interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,648 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2648 Commits

Author SHA1 Message Date
Jim Hague 8ba53f10b6 Correct RTT warning and critical default thresholds. 2018-01-23 13:45:09 +00:00
Jim Hague fcaa4f9845 Reflow usage message entry. 2018-01-23 12:37:14 +00:00
Jim Hague f3b2f83879 More output tittivating. Make verbose by default in non-monitoring mode. 2018-01-23 12:14:40 +00:00
Jim Hague a4f17760ab Revise rcode_text() to get text from getdns, and add rrtype_text(). 2018-01-23 12:13:59 +00:00
Jim Hague 7e884e2cd0 Rename concurrent to OOOR (Out Of Order Responses). 2018-01-23 11:30:12 +00:00
Jim Hague bedd3a02cf Revise concurrency test to use <n>.delay.getdnsapi.net. 
This gives more secure results than the previous method.
 2018-01-22 17:39:25 +00:00
Jim Hague 1e774a95f5 Don't rely on GCC extensions. 2018-01-22 16:49:53 +00:00
Jim Hague 8c3047dbe0 Add 'concurrent' test 
The concurrent test works by sending a known good query synchronously,
and then sending asynchronous queries for three random TLDs followed by
the known good query. The latter should be answerable from cache, and so
give a result before at least one of the random TLDs.
 2018-01-22 16:49:53 +00:00
Jim Hague f9e4c9f853 Revise output. 
If in monitoring mode, make output conform to Nagios norms. This starts with the probe type and result, so we need to save output generated during the operation and print it at the end.

If not in monitoring mode, make the formatting more expansive.
 2018-01-22 14:36:54 +00:00
Jim Hague 0291e205fd Add TLS 1.3 test. 
Add a new item tls_version to call_reporting, containing the OpenSSL version string for the name of the protocol used for the connection.

The test does a normal lookup, but first sets the cipher list to TLS1.3 only ciphers. This will cause a Bad Context error at search time, so we can tell if the underlying OpenSSL library lacks TLS 1.3. The check the call reporting for a TLS version of "TLSv1.3".
 2018-01-19 15:56:40 +00:00
Jim Hague 62ad159f15 Update dnssec-validate. Check we can retrieve info for bogus domain, and remove must use TCP flag. 
Run a second query with the CD bit set and check that succeeds.
 2018-01-19 14:51:46 +00:00
Jim Hague 3fd4f7f240 Add 'dnssec-validate' test. 
This test checks whether the server does DNSSEC validation. If it manages to find an A record for dnssec-failed.org, it doesn't.
 2018-01-19 14:51:46 +00:00
Jim Hague 1a3025a405 If server does not return expected TXT in qname-min, return UNKNOWN not WARNING. 2018-01-18 17:17:16 +00:00
Jim Hague ea035fa82e Correct some code formatting. 2018-01-18 17:16:28 +00:00
Jim Hague f5322c701d Add more missing make targets causing test 105 to fail. 
It's amazing how fiddly it is to add a single executable/source file to the build.
 2018-01-18 11:49:16 +00:00
Jim Hague add818fea2 Remove dependency on timegm() when using OpenSSL < 1.0.2. 
Convert dates to Julian and diff. This is basically what ASN1_TIME_diff() does internally.

And that's quite enough near-pointless polishing here.
 2018-01-18 10:55:44 +00:00
Jim Hague 00c17dca14 Add to certificate time conversion to cope with pre-1.0.2 OpenSSL. Also tag printed time with UTC. 
The time parse with pre-1.0.2 is a best effort, and relies on timegm() to convert struct tm in UTC to time_t. There being attractive alternative. Isn't C time handling grotty?
 2018-01-17 18:38:28 +00:00
Jim Hague 760269acbd Make internal types POSIX-compliant by not naming them *_t. 
See: http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap02.html#tag_22_02_12_01

The change tacitly ignores the colossal number of coach and horses the entire world, including getdns, has stampeded through this POSIX hope for decades, but simply hopes for some small recognition when the Recording Angel tots up the damages.
 2018-01-17 15:35:56 +00:00
Jim Hague 6bd0f8b980 Encode exit status words in () to make it clear that it's not part of the sentence. 
'Server validates OK' -> 'Server validates (OK)'
 2018-01-17 15:24:17 +00:00
Jim Hague 3666d994a7 Add 'keepalive' test and supporting changes to getdns library. 
Checking for server support for keepalive means we need to know if the server did send a keepalive option to the client. This information is not currently exposed in getdns, so add a flag 'server_keepalive_received' to call_reporting. This is 0 if not received, 1 if received. If received, the actual timeout is in 'idle timeout in ms', though watch out for the overflow alternative.
 2018-01-17 15:17:20 +00:00
Jim Hague a4ff6de985 Add 'tls-padding' test. 2018-01-16 12:59:03 +00:00
Jim Hague fdafb458ef Decide we don't want return_both_v4_and_v6 on queries. 2018-01-16 12:19:33 +00:00
Jim Hague b8424e494d Fix up some small usage typos, and don't report result if issuing test usage message. 2018-01-16 11:05:16 +00:00
Jim Hague 5ea0edf262 Update usage. 2018-01-15 17:42:57 +00:00
Jim Hague 8dc3a84735 Add options specifying transport. 2018-01-15 17:42:43 +00:00
Jim Hague 3438c68591 Prefix TLS-only options with 'tls-'. 2018-01-15 13:26:09 +00:00
Jim Hague 08b5976f9c Decouple from getdns config. This is now a pure getdns client. 2018-01-15 13:19:48 +00:00
Jim Hague 3298b5cd50 Extract common processing into search_check() and parse_search_check(). 2018-01-15 12:37:57 +00:00
Jim Hague cb7af33488 Some tests imply TLS. Explicitly make sure these always go over TLS. 2018-01-15 11:28:11 +00:00
Jim Hague 77a5a15cdf Minor output corrections. 2018-01-15 11:02:14 +00:00
Jim Hague 22996bf07d If TLS auth name given, lookup is to go over TLS. 2018-01-15 11:00:12 +00:00
Jim Hague c0d7d2c279 Print exit status at end of main output line. 2018-01-15 10:27:10 +00:00
Jim Hague 5d4bc8bc96 Add rtt test. 2018-01-15 10:16:26 +00:00
Jim Hague b9312e790f Correct certificate expiry custom threshold handling. 2018-01-15 10:01:01 +00:00
Jim Hague 3258fdfd5a Tabs? Spaces? Currently both, switch to spaces only. 2018-01-14 23:28:55 +00:00
Jim Hague 379662a3f3 Add plain lookup test. 2018-01-14 13:41:44 +00:00
Jim Hague 60118e9241 Improve cert-valid argument order to most likely first. 2018-01-13 14:56:55 +00:00
Jim Hague e7618321ce Add cert-valid test. 2018-01-12 18:21:38 +00:00
Jim Hague e597daa4c0 Add 'auth' test. 2018-01-12 17:23:42 +00:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Willem Toorop 2ff1bf6152 Merge branch 'release/1.3.0' into develop 2017-12-22 12:42:47 +01:00
Willem Toorop 25a31e6b35 Bump version 2017-12-21 17:06:43 +01:00
Willem Toorop 03d4950470 We need to set transport list before first query 
(this needs to be reviewed...)
 2017-12-21 16:49:19 +01:00
Willem Toorop 9aa1d067d2 Detect dnsmasq and skip the unit test that fails with it 
This actually resolves issue #300
Thanks Tim Rühsen and Konomi Kitten
 2017-12-21 16:21:10 +01:00
Willem Toorop aa419a88d0 Skip some more truncation issues with dnsmasq 2017-12-21 16:01:48 +01:00
Willem Toorop 81ffa2f48d Skip test that breaks with dnsmasq 
when SKIP_DNSMASQ_ISSUE variable is test.
Helps out a little with issue #300
 2017-12-21 15:45:58 +01:00
Willem Toorop 0ef910b9ee read_buf's may remain on canceled tcp requests 2017-12-21 14:53:54 +01:00
wtoorop efb0539c15
Merge pull request #368 from getdnsapi/devel/tls_settings 
TLS settings have tls_ prefixed name
 2017-12-21 14:25:01 +01:00
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
wtoorop f173f4667f
Merge pull request #367 from getdnsapi/features/set_cipher_list 
Features/set cipher list
 2017-12-21 13:00:08 +01:00