interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,556 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1128 Commits

Author SHA1 Message Date
Daniel Kahn Gillmor 57a04f61db Allow AUTHENTICATION_REQUIRED w/o hostname when pubkey pinset is available 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Sara Dickinson 792ecd65b8 Add missing constant to const-info.c 2015-12-23 18:00:43 +00:00
Sara Dickinson 2ce806c05b Tinker with debug statements/comments. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor a9eb9ccca9 Check that the pinset matches if it is configured 
if the upstream is configured to allow fallback, this will not be a
fatal error, but it will still be checked.

Future work:

 * verify any certs higher in the chain than the end-entity cert
 * deal with raw public keys
 * in the fallback case, report to the user whether the pinset match failed
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 614d317fd8 getdns_query: add -K option to attach pinsets to getdns_contexts. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 0d2256df09 set and return the pubkey_pinsets on the upstream resolvers 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor b305f073fe add functions to translate between getdns_list and sha256_pin linked list 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 5e64f1262b add getdns_pubkey_pinset_sanity_check() 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 91f04ecd5e add getdns_pubkey_pin_create_from_string() 2015-12-23 17:59:50 +00:00
Willem Toorop 29b033c14c off-by-one bugfixes 2015-12-23 17:38:36 +01:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop 746c26dafc Update Makefile dependencies 2015-12-23 12:26:39 +01:00
Willem Toorop f9c2f96996 Fixes for miscelanous little zone parse errors 
Hopefully the tpkg test is more deterministic now too...
 2015-12-23 12:06:09 +01:00
Willem Toorop 11cd892662 Clean boundries on wireformat scans 2015-12-22 19:14:18 +01:00
Willem Toorop e4fa06a57b getdns_fp2rr_list conversion function 
+ private conversion functions that respect custom memory handlers
+ converage of more different example functions in 260-conversion-functions test package
 2015-12-22 18:37:24 +01:00
Willem Toorop 0cb513e9b7 Doc of (|_buf|_scan) style conversion funcs 
+ (|_buf|_scan) versions of most of the conversion directions.
+ mk-const-info handles new return_t's defines
 2015-12-22 16:04:43 +01:00
Willem Toorop 6519a05780 all debug config option for broadest src coverage 
With the 300 tpkg test
 2015-12-22 11:43:06 +01:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop 0a809cb7d8 Allow truncated answers to be returned 2015-12-22 10:56:20 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Willem Toorop 8a8a017fc5 Validate received TSIG reply 2015-12-22 01:03:31 +01:00
Willem Toorop 6c1e00fc3f Send TSIG 2015-12-21 22:11:16 +01:00
Sara Dickinson f55721d261 Update unit test. Since 0 is the default, it can be set via the function. 2015-12-21 17:36:59 +00:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson 91a73ab3d0 cleanup 2015-12-18 16:22:09 +00:00
Sara Dickinson 4165e874de Fix tests 2015-12-18 16:14:54 +00:00
Sara Dickinson 13ddf9ad83 Update constants 2015-12-18 16:14:54 +00:00
Sara Dickinson 3e97e1f032 Fix make file 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop bc2ec7cee3 Specify TSIG parameters with getdns_query 2015-12-18 15:16:48 +01:00
Willem Toorop 95e9fa1f35 Better/shorter tpkg descriptions 2015-12-18 14:09:30 +01:00
Willem Toorop 0129550130 Dependencies 2015-12-18 14:04:16 +01:00
Willem Toorop 54f3179c0e Fix libmini_event getting context's mem funcs 2015-12-18 13:57:20 +01:00
Willem Toorop c8a9da69ea Fix libuv.c dependencies 2015-12-18 13:50:17 +01:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop e60afbdf0c Leave space with builddir recplacements 
in make depend
 2015-12-18 13:21:14 +01:00
Willem Toorop 8eab1530bf Fix make depend from builddir != srcdir 2015-12-18 13:14:27 +01:00
Willem Toorop 0d156abf5a Dependencies 2015-12-18 12:24:06 +01:00
Willem Toorop 638b841855 tpkg for dependencies checking 2015-12-18 12:22:54 +01:00
Willem Toorop 17d44a769c Test & fix installing 2015-12-18 11:13:22 +01:00
Willem Toorop 34af4a22f2 Get rid of tpkg help files 
The fewer files to maintain the better
 2015-12-18 11:03:54 +01:00
Willem Toorop 94cc17ff16 Wrong help text of symbols checkining tpkg 2015-12-18 10:46:11 +01:00
Willem Toorop 5a65d2b693 Look further then you nose Willem! 2015-12-17 15:46:31 +01:00
Willem Toorop d3d2dbc1d3 inet_ntop and inet_pton from compat 2015-12-17 15:36:43 +01:00
Willem Toorop b839b97ac2 Oops... reverted syntax/style to agressively 2015-12-17 13:07:39 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00
Willem Toorop 4f37fb1e93 Fix mk-const-info problem with travis 2015-12-16 16:19:50 +01:00
Willem Toorop 71d8a50519 tpkg to warn if consts and symbols are out of sync 2015-12-16 15:48:09 +01:00
Sara Dickinson fc4e4f23df Rename return_call_debugging to return_call_reporting. Update index.html with change of content. 2015-12-16 14:20:35 +00:00
Willem Toorop 16b62f43eb Merge branch 'develop' into features/conversion_functions 2015-12-16 13:53:25 +01:00
wtoorop 69b54be99c Merge pull request from saradickinson/feature/mac_tfo 
Enable TFO by default if possible, add MAC OSX TFO support
Looks good, thanks.
 2015-12-16 13:45:14 +01:00
Willem Toorop e747efe415 Merge branch 'develop' into features/conversion_functions 2015-12-16 12:42:32 +01:00
Willem Toorop 1ef4db8e9d Unique NSEC and NSEC3 rrsets in "validation_chain" 2015-12-16 12:40:32 +01:00
Willem Toorop d09e892285 Convert rr_dict with missing rdata to wire format 
In wireformat this then means no rdata.
This is needed with the zonecut indicating DSes returned in the validation chain.
 2015-12-16 12:02:53 +01:00
Willem Toorop 2c2359af61 Remove duplicate records in RRset before verifying 
As suggested in RFC4034 section 6.3
 2015-12-16 10:47:15 +01:00
Willem Toorop b0aae6b51d Repeating and special rdata field 2 wireformat 2015-12-15 00:07:05 +01:00
Willem Toorop 0433c47466 Fix memory leak when deleting list items 2015-12-15 00:04:33 +01:00
Willem Toorop de269a4695 Wireformat writing for special rdata fields 2015-12-14 15:25:37 +01:00
Willem Toorop 4ae24761c7 Rename special wireformat parsing funcs 
in aticipation of the special writing to wireformat functions
 2015-12-14 12:38:25 +01:00
Willem Toorop 7baec89d4c Don't misuse getdns_data_type for something else 2015-12-14 12:13:06 +01:00
Sara Dickinson 736d9f20bf Enable TCP FastOpen by default and add support for OSX implementation of TFO. 2015-12-13 17:44:31 +00:00
Willem Toorop aadd4dc8bb Add conversion functions test package 2015-12-13 15:59:36 +01:00
Willem Toorop 5ae854b8bf Fix dict to wire of repeating rdata fields 2015-12-13 15:58:45 +01:00
Willem Toorop 75b0ae669a Fix rdf iter of single RR wireformat 2015-12-13 15:58:21 +01:00
Willem Toorop 61cd25d862 Merge branch 'develop' into features/conversion_functions 2015-12-11 12:22:34 +01:00
Willem Toorop f88214ab76 Correct include path on json pointer test 2015-12-11 12:21:58 +01:00
Willem Toorop 3752bf0a46 Merge branch 'develop' into features/conversion_functions 2015-12-11 11:59:27 +01:00
Willem Toorop c0831dd598 Move json pointers test to tpkg test 2015-12-11 11:56:44 +01:00
Willem Toorop c1b4694931 Setup test env from individually ran test packages 2015-12-11 11:05:52 +01:00
Willem Toorop 426d59d767 Disable IPv6 only test, because travis containers 
don't support IPv6 :-(.

See: https://blog.travis-ci.com/2015-11-27-moving-to-a-more-elastic-future

Disabled test: getdns_context_set_upstream_recursive_servers_10
 2015-12-10 16:49:55 +01:00
Willem Toorop de490408cd Use the verisign IPv6 upstream 
google's sometimes timeouts...
 2015-12-10 16:26:40 +01:00
Willem Toorop 69aed75d57 Travid in containers 2015-12-10 15:53:43 +01:00
Willem Toorop 2675554f6a Don't configure before running tests 
+ run tests in a separate directory
 2015-12-10 15:32:29 +01:00
Willem Toorop 5a4628e6fe tpkg based testing 2015-12-10 11:55:32 +01:00
Willem Toorop 47dc07e940 First go at conversion to and from rr_dicts 2015-12-09 12:04:00 +01:00
Willem Toorop c53f074fdf Propagate consts with debugging symbols 2015-12-08 09:39:28 +01:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
unknown 22a8550caa Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2 2015-12-04 16:12:43 -05:00
Willem Toorop dd836b2a11 Conversion functions prototypes 2015-12-03 14:54:38 +01:00
unknown 2d58ed465c Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms. 2015-11-22 22:38:13 -05:00
Willem Toorop 08bf613cde Prevent segfault with failed TLS handshake? 
Need proper review for this patch!  Sara?
 2015-11-15 12:46:21 -05:00
Willem Toorop 95618bb3a7 Merge branch 'release/v0.5.1' of github.com:getdnsapi/getdns into release/v0.5.1 2015-11-14 20:01:48 -05:00
Willem Toorop afe5db6b55 Get validation chain avoiding roadblocks 2015-11-14 20:00:13 -05:00
Sara Dickinson 508127a856 Add missing file.... 2015-11-13 14:47:03 +00:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop b9f8f94361 Update ChangeLog and check versions 2015-11-11 12:40:23 +01:00
saradickinson 1a72454b88 Remove debug 2015-11-05 14:41:23 +09:00
saradickinson 5f60683f57 Fix seg fault on timeout 2015-11-05 14:41:23 +09:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 26566a3b00 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2015-11-04 23:25:49 +01:00
Willem Toorop 7f4bdc0868 Bumb versions 2015-11-04 23:25:38 +01:00
Willem Toorop eb4ba438f7 return_validation_chain + roadblock_avoidance bug 2015-11-05 07:11:51 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Willem Toorop 0c3eb08f4d Merge branch 'features/call_debug' into develop 2015-11-04 16:23:22 +09:00