Commit Graph

1066 Commits

Author SHA1 Message Date
Willem Toorop 2e4c0928f7 Import unbound's crypto 2015-09-23 16:48:54 +02:00
Willem Toorop fda5394540 Verify raw buffer (still with ldns) 2015-09-23 16:03:59 +02:00
Willem Toorop 8b414c8570 Sort RR's to validate 2015-09-22 12:27:17 +02:00
Willem Toorop e47bd33ec0 Determine validation buffer size 2015-09-21 17:13:44 +02:00
Willem Toorop bf7f44dcb7 Put rrs to validate in rrset 2015-09-21 12:59:30 +02:00
Willem Toorop f673e12106 Memory management for _getdns_verify_rrsig 2015-09-21 12:36:41 +02:00
Willem Toorop 5db5a8b5e6 Correct some comment text 2015-09-18 09:53:27 +02:00
Willem Toorop 505bcf028b Merge branch 'v0.3.3' into develop 2015-09-09 12:46:05 +02:00
Willem Toorop dbc53e773d 0.3.3 quickfix release 2015-09-09 12:45:29 +02:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop a543c23926 Spelling 2015-09-08 11:24:45 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop 46ea366f5f Fix dnssec validation of direct CNAME queries
Thanks Simson L. Garfinkel.
2015-09-08 10:52:04 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth""
This reverts commit 6d29e6044e.
2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
2015-09-03 15:07:29 +02:00
Willem Toorop 5f73fded75 Simplify list creation a little bit 2015-09-03 13:14:34 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 6d13ec19cd --with-getdns_query configure option +
make pub target (for signing and hashing dist tarball) +
make megaclean target (for erasing all source and git reset --hard)
2015-08-28 13:33:02 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop d58d90752b HAVE_LIB* only after include "config.h" 2015-08-27 14:38:23 +02:00
Willem Toorop a8d2e489ad Allow --without-libidn configure option 2015-08-27 14:24:01 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth"
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
2015-08-27 13:31:22 +02:00
Willem Toorop 55aa759730 Don't spawn extra process for recursion calls 2015-08-27 13:22:24 +02:00
Willem Toorop 6446643396 Get lines via custom eventloop 2015-08-26 22:25:42 +02:00
Willem Toorop 32e4e8fa9d Debug custom event loop 2015-08-26 17:01:28 +02:00
Willem Toorop 4ecf6b23dc First round of bugfixes in custom eventloop 2015-08-26 16:13:25 +02:00
Willem Toorop c86df63b7a Custom event loop in getdns_query 2015-08-26 14:32:46 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed"
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 09492cbf46 _getdns_nsec3_hash_label without ldns 2015-08-19 15:19:02 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
Willem Toorop 972ebf55d0 Merge branch 'features/str_without0byte' into develop 2015-08-17 16:30:54 +02:00
wtoorop d436165a88 Merge pull request #112 from saradickinson/features/tls_auth
Features/tls auth
2015-08-17 12:53:38 +02:00
Willem Toorop 7c902bf73c Fix fallback failures fix ;) 2015-08-17 12:35:10 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 2404cc2c8e Extend regression test 2015-08-15 15:27:58 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
Sara Dickinson dbad8a9003 Restrict transport list to 1 entry for each valid transport 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
2015-08-15 14:40:15 +01:00
Sara Dickinson 8beace7036 Fix location in manual test script. Add build/ to .gitignore 2015-08-15 14:36:36 +01:00
Sara Dickinson ab60211020 Fix fallback failures. Add manual regression test script. 2015-08-12 11:42:02 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation
improve the documentation of the getdns_upstream objects.
2015-07-19 12:22:10 +02:00
Willem Toorop d52b10e703 Fix builddir/srcdir for tests 2015-07-19 12:15:28 +02:00
Willem Toorop e91f7d53b5 Correct getdns_extra.h location for tests too 2015-07-19 11:48:24 +02:00
Willem Toorop ac6e0b641d rm autoconf generated files from repo 2015-07-19 11:40:03 +02:00
Willem Toorop 44b8e44c07 Fix srcdir/buildir locations for version.lo 2015-07-19 11:35:29 +02:00
Willem Toorop e2170cb115 Fix srcdir/buildir locations 2015-07-19 11:28:42 +02:00
Willem Toorop 0c5dd59035 Fix upstream/transport array in 1 upstream dict 2015-07-19 09:43:12 +02:00
Willem Toorop 898fc15b6b Zero size only for non-repeating remaining data 2015-07-18 18:04:11 +02:00
Willem Toorop 276e9fa5f3 Zero size only allowed for non repeating rdfs 2015-07-18 16:59:00 +02:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments)
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions
About the library and the API
In both strings and in numbers
2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ...
Switch freely between stub and recursive resolving
2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ...
unsported DS digest types
2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor
has exit status 0 on success, 1 otherwise.
2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list
And the getdns_context_set_idle_timeout() functions.
2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory
Not a dangerous one though, but still...
2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug!
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high
Fix from Wouter's review
2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup
hampster.com no longer suitable anymore.
2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter
Thanks!
2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons
+ a fix for opt_out bug
2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations
(no DNAME, no NS or, if NS then also SOA)
2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things:
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size
Usefull for NSECs on empty non terminals!
2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals
bitmap might even not be present.
2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks
(from studying unbound code)
2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00
Willem Toorop ae580575d0 Only validate NOERROR & NXDOMAIN 2015-07-02 12:59:28 +02:00
Willem Toorop e3fe89c802 Turn on specific debugging with configure options 2015-07-02 12:49:50 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop
Conflicts:
	configure.ac
	src/stub.c
2015-07-02 10:27:27 +02:00
Willem Toorop 6cffc4792b Validate replies with getdns_validate_dnssec
You can feed it the replies_tree as the records to validate list
2015-07-02 00:25:41 +02:00
Willem Toorop f92dd5ac0d getdns_validate_dnssec with new DNSSEC code 2015-07-01 21:50:47 +02:00
Willem Toorop 2b3aa84337 getdns_query show output of getdns_validate_dnssec 2015-07-01 14:38:24 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Willem Toorop 996b09ba2b Reminder for single RRSIG per RRSET return
With the dnssec_return_validation_chain extension
2015-06-30 00:12:30 +02:00
Willem Toorop 3cd9caa704 Evaluate DNSSEC only with stub resolution 2015-06-29 23:48:46 +02:00
Willem Toorop 8d5ac3afde Store dnsreq->name in wire format 2015-06-29 23:32:49 +02:00
Willem Toorop 407ecffb67 dnssec_status in netreqs 2015-06-29 22:23:01 +02:00
wtoorop 93e0237273 Merge pull request #106 from saradickinson/features/transport_fixups
Features/transport fixups
2015-06-29 21:09:47 +02:00
Sara Dickinson e5a80943e2 Turn fast open on by default. Fix build warning. 2015-06-29 11:54:31 +01:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
wtoorop 9ac1ea39b8 Merge pull request #105 from saradickinson/features/transport_fallback
Features/transport fallback
2015-06-29 09:21:31 +02:00
Willem Toorop 2b83bddd4d More sense making parameter names for is_subdomain 2015-06-29 09:18:53 +02:00
Willem Toorop 4e45d31413 No wildcard NSEC3 check on opt-out 2015-06-28 13:41:48 +02:00
Willem Toorop 170218c350 Expand dname rdata fields before compare 2015-06-27 23:47:47 +02:00
Willem Toorop f6c1a48b6e Validaton of wildcard answers 2015-06-27 23:28:23 +02:00
Sara Dickinson 8c61ecd024 Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again. 2015-06-26 16:14:04 +01:00
Sara Dickinson 8925fb22fc More bug fixes and tidy up 2015-06-26 14:27:21 +01:00
Willem Toorop 0411668cb4 blah 2015-06-26 11:39:44 +02:00
Sara Dickinson ddd90e29c5 Fix idle_timeout bug 2015-06-26 08:19:22 +01:00
Willem Toorop fe4b7095b3 Set has_ta before unbound context initialization 2015-06-26 00:29:20 +02:00
Willem Toorop 19b79b066f NSEC NXDOMAIN + NSEC3 denial of exist. validation 2015-06-26 00:26:40 +02:00
Sara Dickinson cb5bbac26d Do better with unbound transport mapping and fix problems with sync fallback 2015-06-25 20:21:00 +01:00
Willem Toorop ea69d30e64 Validation of signed responses
+ start with unsigned responses (only the NSEC NOERROR case)
2015-06-25 10:04:19 +02:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson c9a0ffc7a5 Improve error reporting in getdns_query. 2015-06-23 17:01:43 +01:00
Willem Toorop c7c7884350 Generalize getdns_rrset for raw pkt, not netreq 2015-06-23 16:41:34 +02:00
Willem Toorop 1babc715b7 Init context->dnssec_trust_anchors with default 2015-06-23 16:40:47 +02:00
Sara Dickinson c425f96e0b Fix TLS handshake for sync messages. 2015-06-23 15:39:56 +01:00
Willem Toorop 5c01df226c Init netreq dnssec status at netreq init time 2015-06-23 16:39:30 +02:00
Willem Toorop 3631cd658a get_val_chain for all possible scenarios 2015-06-23 00:00:20 +02:00
Sara Dickinson 67e282edd1 More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly 2015-06-22 18:02:28 +01:00
Sara Dickinson 57b163c790 Fix bug in STARTTLS timeout 2015-06-22 14:31:19 +01:00
Sara Dickinson b73b5b2792 Fix some bugs... 2015-06-21 16:55:12 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
Willem Toorop e328f848eb getdns_rrset and iterators 2015-06-19 18:02:16 +02:00
wtoorop d819bc901b Merge pull request #104 from saradickinson/features/transport_api
Commit addition of transport list to the API.
2015-06-18 22:02:46 +02:00
Sara Dickinson 0acdcc34b0 Changelog, idle_timeout test, formatting 2015-06-18 17:29:23 +01:00
Sara Dickinson 68dfb15706 Add context idle timeout 2015-06-18 17:11:11 +01:00
Sara Dickinson 8dd8d90e74 Commit addition of transport list to the API.
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
2015-06-17 17:18:09 +01:00
Willem Toorop 129e340e8e Collect validation chains for RRs without sigs 2015-06-17 14:46:44 +02:00
Willem Toorop 39639a86c4 Make dname_equal reusable
+ some symbol renames
2015-06-16 16:11:51 +02:00
Willem Toorop 4445a5f9cc Include rdata size with compressed names 2015-06-12 15:45:50 +02:00
Willem Toorop 731cc37434 Another redundant ldns reference 2015-06-12 15:45:37 +02:00
Willem Toorop 97f0dddb1e remove ldns dependency from rr-dict.c
Only dnssec.c left
2015-06-12 13:51:36 +02:00
Willem Toorop ae1db39a33 Native stub validation 2015-06-11 15:40:44 +02:00
Willem Toorop c28f6ee595 rm of superfluous ldns_rr to getdns_dict funcs 2015-06-11 12:17:47 +02:00
Willem Toorop fd385454b4 rm a few more leftover ldns references 2015-06-11 12:04:59 +02:00
Willem Toorop e820452aaa Rm 2 outdated ldns usage cases 2015-06-11 11:21:12 +02:00
Willem Toorop d5f70ab904 rm spurious execute bits +unit test to detect them
Thanks Paul Wouters
2015-05-26 14:16:27 +02:00
Willem Toorop 42bdaaa69d We already redefined minievent symbols 2015-05-21 15:02:51 +02:00
Willem Toorop f78ad93853 Update Makefile's, constants and symbols 2015-05-13 23:30:14 +02:00
Sara Dickinson 894cb1555b Fix intermittent crash for STARTTLS 2015-05-13 17:15:56 +01:00
Willem Toorop 98b3364b65 uniform debugging method + disable stub debugging 2015-05-13 12:47:17 +02:00
Willem Toorop 011b504496 Fix misplaced freeaddrinfo 2015-05-13 12:39:24 +02:00
Willem Toorop b89b625321 autoreconf -fi on FreeBSD to get libtool 2.4.6 2015-05-12 20:47:23 +02:00
wtoorop 802c693ee5 Merge pull request #97 from saradickinson/features/async_tls
Features/async tls
Thank you Sara!
2015-05-12 17:05:10 +02:00
saradickinson 3ac5e660f9 Address few minor bugs pointed out by willem 2015-05-11 22:01:31 +02:00
Willem Toorop 01d4275336 Run once with libevent! 2015-05-08 13:12:06 +02:00
Sara Dickinson 9a7bfdd45b Add trivial stub_debug functions. 2015-05-03 15:39:21 +01:00
Sara Dickinson 9d967317d3 Improve the timeout handling for TLS. 2015-05-03 15:11:46 +01:00
Sara Dickinson 01adce8299 Organise code in stub.c and add some utility methods. 2015-05-02 18:08:45 +01:00
Sara Dickinson d6d83b219d Make sure UDP only uses 1 upstream per IP address. Fix a couple of other bugs. 2015-04-30 19:07:49 +01:00
Sara Dickinson 450a3bc6ff Fix STARTTLS fallback. 2015-04-30 14:52:16 +01:00
Sara Dickinson 7905eda8b7 Some clean up of connection handling. Still a problem with STARTTLS fallback that needs fixing. 2015-04-30 12:24:13 +01:00
Sara Dickinson 79b3412fbf Add another transport option as proof of concept for STARTTLS. 2015-04-29 19:20:25 +01:00
Sara Dickinson b533bc59c5 Fix bug when fallback not available 2015-04-27 16:37:16 +01:00
Sara Dickinson 4e6e66fc77 Get sync messages working with new async code. 2015-04-27 15:32:57 +01:00
Sara Dickinson 3de15ad782 Change internal transport handling to use a list, not a fixed type 2015-04-24 16:29:08 +01:00
Sara Dickinson f2ae55858f First pass at making handshake async. Lots of issues with this code still
- timeouts are not being rescheduled on fallback
- several error cases are not being handled correctly (e.g. 8.8.8.8) and a user callback is not always called
- the fallback mechanism is not generic (specific to tls to tcp)
2015-04-23 17:46:31 +01:00
Willem Toorop 2a6fc74314 netinet/in.h and openssl/ssl.h from config.h 2015-04-18 22:30:56 +02:00
Willem Toorop 0ba6af3523 upstreams_cleanup from upstreams_dereference 2015-04-18 22:17:28 +02:00
Willem Toorop 84c5b67ee0 Re-enable printing of json with getdns_query 2015-04-18 09:53:50 +02:00
Willem Toorop b26f09d1aa autoreconf -if # For convenience... 2015-04-18 09:35:46 +02:00
Sara Dickinson 6c7ffc4e4e 1) Fix enum mapping error.
2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
2015-04-17 18:38:13 +01:00
Sara Dickinson ab4fb8d9e9 Enable GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN for libunbound. Should only be used in stub mode.
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN still just does TCP.
Also some tidy up of new transport types.
2015-04-17 15:50:08 +01:00
Sara Dickinson 99c1973fae Cleanup of TLS code 2015-04-16 18:05:51 +01:00
saradickinson 99aa79b48f First pass at TLS implementation - needs work! 2015-04-16 18:05:27 +01:00
Willem Toorop b163ad1870 Doxygen documentation for the new functions 2015-04-08 15:36:12 +02:00
Willem Toorop 830e0267b3 Fix ASSERT_RC macro with check_getdns 2015-04-03 00:15:32 +02:00
Willem Toorop c63bbd1399 s/getdns_strerror/getdns_get_errorstr_by_id/g
In the unit tests make use of the newly exposed error string getter
2015-04-02 23:08:35 +02:00
Willem Toorop 87eb9307a7 A getter for context update callbacks 2015-04-02 22:01:30 +02:00
Willem Toorop 498dedbb8d typo :( 2015-04-02 15:56:13 +02:00
Willem Toorop a0aabc3543 getdns_get_errorstr_by_id replaces getdns_strerror
In the future maybe.  Discuss on list.
2015-04-02 15:33:10 +02:00
Willem Toorop 56bb9dbbdc Pass along a userarg with context update callbacks 2015-04-02 14:42:26 +02:00
Willem Toorop 18381e7753 Get rid of +sit option in getdns_query 2015-04-02 13:59:10 +02:00