir != srcdir 2015-12-18 13:14:27 +01:00
Willem Toorop 0d156abf5a Dependencies 2015-12-18 12:24:06 +01:00
Willem Toorop 638b841855 tpkg for dependencies checking 2015-12-18 12:22:54 +01:00
Willem Toorop 17d44a769c Test & fix installing 2015-12-18 11:13:22 +01:00
Willem Toorop 34af4a22f2 Get rid of tpkg help files 
The fewer files to maintain the better
 2015-12-18 11:03:54 +01:00
Willem Toorop 94cc17ff16 Wrong help text of symbols checkining tpkg 2015-12-18 10:46:11 +01:00
Willem Toorop 5a65d2b693 Look further then you nose Willem! 2015-12-17 15:46:31 +01:00
Willem Toorop d3d2dbc1d3 inet_ntop and inet_pton from compat 2015-12-17 15:36:43 +01:00
Willem Toorop b839b97ac2 Oops... reverted syntax/style to agressively 2015-12-17 13:07:39 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00
Willem Toorop 4f37fb1e93 Fix mk-const-info problem with travis 2015-12-16 16:19:50 +01:00
Willem Toorop 71d8a50519 tpkg to warn if consts and symbols are out of sync 2015-12-16 15:48:09 +01:00
Sara Dickinson fc4e4f23df Rename return_call_debugging to return_call_reporting. Update index.html with change of content. 2015-12-16 14:20:35 +00:00
Willem Toorop 16b62f43eb Merge branch 'develop' into features/conversion_functions 2015-12-16 13:53:25 +01:00
wtoorop 69b54be99c Merge pull request #126 from saradickinson/feature/mac_tfo 
Enable TFO by default if possible, add MAC OSX TFO support
Looks good, thanks.
 2015-12-16 13:45:14 +01:00
Willem Toorop e747efe415 Merge branch 'develop' into features/conversion_functions 2015-12-16 12:42:32 +01:00
Willem Toorop 1ef4db8e9d Unique NSEC and NSEC3 rrsets in "validation_chain" 2015-12-16 12:40:32 +01:00
Willem Toorop d09e892285 Convert rr_dict with missing rdata to wire format 
In wireformat this then means no rdata.
This is needed with the zonecut indicating DSes returned in the validation chain.
 2015-12-16 12:02:53 +01:00
Willem Toorop 2c2359af61 Remove duplicate records in RRset before verifying 
As suggested in RFC4034 section 6.3
 2015-12-16 10:47:15 +01:00
Willem Toorop b0aae6b51d Repeating and special rdata field 2 wireformat 2015-12-15 00:07:05 +01:00
Willem Toorop 0433c47466 Fix memory leak when deleting list items 2015-12-15 00:04:33 +01:00
Willem Toorop de269a4695 Wireformat writing for special rdata fields 2015-12-14 15:25:37 +01:00
Willem Toorop 4ae24761c7 Rename special wireformat parsing funcs 
in aticipation of the special writing to wireformat functions
 2015-12-14 12:38:25 +01:00
Willem Toorop 7baec89d4c Don't misuse getdns_data_type for something else 2015-12-14 12:13:06 +01:00
Sara Dickinson 736d9f20bf Enable TCP FastOpen by default and add support for OSX implementation of TFO. 2015-12-13 17:44:31 +00:00
Willem Toorop aadd4dc8bb Add conversion functions test package 2015-12-13 15:59:36 +01:00
Willem Toorop 5ae854b8bf Fix dict to wire of repeating rdata fields 2015-12-13 15:58:45 +01:00
Willem Toorop 75b0ae669a Fix rdf iter of single RR wireformat 2015-12-13 15:58:21 +01:00
Willem Toorop 61cd25d862 Merge branch 'develop' into features/conversion_functions 2015-12-11 12:22:34 +01:00
Willem Toorop f88214ab76 Correct include path on json pointer test 2015-12-11 12:21:58 +01:00
Willem Toorop 3752bf0a46 Merge branch 'develop' into features/conversion_functions 2015-12-11 11:59:27 +01:00
Willem Toorop c0831dd598 Move json pointers test to tpkg test 2015-12-11 11:56:44 +01:00
Willem Toorop c1b4694931 Setup test env from individually ran test packages 2015-12-11 11:05:52 +01:00
Willem Toorop 426d59d767 Disable IPv6 only test, because travis containers 
don't support IPv6 :-(.

See: https://blog.travis-ci.com/2015-11-27-moving-to-a-more-elastic-future

Disabled test: getdns_context_set_upstream_recursive_servers_10
 2015-12-10 16:49:55 +01:00
Willem Toorop de490408cd Use the verisign IPv6 upstream 
google's sometimes timeouts...
 2015-12-10 16:26:40 +01:00
Willem Toorop 69aed75d57 Travid in containers 2015-12-10 15:53:43 +01:00
Willem Toorop 2675554f6a Don't configure before running tests 
+ run tests in a separate directory
 2015-12-10 15:32:29 +01:00
Willem Toorop 5a4628e6fe tpkg based testing 2015-12-10 11:55:32 +01:00
Willem Toorop 47dc07e940 First go at conversion to and from rr_dicts 2015-12-09 12:04:00 +01:00
Willem Toorop c53f074fdf Propagate consts with debugging symbols 2015-12-08 09:39:28 +01:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
unknown 22a8550caa Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2 2015-12-04 16:12:43 -05:00
Willem Toorop dd836b2a11 Conversion functions prototypes 2015-12-03 14:54:38 +01:00
unknown 2d58ed465c Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms. 2015-11-22 22:38:13 -05:00
Willem Toorop 08bf613cde Prevent segfault with failed TLS handshake? 
Need proper review for this patch!  Sara?
 2015-11-15 12:46:21 -05:00
Willem Toorop 95618bb3a7 Merge branch 'release/v0.5.1' of github.com:getdnsapi/getdns into release/v0.5.1 2015-11-14 20:01:48 -05:00
Willem Toorop afe5db6b55 Get validation chain avoiding roadblocks 2015-11-14 20:00:13 -05:00
Sara Dickinson 508127a856 Add missing file.... 2015-11-13 14:47:03 +00:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop b9f8f94361 Update ChangeLog and check versions 2015-11-11 12:40:23 +01:00
saradickinson 1a72454b88 Remove debug 2015-11-05 14:41:23 +09:00
saradickinson 5f60683f57 Fix seg fault on timeout 2015-11-05 14:41:23 +09:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 26566a3b00 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2015-11-04 23:25:49 +01:00
Willem Toorop 7f4bdc0868 Bumb versions 2015-11-04 23:25:38 +01:00
Willem Toorop eb4ba438f7 return_validation_chain + roadblock_avoidance bug 2015-11-05 07:11:51 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Willem Toorop 0c3eb08f4d Merge branch 'features/call_debug' into develop 2015-11-04 16:23:22 +09:00
Willem Toorop 3a19050413 Code review changes 
Commented inline on github
 2015-11-04 16:18:22 +09:00
wtoorop 7230031c0a Merge pull request #119 from dkg/ietf94-privacy-hackathon 
Thank you dkg!  Great work!

Interestingly you've put the configuration of those two features at "context" level.  Since both options (just like cookies) relate to upstreams, I think they should be configurable per upstream as well  (perhaps using the context settings as the defaults, over-loadable by those upstream options).  With my cookie implementation, I've implemented activation with an extension, but cookies also relate to upstreams, so perhaps they should be enableable per upstream as well (and have a global over-loadable setting in context).

Cheers,
-- Willem
 2015-11-02 16:26:25 +09:00
Gowri 1bccd56244 Name change on test server certificate 2015-11-02 03:05:17 +01:00
Daniel Kahn Gillmor c322a8a330 add -P flag to getdns_query for EDNS padding policy 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 83bf5ab08b actually implement tls_query_padding_blocksize 
since no DNS OPT value has been allocated, i chose a random value in
the experimental/local range.
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 1457c1a2b5 stash tls_query_padding_blocksize in the dns_req from the context 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 8291cdb455 add -c flag for EDNS Client Subnet privacy to getdns_query 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 05585281eb add test for context update callback for edns_client_subnet_private 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 0b388872ea clarify per-query options vs. per-upstream options 
Sending DNS cookies was overwriting any existing options (DNS OPT) in
the outbound query.

Also, DNS cookies may not be the only option that gets set
per-upstream (instead of per-query).

This changeset establishes a set of per-query options (established at
the time of the query), and a buffer of additional space for adding
options based on the upstream is in use.

The size of this buffer is defined at configure time (defaults to 3000
octets).

Just before a query is sent out, we add the per-upstream options to
the query.

Note: we're also standardizing the query in tls too, even though we're
not sending any upstream options in that case at the moment
(edns_cookies are much weaker than TLS itself)
 2015-11-01 15:47:22 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00
Willem Toorop 8b9041325b Bugfix don't grow upstreams memory 
upstreams have internal references and cannot be realloc'ed easily
 2015-11-01 15:23:26 +09:00
jad 30043d2ba5 corrected name 2015-11-01 13:09:18 +09:00
jad 51eb2fdf55 working prototype 6 2015-11-01 12:47:49 +09:00
Willem Toorop ae2cc39a36 Full roadblock avoidance functionality 2015-11-01 12:28:43 +09:00
jad f5662bbf32 working prototype 5 2015-11-01 11:43:12 +09:00
jad 2d20e18b8a working prototype 4 2015-11-01 11:14:45 +09:00
jad 25f7f2182b working prototype 3 2015-11-01 11:04:03 +09:00
jad 80864655d7 Working prototype 2 2015-11-01 10:51:00 +09:00
jad a85b17c885 working prototype 1 2015-11-01 10:24:02 +09:00
Willem Toorop 58885e04d7 dnssec_roadblock_avoidance extension 2015-10-31 21:04:08 +09:00
Willem Toorop 35c803208b Bit more concise and clear confusing code text 2015-10-31 18:24:24 +09:00
Willem Toorop fb6642d6a5 Print response dict when there is one 2015-10-31 17:59:14 +09:00
Willem Toorop 521e46879b Document that thing that we keep forgetting about 2015-10-31 17:15:36 +09:00
Willem Toorop 9ce441e59a --enable-debug-sched for getdns_query too 2015-10-31 16:24:49 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 0a717f5d51 Warning with older (less intelligent) compiles 2015-10-29 16:25:07 +01:00
Willem Toorop 8c3d348f05 Help text typo 2015-10-27 16:43:25 +01:00
Sara Dickinson e397d1e020 Fix error that was not allowing cipher suite fallback for opportunistic TLS. 2015-10-25 15:28:20 +00:00
Willem Toorop c613743644 Update spec to 0.701 2015-10-22 15:12:15 +02:00
Willem Toorop 973fcbddcc Don't assume mini_event loop 2015-10-22 14:38:34 +02:00
Willem Toorop 47b77c948a Fix small memory leak when switching event loops 2015-10-22 14:16:53 +02:00
Willem Toorop 98a2c497d2 ldns CFLAGS for tests (+ make deps) 2015-10-22 13:46:23 +02:00
Willem Toorop fbc3b2d6a8 Use the NOT_IMPLEMENTED return code! 2015-10-22 12:13:40 +02:00
Willem Toorop b88c74b4c8 Synchronize with October 2015 spec 2015-10-22 12:02:04 +02:00
Willem Toorop 31a07752f0 New non API functions + consts in getdns_extra.h 2015-10-21 17:02:50 +02:00
Willem Toorop ebd94f48cf Anticipate missing X509_V_ERR_HOSTNAME_MISMATCH 2015-10-21 16:01:40 +02:00
Willem Toorop 7647005285 Report memory errors in json-pointers test 2015-10-21 16:01:16 +02:00
Willem Toorop 3cc44ffcb1 Merge remote-tracking branch 'sara/feature/tls_auth_api' into features/tls_auth_api 2015-10-21 15:34:57 +02:00
Sara Dickinson 3be47edbb3 More cleanup 2015-10-16 18:40:33 +01:00
Sara Dickinson b74c62066c Cleanup 2015-10-16 18:31:57 +01:00
Sara Dickinson 689447509a Change port used for TLS to 853 2015-10-16 17:00:14 +01:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop d0a80925c2 Bugfixes for setting with json pointers 
+ scratchpad for developing/debugging
 2015-10-08 12:54:30 +02:00
Willem Toorop 820a657297 Check getdns_dict_remove_name parameters 2015-10-06 13:12:33 +02:00
Willem Toorop 3aca772220 Off-by-one error 2015-10-06 09:46:59 +02:00
Willem Toorop e3947d7110 getdns_dict_remove_name with json pointers 
+ improved json pointers symantics
 2015-10-05 17:18:32 +02:00
Willem Toorop f6619d28d8 JSON pointer setters 2015-10-02 15:26:05 +02:00
Willem Toorop 40269a241c Merge branch 'develop' into features/json-pointers 2015-10-02 12:47:10 +02:00
Willem Toorop 65663e6da8 DNSSEC zonecut finding issues 
Thanks Theogene Bucuti
 2015-10-02 12:45:32 +02:00
Willem Toorop 6a0d1a968d Multi-level json pointers (retry) 
+ synchronous-concise example
 2015-10-01 15:43:17 +02:00
Willem Toorop ca50a984c8 1 level JSON pointer reference lookup 2015-09-30 16:05:19 +02:00
Willem Toorop 8dfb7454d6 Signature inception and expiry checking 2015-09-28 13:48:51 +02:00
Willem Toorop 7bf481d812 ldns still (but only) needed for unit tests 2015-09-28 11:44:39 +02:00
Willem Toorop 59f4feb5e6 Native DS with DNSKEY compare + rm ldns dependency 2015-09-25 14:28:47 +02:00
Willem Toorop d8cc7b1ba3 Native signature verification 2015-09-25 11:48:58 +02:00
Willem Toorop 2e4c0928f7 Import unbound's crypto 2015-09-23 16:48:54 +02:00
Willem Toorop fda5394540 Verify raw buffer (still with ldns) 2015-09-23 16:03:59 +02:00
Willem Toorop 8b414c8570 Sort RR's to validate 2015-09-22 12:27:17 +02:00
Willem Toorop e47bd33ec0 Determine validation buffer size 2015-09-21 17:13:44 +02:00
Willem Toorop bf7f44dcb7 Put rrs to validate in rrset 2015-09-21 12:59:30 +02:00
Willem Toorop f673e12106 Memory management for _getdns_verify_rrsig 2015-09-21 12:36:41 +02:00
Willem Toorop 5db5a8b5e6 Correct some comment text 2015-09-18 09:53:27 +02:00
Willem Toorop 505bcf028b Merge branch 'v0.3.3' into develop 2015-09-09 12:46:05 +02:00
Willem Toorop dbc53e773d 0.3.3 quickfix release 2015-09-09 12:45:29 +02:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop a543c23926 Spelling 2015-09-08 11:24:45 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop 46ea366f5f Fix dnssec validation of direct CNAME queries 
Thanks Simson L. Garfinkel.
 2015-09-08 10:52:04 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks 
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
 2015-09-03 15:07:29 +02:00
Willem Toorop 5f73fded75 Simplify list creation a little bit 2015-09-03 13:14:34 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 6d13ec19cd --with-getdns_query configure option + 
make pub target (for signing and hashing dist tarball) +
make megaclean target (for erasing all source and git reset --hard)
 2015-08-28 13:33:02 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop d58d90752b HAVE_LIB* only after include "config.h" 2015-08-27 14:38:23 +02:00
Willem Toorop a8d2e489ad Allow --without-libidn configure option 2015-08-27 14:24:01 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 55aa759730 Don't spawn extra process for recursion calls 2015-08-27 13:22:24 +02:00
Willem Toorop 6446643396 Get lines via custom eventloop 2015-08-26 22:25:42 +02:00
Willem Toorop 32e4e8fa9d Debug custom event loop 2015-08-26 17:01:28 +02:00
Willem Toorop 4ecf6b23dc First round of bugfixes in custom eventloop 2015-08-26 16:13:25 +02:00
Willem Toorop c86df63b7a Custom event loop in getdns_query 2015-08-26 14:32:46 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed" 
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
 2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 09492cbf46 _getdns_nsec3_hash_label without ldns 2015-08-19 15:19:02 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
Willem Toorop 972ebf55d0 Merge branch 'features/str_without0byte' into develop 2015-08-17 16:30:54 +02:00
wtoorop d436165a88 Merge pull request #112 from saradickinson/features/tls_auth 
Features/tls auth
 2015-08-17 12:53:38 +02:00
Willem Toorop 7c902bf73c Fix fallback failures fix ;) 2015-08-17 12:35:10 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 2404cc2c8e Extend regression test 2015-08-15 15:27:58 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
Sara Dickinson dbad8a9003 Restrict transport list to 1 entry for each valid transport 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Sara Dickinson 8beace7036 Fix location in manual test script. Add build/ to .gitignore 2015-08-15 14:36:36 +01:00
Sara Dickinson ab60211020 Fix fallback failures. Add manual regression test script. 2015-08-12 11:42:02 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop d52b10e703 Fix builddir/srcdir for tests 2015-07-19 12:15:28 +02:00
Willem Toorop e91f7d53b5 Correct getdns_extra.h location for tests too 2015-07-19 11:48:24 +02:00
Willem Toorop ac6e0b641d rm autoconf generated files from repo 2015-07-19 11:40:03 +02:00
Willem Toorop 44b8e44c07 Fix srcdir/buildir locations for version.lo 2015-07-19 11:35:29 +02:00
Willem Toorop e2170cb115 Fix srcdir/buildir locations 2015-07-19 11:28:42 +02:00
Willem Toorop 0c5dd59035 Fix upstream/transport array in 1 upstream dict 2015-07-19 09:43:12 +02:00
Willem Toorop 898fc15b6b Zero size only for non-repeating remaining data 2015-07-18 18:04:11 +02:00
Willem Toorop 276e9fa5f3 Zero size only allowed for non repeating rdfs 2015-07-18 16:59:00 +02:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments) 
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
 2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions 
About the library and the API
In both strings and in numbers
 2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ... 
unsported DS digest types
 2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor 
has exit status 0 on success, 1 otherwise.
 2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list 
And the getdns_context_set_idle_timeout() functions.
 2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in 
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
 2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys 
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
 2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory 
Not a dangerous one though, but still...
 2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug! 
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
 2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg 
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
 2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high 
Fix from Wouter's review
 2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup 
hampster.com no longer suitable anymore.
 2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter 
Thanks!
 2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons 
+ a fix for opt_out bug
 2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00