Daniel Kahn Gillmor
0b388872ea
clarify per-query options vs. per-upstream options
...
Sending DNS cookies was overwriting any existing options (DNS OPT) in
the outbound query.
Also, DNS cookies may not be the only option that gets set
per-upstream (instead of per-query).
This changeset establishes a set of per-query options (established at
the time of the query), and a buffer of additional space for adding
options based on the upstream is in use.
The size of this buffer is defined at configure time (defaults to 3000
octets).
Just before a query is sent out, we add the per-upstream options to
the query.
Note: we're also standardizing the query in tls too, even though we're
not sending any upstream options in that case at the moment
(edns_cookies are much weaker than TLS itself)
2015-11-01 15:47:22 +09:00
Daniel Kahn Gillmor
3e90795680
enable talking to servers with ECDSA certs
...
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.
(also, clean up comments about opportunistic TLS)
2015-11-01 15:47:03 +09:00
Willem Toorop
af6947cbb3
Merge branch 'develop' into features/dnssec_roadblock_avoidance
2015-11-01 15:34:21 +09:00
Willem Toorop
8b9041325b
Bugfix don't grow upstreams memory
...
upstreams have internal references and cannot be realloc'ed easily
2015-11-01 15:23:26 +09:00
jad
30043d2ba5
corrected name
2015-11-01 13:09:18 +09:00
jad
51eb2fdf55
working prototype 6
2015-11-01 12:47:49 +09:00
Willem Toorop
ae2cc39a36
Full roadblock avoidance functionality
2015-11-01 12:28:43 +09:00
jad
f5662bbf32
working prototype 5
2015-11-01 11:43:12 +09:00
jad
2d20e18b8a
working prototype 4
2015-11-01 11:14:45 +09:00
jad
25f7f2182b
working prototype 3
2015-11-01 11:04:03 +09:00
jad
80864655d7
Working prototype 2
2015-11-01 10:51:00 +09:00
jad
a85b17c885
working prototype 1
2015-11-01 10:24:02 +09:00
Willem Toorop
58885e04d7
dnssec_roadblock_avoidance extension
2015-10-31 21:04:08 +09:00
Willem Toorop
35c803208b
Bit more concise and clear confusing code text
2015-10-31 18:24:24 +09:00
Willem Toorop
fb6642d6a5
Print response dict when there is one
2015-10-31 17:59:14 +09:00
Willem Toorop
521e46879b
Document that thing that we keep forgetting about
2015-10-31 17:15:36 +09:00
Willem Toorop
9ce441e59a
--enable-debug-sched for getdns_query too
2015-10-31 16:24:49 +09:00
Willem Toorop
de59b700ce
Fix libidn really absent + NetBSD fixes
2015-10-29 19:13:39 +01:00
Willem Toorop
0a717f5d51
Warning with older (less intelligent) compiles
2015-10-29 16:25:07 +01:00
Willem Toorop
d691973571
Bumb versions for 0.5.0 release
2015-10-29 15:43:00 +01:00
Willem Toorop
8c3d348f05
Help text typo
2015-10-27 16:43:25 +01:00
Willem Toorop
3c5f2d4c4d
Merge branch 'v0.5.0' of github.com:getdnsapi/getdns into v0.5.0
2015-10-27 16:39:09 +01:00
wtoorop
a8351f80e6
Merge pull request #117 from saradickinson/bugfix/tls_ciphers
...
Fix error that was not allowing cipher suite fallback for opportunist…
2015-10-27 16:38:25 +01:00
Sara Dickinson
e397d1e020
Fix error that was not allowing cipher suite fallback for opportunistic TLS.
2015-10-25 15:28:20 +00:00
Willem Toorop
4cbdfde0e6
Typo fix
2015-10-22 16:26:32 +02:00
Willem Toorop
c613743644
Update spec to 0.701
2015-10-22 15:12:15 +02:00
Willem Toorop
973fcbddcc
Don't assume mini_event loop
2015-10-22 14:38:34 +02:00
Willem Toorop
47b77c948a
Fix small memory leak when switching event loops
2015-10-22 14:16:53 +02:00
Willem Toorop
98a2c497d2
ldns CFLAGS for tests (+ make deps)
2015-10-22 13:46:23 +02:00
Willem Toorop
fbc3b2d6a8
Use the NOT_IMPLEMENTED return code!
2015-10-22 12:13:40 +02:00
Willem Toorop
b88c74b4c8
Synchronize with October 2015 spec
2015-10-22 12:02:04 +02:00
Willem Toorop
276b4c6cd8
Update dependencies and add Andrew Cathrow to team
2015-10-22 11:32:20 +02:00
Willem Toorop
d601443c7e
Bump versions and ChangeLog for 0.5.0rc1
2015-10-21 17:19:50 +02:00
Willem Toorop
31a07752f0
New non API functions + consts in getdns_extra.h
2015-10-21 17:02:50 +02:00
Willem Toorop
ebd94f48cf
Anticipate missing X509_V_ERR_HOSTNAME_MISMATCH
2015-10-21 16:01:40 +02:00
Willem Toorop
7647005285
Report memory errors in json-pointers test
2015-10-21 16:01:16 +02:00
Willem Toorop
3cc44ffcb1
Merge remote-tracking branch 'sara/feature/tls_auth_api' into features/tls_auth_api
2015-10-21 15:34:57 +02:00
Sara Dickinson
3be47edbb3
More cleanup
2015-10-16 18:40:33 +01:00
Sara Dickinson
b74c62066c
Cleanup
2015-10-16 18:31:57 +01:00
Sara Dickinson
689447509a
Change port used for TLS to 853
2015-10-16 17:00:14 +01:00
Sara Dickinson
28ffb2fdf6
Add ls_authentication to API
2015-10-16 17:00:14 +01:00
Sara Dickinson
6b4ee4ed31
Block authenticated requests on unauthenticated connection
2015-10-16 17:00:14 +01:00
Sara Dickinson
af617e92a7
Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement.
2015-10-16 17:00:14 +01:00
Sara Dickinson
e710286e45
Start work on better authentication
2015-10-16 16:57:13 +01:00
Willem Toorop
d859e93c7e
Don't fail on missing tgz in spec
2015-10-08 13:39:24 +02:00
Willem Toorop
d0a80925c2
Bugfixes for setting with json pointers
...
+ scratchpad for developing/debugging
2015-10-08 12:54:30 +02:00
Willem Toorop
3373ed5056
Merge json pointer branch from spec repo
...
(including examples)
2015-10-07 13:15:07 +02:00
Willem Toorop
5e269b69fa
Reverse example
2015-10-06 23:07:57 +02:00
Willem Toorop
820a657297
Check getdns_dict_remove_name parameters
2015-10-06 13:12:33 +02:00
Willem Toorop
f632ef8939
The tree example with json pointers
2015-10-06 12:29:15 +02:00