interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,883 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

184 Commits

Author SHA1 Message Date
Willem Toorop 470fb7a5fb !0 is not necessarily 1 2016-07-14 11:42:21 +02:00
Willem Toorop fed4818c27 Fix idle_timeout without keepalive for TLS 2016-07-14 11:03:33 +02:00
Sara Dickinson 6c73144b50 Minor logging updates 2016-07-13 17:39:26 +01:00
Sara Dickinson 105d7acfa9 Just re-read RFC7858 and realised that TLS does support idle connections without keepalive. It is just TCP that doesn't. 2016-07-04 17:02:18 +01:00
Sara Dickinson 5e1575dabc Correct the logic for upstream back off 2016-07-04 17:02:18 +01:00
Sara Dickinson 8fa84c836a Initial re-work of stateful transport selection and timeout/error handling. Also update transport test to avoid timeout. 2016-07-04 17:02:14 +01:00
wtoorop a435932b04 Features/call reporting timeout (#1) 
* Timed out and canceled netreqs are finished too

* Minor code duplication elemination

* Blah typo

* Embarrassing logic error
 2016-06-23 14:02:55 +02:00
Robert Groenenberg 60c6c8d8ca Fixed build 2016-06-21 13:19:11 +02:00
Robert Groenenberg 3634fff4dd Return call_reporting info in case of timeout, so that we can see 
which server did not respond.
 2016-06-20 18:39:15 +02:00
Sara Dickinson c0187a19ea Quick fix for TLS timeouts not re-using a connection. Better solution is needed. 
Also minor fixes in getdns_query:
 - spurious semicolon (caused build warning)
 - build warning for initialised variable
 - have getdns_query honour the CLASS in the incoming query
 2016-06-15 17:15:13 +01:00
Willem Toorop 490aac1b48 Merge branch 'develop' into features/getdns_service 2016-06-08 10:21:29 +02:00
Willem Toorop cf675a9284 Add srv_addresses when query was for SRV 
Moved _getdns_rrset iterators to rr-iter.[ch] in the process
 2016-06-07 16:52:10 +02:00
Willem Toorop e01211d6b4 Debug setting that keeps connections open 2016-05-25 15:57:37 +02:00
Sara Dickinson 5f225d6be3 Add TLS session resumption 2016-05-16 17:41:55 +01:00
Willem Toorop 516f211843 Fire idle timeouts immediately with sync requests 2016-04-13 12:06:51 +02:00
Willem Toorop 57954ad41e Small bugfix in checking complete requests async 2016-04-11 15:33:08 +02:00
Willem Toorop da577a463d set upstream loop to the sync loop for sync reqs 
And reset to the async loop when sync request was finished, rescheduling the upstream->event.
Note that finished_event is scheduled against the async loop always.
 2016-04-11 14:49:44 +02:00
Willem Toorop e4b0d08fad Minor bugfix for use with openssl 1.1.0 2016-04-05 13:15:59 -03:00
Willem Toorop b0ecda5d2e No more side effects with synchronous calls 
(and upstreams that keep connections open)
 2016-03-23 22:13:31 +01:00
Willem Toorop e934c100a2 Merge branch 'develop' into devel/codebase-maintenance 2016-03-22 13:22:13 +01:00
Willem Toorop e4e3dde61f Don't breakup the sync vs async schedule 
to accentuate changes.
 2016-03-18 13:30:49 +01:00
Sara Dickinson c1f15fc0ac Minor tweaks 2016-03-18 12:02:40 +00:00
Sara Dickinson c08371ebb0 First pass at updating DEBUG_STUB output 2016-03-18 11:34:51 +00:00
Willem Toorop ab742b34b6 Miscelaneous scheduling fixes and improvements 2016-03-17 16:49:05 +01:00
Willem Toorop 0c0868517c Remove leftover debugging printfs 2016-01-12 16:57:17 +01:00
Willem Toorop fed8cc51ed Initial TCP support for Windows 2016-01-12 16:54:42 +01:00
Willem Toorop 4fd8d3dddd Replace mini_event extension by default_eventloop 
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
  * It interfaces directly with the scheduling primitives of getdns.
  * It can operate entirely from stack and does not have to do
    any memory allocations or deallocations.

* Adapted configure.ac to allow libunbound to be linked with Windows
  (with the removal of winsock_event.c we have no symbol clashed anymore)

* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
  to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
 2016-01-12 15:52:14 +01:00
Willem Toorop 6b2d9a2d70 Unused var compile warning in certain conditions 2015-12-31 11:26:29 +01:00
Willem Toorop a2bdfb2f22 Merge branch 'features/windows-support' into develop 2015-12-24 14:44:18 +01:00
Willem Toorop 9d3905459e Miscellaneous fixes to compile on windows 
Also without warnings.
 2015-12-24 14:41:50 +01:00
Willem Toorop caba5f19d5 Merge branch 'develop' into features/windows-support 2015-12-24 11:01:26 +01:00
Daniel Kahn Gillmor 2a50f4d2ac Set tls_auth_failed when any present authentication mechanism fails 
We used to only have hostnames available.  now we have pubkey_pinsets
available as well.

We want upstream->tls_auth_failed to be 1 when any authentication
mechanism we've been asked for fails (and also when we haven't been
given any authentication mechanism at all).
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 57a04f61db Allow AUTHENTICATION_REQUIRED w/o hostname when pubkey pinset is available 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Sara Dickinson 2ce806c05b Tinker with debug statements/comments. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor a9eb9ccca9 Check that the pinset matches if it is configured 
if the upstream is configured to allow fallback, this will not be a
fatal error, but it will still be checked.

Future work:

 * verify any certs higher in the chain than the end-entity cert
 * deal with raw public keys
 * in the fallback case, report to the user whether the pinset match failed
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop 0a809cb7d8 Allow truncated answers to be returned 2015-12-22 10:56:20 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Willem Toorop 6c1e00fc3f Send TSIG 2015-12-21 22:11:16 +01:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Sara Dickinson 91a73ab3d0 cleanup 2015-12-18 16:22:09 +00:00
Sara Dickinson 4165e874de Fix tests 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop 5a65d2b693 Look further then you nose Willem! 2015-12-17 15:46:31 +01:00
Willem Toorop b839b97ac2 Oops... reverted syntax/style to agressively 2015-12-17 13:07:39 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00