interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,455 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1053 Commits

Author SHA1 Message Date
Willem Toorop fb6642d6a5 Print response dict when there is one 2015-10-31 17:59:14 +09:00
Willem Toorop 521e46879b Document that thing that we keep forgetting about 2015-10-31 17:15:36 +09:00
Willem Toorop 9ce441e59a --enable-debug-sched for getdns_query too 2015-10-31 16:24:49 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 0a717f5d51 Warning with older (less intelligent) compiles 2015-10-29 16:25:07 +01:00
Willem Toorop 8c3d348f05 Help text typo 2015-10-27 16:43:25 +01:00
Sara Dickinson e397d1e020 Fix error that was not allowing cipher suite fallback for opportunistic TLS. 2015-10-25 15:28:20 +00:00
Willem Toorop c613743644 Update spec to 0.701 2015-10-22 15:12:15 +02:00
Willem Toorop 973fcbddcc Don't assume mini_event loop 2015-10-22 14:38:34 +02:00
Willem Toorop 47b77c948a Fix small memory leak when switching event loops 2015-10-22 14:16:53 +02:00
Willem Toorop 98a2c497d2 ldns CFLAGS for tests (+ make deps) 2015-10-22 13:46:23 +02:00
Willem Toorop fbc3b2d6a8 Use the NOT_IMPLEMENTED return code! 2015-10-22 12:13:40 +02:00
Willem Toorop b88c74b4c8 Synchronize with October 2015 spec 2015-10-22 12:02:04 +02:00
Willem Toorop 31a07752f0 New non API functions + consts in getdns_extra.h 2015-10-21 17:02:50 +02:00
Willem Toorop ebd94f48cf Anticipate missing X509_V_ERR_HOSTNAME_MISMATCH 2015-10-21 16:01:40 +02:00
Willem Toorop 7647005285 Report memory errors in json-pointers test 2015-10-21 16:01:16 +02:00
Willem Toorop 3cc44ffcb1 Merge remote-tracking branch 'sara/feature/tls_auth_api' into features/tls_auth_api 2015-10-21 15:34:57 +02:00
Sara Dickinson 3be47edbb3 More cleanup 2015-10-16 18:40:33 +01:00
Sara Dickinson b74c62066c Cleanup 2015-10-16 18:31:57 +01:00
Sara Dickinson 689447509a Change port used for TLS to 853 2015-10-16 17:00:14 +01:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop d0a80925c2 Bugfixes for setting with json pointers 
+ scratchpad for developing/debugging
 2015-10-08 12:54:30 +02:00
Willem Toorop 820a657297 Check getdns_dict_remove_name parameters 2015-10-06 13:12:33 +02:00
Willem Toorop 3aca772220 Off-by-one error 2015-10-06 09:46:59 +02:00
Willem Toorop e3947d7110 getdns_dict_remove_name with json pointers 
+ improved json pointers symantics
 2015-10-05 17:18:32 +02:00
Willem Toorop f6619d28d8 JSON pointer setters 2015-10-02 15:26:05 +02:00
Willem Toorop 40269a241c Merge branch 'develop' into features/json-pointers 2015-10-02 12:47:10 +02:00
Willem Toorop 65663e6da8 DNSSEC zonecut finding issues 
Thanks Theogene Bucuti
 2015-10-02 12:45:32 +02:00
Willem Toorop 6a0d1a968d Multi-level json pointers (retry) 
+ synchronous-concise example
 2015-10-01 15:43:17 +02:00
Willem Toorop ca50a984c8 1 level JSON pointer reference lookup 2015-09-30 16:05:19 +02:00
Willem Toorop 8dfb7454d6 Signature inception and expiry checking 2015-09-28 13:48:51 +02:00
Willem Toorop 7bf481d812 ldns still (but only) needed for unit tests 2015-09-28 11:44:39 +02:00
Willem Toorop 59f4feb5e6 Native DS with DNSKEY compare + rm ldns dependency 2015-09-25 14:28:47 +02:00
Willem Toorop d8cc7b1ba3 Native signature verification 2015-09-25 11:48:58 +02:00
Willem Toorop 2e4c0928f7 Import unbound's crypto 2015-09-23 16:48:54 +02:00
Willem Toorop fda5394540 Verify raw buffer (still with ldns) 2015-09-23 16:03:59 +02:00
Willem Toorop 8b414c8570 Sort RR's to validate 2015-09-22 12:27:17 +02:00
Willem Toorop e47bd33ec0 Determine validation buffer size 2015-09-21 17:13:44 +02:00
Willem Toorop bf7f44dcb7 Put rrs to validate in rrset 2015-09-21 12:59:30 +02:00
Willem Toorop f673e12106 Memory management for _getdns_verify_rrsig 2015-09-21 12:36:41 +02:00
Willem Toorop 5db5a8b5e6 Correct some comment text 2015-09-18 09:53:27 +02:00
Willem Toorop 505bcf028b Merge branch 'v0.3.3' into develop 2015-09-09 12:46:05 +02:00
Willem Toorop dbc53e773d 0.3.3 quickfix release 2015-09-09 12:45:29 +02:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop a543c23926 Spelling 2015-09-08 11:24:45 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop 46ea366f5f Fix dnssec validation of direct CNAME queries 
Thanks Simson L. Garfinkel.
 2015-09-08 10:52:04 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks 
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
 2015-09-03 15:07:29 +02:00
Willem Toorop 5f73fded75 Simplify list creation a little bit 2015-09-03 13:14:34 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 6d13ec19cd --with-getdns_query configure option + 
make pub target (for signing and hashing dist tarball) +
make megaclean target (for erasing all source and git reset --hard)
 2015-08-28 13:33:02 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop d58d90752b HAVE_LIB* only after include "config.h" 2015-08-27 14:38:23 +02:00
Willem Toorop a8d2e489ad Allow --without-libidn configure option 2015-08-27 14:24:01 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 55aa759730 Don't spawn extra process for recursion calls 2015-08-27 13:22:24 +02:00
Willem Toorop 6446643396 Get lines via custom eventloop 2015-08-26 22:25:42 +02:00
Willem Toorop 32e4e8fa9d Debug custom event loop 2015-08-26 17:01:28 +02:00
Willem Toorop 4ecf6b23dc First round of bugfixes in custom eventloop 2015-08-26 16:13:25 +02:00
Willem Toorop c86df63b7a Custom event loop in getdns_query 2015-08-26 14:32:46 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed" 
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
 2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 09492cbf46 _getdns_nsec3_hash_label without ldns 2015-08-19 15:19:02 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
Willem Toorop 972ebf55d0 Merge branch 'features/str_without0byte' into develop 2015-08-17 16:30:54 +02:00
wtoorop d436165a88 Merge pull request #112 from saradickinson/features/tls_auth 
Features/tls auth
 2015-08-17 12:53:38 +02:00
Willem Toorop 7c902bf73c Fix fallback failures fix ;) 2015-08-17 12:35:10 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 2404cc2c8e Extend regression test 2015-08-15 15:27:58 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
Sara Dickinson dbad8a9003 Restrict transport list to 1 entry for each valid transport 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Sara Dickinson 8beace7036 Fix location in manual test script. Add build/ to .gitignore 2015-08-15 14:36:36 +01:00
Sara Dickinson ab60211020 Fix fallback failures. Add manual regression test script. 2015-08-12 11:42:02 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop d52b10e703 Fix builddir/srcdir for tests 2015-07-19 12:15:28 +02:00
Willem Toorop e91f7d53b5 Correct getdns_extra.h location for tests too 2015-07-19 11:48:24 +02:00
Willem Toorop ac6e0b641d rm autoconf generated files from repo 2015-07-19 11:40:03 +02:00
Willem Toorop 44b8e44c07 Fix srcdir/buildir locations for version.lo 2015-07-19 11:35:29 +02:00
Willem Toorop e2170cb115 Fix srcdir/buildir locations 2015-07-19 11:28:42 +02:00
Willem Toorop 0c5dd59035 Fix upstream/transport array in 1 upstream dict 2015-07-19 09:43:12 +02:00
Willem Toorop 898fc15b6b Zero size only for non-repeating remaining data 2015-07-18 18:04:11 +02:00
Willem Toorop 276e9fa5f3 Zero size only allowed for non repeating rdfs 2015-07-18 16:59:00 +02:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments) 
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
 2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions 
About the library and the API
In both strings and in numbers
 2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ... 
unsported DS digest types
 2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor 
has exit status 0 on success, 1 otherwise.
 2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list 
And the getdns_context_set_idle_timeout() functions.
 2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in 
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
 2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys 
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
 2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory 
Not a dangerous one though, but still...
 2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug! 
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
 2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg 
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
 2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high 
Fix from Wouter's review
 2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup 
hampster.com no longer suitable anymore.
 2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter 
Thanks!
 2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons 
+ a fix for opt_out bug
 2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things: 
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
 2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size 
Usefull for NSECs on empty non terminals!
 2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals 
bitmap might even not be present.
 2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks 
(from studying unbound code)
 2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00
Willem Toorop ae580575d0 Only validate NOERROR & NXDOMAIN 2015-07-02 12:59:28 +02:00
Willem Toorop e3fe89c802 Turn on specific debugging with configure options 2015-07-02 12:49:50 +02:00