interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,632 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

462 Commits

Author SHA1 Message Date
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00
Willem Toorop 540735a956 Check pins with DANE functions when available 2018-01-04 15:58:09 +01:00
Willem Toorop 0ef910b9ee read_buf's may remain on canceled tcp requests 2017-12-21 14:53:54 +01:00
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 8f88981efe rename set_cipher_list() to set_tls_cipher_list() 2017-12-21 11:35:05 +01:00
Willem Toorop 7fe3bd6a1f getdns_context_set_ciphers_list() 2017-12-20 13:13:02 +01:00
Willem Toorop 274bc9bc4a Merge branch 'develop' into release/1.2.2 2017-12-20 09:37:56 +01:00
Pascal Ernster 65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305 
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).

Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.

Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
 2017-12-15 20:01:30 +00:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop 2c66487635 Merge branch 'devel/dnssec_meta_queries' into release/1.2.2 2017-12-13 14:52:00 +01:00
Willem Toorop 5f1a2f8659 Merge branch 'features/CA_verify_locations' into release/1.2.2 2017-12-13 14:49:42 +01:00
Willem Toorop d5518bad67 Return which extensions are set 
(for programs (Stubby) to know whether a context will do native dnssec validation or not)
 2017-12-13 11:12:49 +01:00
Willem Toorop da3f023d8f set_CApath() and set_CAfile() for alt verify locs 2017-12-12 15:10:37 +01:00
Willem Toorop 96ed06c6a9 Initialize context with given resolv.conf and hosts files 
- getdns_context_create with set_from_os set will simply call these
  functions with the defaults

+ filechg_check is simplified somewhat (reducting memory management)
+ get OpenSSL version version via get_api_information()
 2017-12-12 12:24:31 +01:00
Willem Toorop 01197f10ff Merge branch 'develop' into features/resolvconf 2017-11-29 15:25:50 +01:00
Willem Toorop 025f1cdff3 set_from_os last to initialize ... 
... because it is initialized with values from context itself!
I.e. context->tls_backoff_time, context->tls_connection_retries and context->log are used to initialize upstreams in upstreams_create() called from set_from_os
 2017-11-28 16:04:23 +01:00
Willem Toorop 27847b9a0a Initialize context->sys_ctxt! 2017-11-23 13:23:00 +01:00
Willem Toorop c3cdf496e3 Meta queries to upstreams from resolvconf setting 2017-11-23 12:48:48 +01:00
Willem Toorop c0a3babe0a Separate sys_ctxt for meta queries 2017-11-23 12:44:40 +01:00
Willem Toorop ed6c7a6b58 getdns_context_create2 and family that set an ... 
... alternative resolvconf file
 2017-11-22 15:49:30 +01:00
Willem Toorop a7a6240202 Set default resolvconf and hosts during configure 2017-11-22 15:01:38 +01:00
Willem Toorop 6f20016889 default_trust_anchor_location in api_information 
instead of trust_anchor_file
 2017-11-10 10:35:41 +01:00
Willem Toorop f8e1ed78b8 Make upstream_reset static (and not shared between .c files) 2017-10-19 12:48:58 +02:00
Sara Dickinson 8886c5317d Fix 2 bugs: 
- backoff time was not incrementing correctly
- best authentication information state was not being kept for shutdowns during setup (needed if e.g. hostname authentication failed during handshake).
 2017-10-19 10:36:46 +01:00
Willem Toorop eedd1a1448 Eat incoming garbage on statefull transports 
Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
 2017-10-17 16:58:01 +02:00
Jim Hague dc7daede40 Move Windows/Unix functions into new platform.h. 2017-10-06 12:07:15 +01:00
Jim Hague a0c313412d Adjust Unix socket/Winsock handling. 
Centralise it into util-internal.h, remove duplicate definitions from mdns, and add new pseudo-functions _getdns_closesocket(), _getdns_poll() and _getdns_socketerror(). Convert error values to simple values and convert error checking to use _getdns_socketerror() and the simple values. The simple values can also be used with the result from getsockopt() with SO_ERROR in stub.c.
 2017-10-04 17:31:33 +01:00
Willem Toorop 23daf9aac3 Fix TLS authentication 2017-09-28 22:17:36 +02:00
Willem Toorop c3df13b27c PATH_MAX can be in sys/limits.h too.. 
and must have a fallback value
 2017-09-28 19:45:16 +02:00
Willem Toorop cefeed2b47 PRIsz usage like PRIu64 etc. 2017-09-27 13:15:12 +02:00
Willem Toorop 114b5785f7 Doxygen documentation for Zero configuration DNSSEC 
+ rename of getdns_context_(get|set)_trust_anchor_*()
         to getdns_context_(get|set)_trust_anchors_*()
 2017-09-22 12:25:56 +02:00
Willem Toorop a3bfee7d0a Issues from unit tests 2017-09-22 11:12:27 +02:00
Willem Toorop da2aa634d3 Make appdata_dir configurable + 
settings via getdns_context_config()
 2017-09-21 17:06:29 +02:00
Willem Toorop 1b47ce4d10 Slightly different function prototypes 2017-09-21 12:38:49 +02:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Willem Toorop 7c229c40cd Merge branch 'features/zeroconf-dnssec' into release/v1.2.0 2017-09-20 15:45:27 +02:00
Willem Toorop e6536bb2ef Typo 2017-09-20 15:18:43 +02:00
Willem Toorop 34d35f9e79 Track updating TA's with root DNSKEY rrset 2017-09-20 10:30:13 +02:00
Willem Toorop 463855d274 Writability test for application data 2017-09-16 18:16:21 +02:00
Willem Toorop 6d29f7fb65 Fix issues accumulated when tpkg didn't work 2017-09-14 15:14:00 +02:00
Willem Toorop 8c4ed6294e Merge branch 'develop' into features/zeroconf-dnssec 2017-09-14 12:27:47 +02:00
Willem Toorop f31eb517e0 Lazy TA and time checking 2017-09-14 11:47:02 +02:00
Jim Hague 80b2eacc26 Merge branch 'develop' into features/yaml 2017-09-13 16:55:11 +00:00
Sara Dickinson f0190e4f03 Add 2 missing parameters from the config output 2017-09-13 13:02:01 +01:00
Willem Toorop 8f3ce9af35 Configurable zero configuration DNSSEC parameters 2017-09-13 14:00:54 +02:00
Sara Dickinson b760a2ced2 Refine the logging levels to match the errors given when backing off, etc. 2017-09-12 15:01:02 +01:00
Sara Dickinson 729af1d159 Allow backed-off upstreams to be re-instated if all our upstreams are unusable (e.g. if the network is down). 
But limit re-tries for a given netreq to the total number of upstreams before failing. This should (roughly) allow 2 retries per upstream of the correct transport before bailing out. Otherwise we are stuck in a loop retrying forever!
 2017-09-12 13:47:56 +01:00
Willem Toorop 8aa46b305d Merge branch 'develop' into features/zeroconf-dnssec 2017-09-11 11:09:58 +02:00
Sara Dickinson 42945cfc08 Make the backoff time incrementally increase until the upstream starts working again 2017-09-08 17:28:37 +01:00