interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,424 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1024 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor 83bf5ab08b actually implement tls_query_padding_blocksize 
since no DNS OPT value has been allocated, i chose a random value in
the experimental/local range.
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 1457c1a2b5 stash tls_query_padding_blocksize in the dns_req from the context 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 8291cdb455 add -c flag for EDNS Client Subnet privacy to getdns_query 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 05585281eb add test for context update callback for edns_client_subnet_private 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 0b388872ea clarify per-query options vs. per-upstream options 
Sending DNS cookies was overwriting any existing options (DNS OPT) in
the outbound query.

Also, DNS cookies may not be the only option that gets set
per-upstream (instead of per-query).

This changeset establishes a set of per-query options (established at
the time of the query), and a buffer of additional space for adding
options based on the upstream is in use.

The size of this buffer is defined at configure time (defaults to 3000
octets).

Just before a query is sent out, we add the per-upstream options to
the query.

Note: we're also standardizing the query in tls too, even though we're
not sending any upstream options in that case at the moment
(edns_cookies are much weaker than TLS itself)
 2015-11-01 15:47:22 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00
Willem Toorop 8b9041325b Bugfix don't grow upstreams memory 
upstreams have internal references and cannot be realloc'ed easily
 2015-11-01 15:23:26 +09:00
jad 30043d2ba5 corrected name 2015-11-01 13:09:18 +09:00
jad 51eb2fdf55 working prototype 6 2015-11-01 12:47:49 +09:00
Willem Toorop ae2cc39a36 Full roadblock avoidance functionality 2015-11-01 12:28:43 +09:00
jad f5662bbf32 working prototype 5 2015-11-01 11:43:12 +09:00
jad 2d20e18b8a working prototype 4 2015-11-01 11:14:45 +09:00
jad 25f7f2182b working prototype 3 2015-11-01 11:04:03 +09:00
jad 80864655d7 Working prototype 2 2015-11-01 10:51:00 +09:00
jad a85b17c885 working prototype 1 2015-11-01 10:24:02 +09:00
Willem Toorop 58885e04d7 dnssec_roadblock_avoidance extension 2015-10-31 21:04:08 +09:00
Willem Toorop 35c803208b Bit more concise and clear confusing code text 2015-10-31 18:24:24 +09:00
Willem Toorop fb6642d6a5 Print response dict when there is one 2015-10-31 17:59:14 +09:00
Willem Toorop 521e46879b Document that thing that we keep forgetting about 2015-10-31 17:15:36 +09:00
Willem Toorop 9ce441e59a --enable-debug-sched for getdns_query too 2015-10-31 16:24:49 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 0a717f5d51 Warning with older (less intelligent) compiles 2015-10-29 16:25:07 +01:00
Willem Toorop 8c3d348f05 Help text typo 2015-10-27 16:43:25 +01:00
Sara Dickinson e397d1e020 Fix error that was not allowing cipher suite fallback for opportunistic TLS. 2015-10-25 15:28:20 +00:00
Willem Toorop c613743644 Update spec to 0.701 2015-10-22 15:12:15 +02:00
Willem Toorop 973fcbddcc Don't assume mini_event loop 2015-10-22 14:38:34 +02:00
Willem Toorop 47b77c948a Fix small memory leak when switching event loops 2015-10-22 14:16:53 +02:00
Willem Toorop 98a2c497d2 ldns CFLAGS for tests (+ make deps) 2015-10-22 13:46:23 +02:00
Willem Toorop fbc3b2d6a8 Use the NOT_IMPLEMENTED return code! 2015-10-22 12:13:40 +02:00
Willem Toorop b88c74b4c8 Synchronize with October 2015 spec 2015-10-22 12:02:04 +02:00
Willem Toorop 31a07752f0 New non API functions + consts in getdns_extra.h 2015-10-21 17:02:50 +02:00
Willem Toorop ebd94f48cf Anticipate missing X509_V_ERR_HOSTNAME_MISMATCH 2015-10-21 16:01:40 +02:00
Willem Toorop 7647005285 Report memory errors in json-pointers test 2015-10-21 16:01:16 +02:00
Willem Toorop 3cc44ffcb1 Merge remote-tracking branch 'sara/feature/tls_auth_api' into features/tls_auth_api 2015-10-21 15:34:57 +02:00
Sara Dickinson 3be47edbb3 More cleanup 2015-10-16 18:40:33 +01:00
Sara Dickinson b74c62066c Cleanup 2015-10-16 18:31:57 +01:00
Sara Dickinson 689447509a Change port used for TLS to 853 2015-10-16 17:00:14 +01:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop d0a80925c2 Bugfixes for setting with json pointers 
+ scratchpad for developing/debugging
 2015-10-08 12:54:30 +02:00
Willem Toorop 820a657297 Check getdns_dict_remove_name parameters 2015-10-06 13:12:33 +02:00
Willem Toorop 3aca772220 Off-by-one error 2015-10-06 09:46:59 +02:00
Willem Toorop e3947d7110 getdns_dict_remove_name with json pointers 
+ improved json pointers symantics
 2015-10-05 17:18:32 +02:00
Willem Toorop f6619d28d8 JSON pointer setters 2015-10-02 15:26:05 +02:00
Willem Toorop 40269a241c Merge branch 'develop' into features/json-pointers 2015-10-02 12:47:10 +02:00
Willem Toorop 65663e6da8 DNSSEC zonecut finding issues 
Thanks Theogene Bucuti
 2015-10-02 12:45:32 +02:00
Willem Toorop 6a0d1a968d Multi-level json pointers (retry) 
+ synchronous-concise example
 2015-10-01 15:43:17 +02:00
Willem Toorop ca50a984c8 1 level JSON pointer reference lookup 2015-09-30 16:05:19 +02:00
Willem Toorop 8dfb7454d6 Signature inception and expiry checking 2015-09-28 13:48:51 +02:00
Willem Toorop 7bf481d812 ldns still (but only) needed for unit tests 2015-09-28 11:44:39 +02:00
Willem Toorop 59f4feb5e6 Native DS with DNSKEY compare + rm ldns dependency 2015-09-25 14:28:47 +02:00
Willem Toorop d8cc7b1ba3 Native signature verification 2015-09-25 11:48:58 +02:00
Willem Toorop 2e4c0928f7 Import unbound's crypto 2015-09-23 16:48:54 +02:00
Willem Toorop fda5394540 Verify raw buffer (still with ldns) 2015-09-23 16:03:59 +02:00
Willem Toorop 8b414c8570 Sort RR's to validate 2015-09-22 12:27:17 +02:00
Willem Toorop e47bd33ec0 Determine validation buffer size 2015-09-21 17:13:44 +02:00
Willem Toorop bf7f44dcb7 Put rrs to validate in rrset 2015-09-21 12:59:30 +02:00
Willem Toorop f673e12106 Memory management for _getdns_verify_rrsig 2015-09-21 12:36:41 +02:00
Willem Toorop 5db5a8b5e6 Correct some comment text 2015-09-18 09:53:27 +02:00
Willem Toorop 505bcf028b Merge branch 'v0.3.3' into develop 2015-09-09 12:46:05 +02:00
Willem Toorop dbc53e773d 0.3.3 quickfix release 2015-09-09 12:45:29 +02:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop a543c23926 Spelling 2015-09-08 11:24:45 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop 46ea366f5f Fix dnssec validation of direct CNAME queries 
Thanks Simson L. Garfinkel.
 2015-09-08 10:52:04 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks 
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
 2015-09-03 15:07:29 +02:00
Willem Toorop 5f73fded75 Simplify list creation a little bit 2015-09-03 13:14:34 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 6d13ec19cd --with-getdns_query configure option + 
make pub target (for signing and hashing dist tarball) +
make megaclean target (for erasing all source and git reset --hard)
 2015-08-28 13:33:02 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop d58d90752b HAVE_LIB* only after include "config.h" 2015-08-27 14:38:23 +02:00
Willem Toorop a8d2e489ad Allow --without-libidn configure option 2015-08-27 14:24:01 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 55aa759730 Don't spawn extra process for recursion calls 2015-08-27 13:22:24 +02:00
Willem Toorop 6446643396 Get lines via custom eventloop 2015-08-26 22:25:42 +02:00
Willem Toorop 32e4e8fa9d Debug custom event loop 2015-08-26 17:01:28 +02:00
Willem Toorop 4ecf6b23dc First round of bugfixes in custom eventloop 2015-08-26 16:13:25 +02:00
Willem Toorop c86df63b7a Custom event loop in getdns_query 2015-08-26 14:32:46 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed" 
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
 2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 09492cbf46 _getdns_nsec3_hash_label without ldns 2015-08-19 15:19:02 +02:00