Willem Toorop
b90ba236ae
tls_ciphersuites, tls_cipher_list, tls_curve_list,
...
tls_min_version & tls_max_version settings must cause
failure when not supported by the TLS library. Not during
configure time, but during connection setup so it doesn't
hamper alternative transports.
2018-11-22 11:37:28 +01:00
Willem Toorop
6b10570842
DNSSEC bugfix found with static analysis
...
* Fix for DNSSEC bug in finding most specific key when
trust anchor proves non-existance of one of the labels
along the authentication chain other than the non-
existance of a DS record on a zonecut.
2018-11-22 10:21:48 +01:00
Willem Toorop
4ff9816e39
google now supports DoT
2018-11-21 17:00:03 +01:00
Willem Toorop
73868643d2
Fix compile warnings
2018-11-21 16:07:47 +01:00
Willem Toorop
1904ee7318
Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130
...
Configurable TLS version
2018-11-21 15:02:28 +01:00
Jim Hague
e7593541ef
Ensure that compat/getentropy* don't get used, and so drag in OpenSSL.
2018-11-20 17:37:46 +00:00
Jim Hague
4f67491971
Remove unnecessary OpenSSL include in dnssec.c.
2018-11-20 17:36:56 +00:00
Jim Hague
05f9d30e89
Move anchor.c to under openssl.
2018-11-20 16:57:48 +00:00
Jim Hague
f3e0f2b9e6
Split OpenSSL specific bits of keyraw.hc into keyraw-internal.hc.
...
All usage is internal to val_secalgo.c, which is already in openssl.
2018-11-20 16:51:17 +00:00
Jim Hague
da94b52f74
Move val_secalgo.c to openssl.
...
It contains ports other than OpenSSL (NSS and NETTLE), but we're not worrying about those for our purposes at present.
2018-11-20 16:21:06 +00:00
Jim Hague
4eb845bc58
Move internal-only functions from public pubkey-pinning interface.
...
The interface now only exposes functions used by the main getdns code.
2018-11-20 15:55:34 +00:00
Jim Hague
ff9cde2087
Remove SSL type from pubkey-pinning interface.
2018-11-20 15:49:26 +00:00
Jim Hague
756eda96d8
Remove ssl_dane dir from dependency generation search.
2018-11-20 15:47:56 +00:00
Jim Hague
cfa78707a3
Add openssl subdir to distribution.
2018-11-20 15:35:59 +00:00
Willem Toorop
6a5e96d4e1
tls_ciphersuites + bugfix in strdup2!!
2018-11-20 16:13:57 +01:00
Jim Hague
52421be5f4
Correct error checking result of _getdns_tls_context_set_ca().
2018-11-20 15:12:10 +00:00
Jim Hague
1b0a09a23f
Wrap hostname/certificate verification.
...
This removes the last OpenSSL items from stub.c.
2018-11-20 14:53:31 +00:00
Willem Toorop
e5a53fb1d2
Bumb version
2018-11-20 13:57:13 +01:00
Jim Hague
fb73bcb77e
Correct return value error from _getdns_tls_connection_(read|write)().
2018-11-20 12:43:17 +00:00
Jim Hague
2e8c48544b
Move pubkey-pinning implementation under openssl/.
2018-11-19 13:55:02 +00:00
Jim Hague
aba0e2fb4c
Move non-TLS-library specific parts of tls.h to ~/src/tls.h and have it include lib-specific tls-internal.h.
...
Update dependencies.
2018-11-19 09:49:54 +00:00
Jim Hague
5d353d9efb
To aid proof-of-concept work, insist on OpenSSL 1.1.1 or later.
...
Remove ssl_dane as now surplus to requirements.
2018-11-16 17:58:29 +00:00
Jim Hague
0fd6fd4c5c
Replace (one instance of) SSL_get_peer_certificate().
2018-11-16 17:09:26 +00:00
Jim Hague
4b8c9d1bd7
Replace SSL_get_version().
2018-11-15 17:53:37 +00:00
Jim Hague
09019bee75
Replace SSL_write().
2018-11-15 17:53:29 +00:00
Jim Hague
e7453522d5
Replace SSL_read().
2018-11-15 17:51:52 +00:00
Jim Hague
e22c01e212
tls_do_handshake: move handshake and check for new session into abstraction layer.
2018-11-15 14:28:04 +00:00
Jim Hague
ffd1136e94
tls_create_object(): Move setting client state and auto-retry into connection_new and add setting connection session.
2018-11-15 13:23:00 +00:00
Jim Hague
d9fdd4c10d
Abstracting TLS; let's start with context only.
...
Change data types in context.h and fix up context.c. Do minimal fixups to stub.c.
2018-11-15 11:01:13 +00:00
Willem Toorop
12589d85c2
Wild guess at OpenSSL without engine support
2018-06-12 17:00:45 +02:00
Willem Toorop
9b4e8e9e91
X509_get_notAfter not in OpenSSL 1.1.1 anymore
2018-06-12 16:37:46 +02:00
Willem Toorop
884f6ddc5e
DS is always a delegation and never at the apex
2018-06-10 16:57:40 +02:00
Willem Toorop
25231aa686
Fix finding signer of NSEC and NSEC3s
...
Thanks Philip Homburg
2018-06-08 21:39:59 +02:00
Willem Toorop
000fa94ae2
Sync ldns & utils with unbound
2018-05-22 12:44:13 +02:00
Willem Toorop
799bd2f6b1
Bugfix #399 : Reinclude <linux/sysctl.h> in getentropy_linux.c
2018-05-15 08:11:55 +02:00
Willem Toorop
f9ab894936
Merge branch 'develop' of github.com:getdnsapi/getdns into develop
2018-05-11 13:29:59 +02:00
Willem Toorop
8c108fb761
Merge branch 'release/1.4.2'
2018-05-11 13:29:24 +02:00
Willem Toorop
e481273ff4
Last minute update
2018-05-11 13:20:08 +02:00
wtoorop
0510fb00d3
Merge pull request #397 from ehmry/tcp_sendto
...
No TCP sendto without TCP_FASTOPEN
2018-05-11 12:04:49 +01:00
wtoorop
fa133fcb92
Merge pull request #393 from saradickinson/bugfix/windows_certs
...
Temporary fix for https://github.com/getdnsapi/stubby/issues/87 . Dete…
2018-05-11 11:52:18 +01:00
wtoorop
7fe45a7012
Merge pull request #396 from saradickinson/bugfix/windows_certs
...
Temporary fix for https://github.com/getdnsapi/stubby/issues/87 . Dete…
2018-05-11 11:51:33 +01:00
Willem Toorop
86e5c39159
Release 1.4.2
...
-----BEGIN PGP SIGNATURE-----
iQIxBAABCAAbBQJa9XQrFBx3aWxsZW1AbmxuZXRsYWJzLm5sAAoJEOX4+CEvd6SY
QjYP/1hDH9Y1+JZFVdcDk0JLrMhrhfnPq1RdefiEzXPwcoFvbahwb7G5ARXQCkUz
dgiJoae1euaCeQQyscJ83Vv9zxRetxCquuaA6j3eeiR3HtVJr6ayGfg1JPHcgO+O
S7IJkUuRcpSB7PK4f/FqyrnrJNSFUfN25y9WvXOS5mJBq1OX8QhqWHN63uHXKVQt
lfipQE/WiQic07a1bObNJcdmot4M6cCa6QcSc1JS37dvvHCHZc0HQox/VCUJpqrr
rx1hbRCZFZ3B+DY4Fded4rIZSYG9Y/J64X7IW5hdv2z2G//Q9YBf16rkzz6xcpA/
CIniaFXNliaugkHD7Nag/D32yMpUhDnJt2BloNQodZNMPRzerfLj9R8IKOjjM+py
vEe+xCyrs7s7TKyK9nSacyJ5BWZDE1vOKDF1tNHK9KzJ4YtfGtmxjjmB1VytNy6O
BXs3ml/VSgVgBZbmcevWDXn6anByacKADDkiyVJ9PRCL2+qFOt3CR3t8GWlCwK5O
GvrKmNkeUYfjyw03qCXXJ54Ti6xrmBJPcUeBE1NdTF7OgYhSyImhQqAnInG/Z3ZU
c1j7pKYw2LNQ7F/CaW+AQ4HpizltIHRiBHhMvaArhp4idvyFMTr1YV7MrCWixqpx
2fGSVuaLSYGOxsqM7m2lrbTckIESBAxX+f4vGj2nxP9qzna0
=DfcS
-----END PGP SIGNATURE-----
Merge tag 'v1.4.2'
Release 1.4.2
2018-05-11 12:45:26 +02:00
Willem Toorop
0d283fc63f
1.4.2 release
2018-05-11 12:02:49 +02:00
Willem Toorop
48e0ea013c
Include Stubby - v0.2.3 release
2018-05-11 11:56:00 +02:00
Willem Toorop
6c99e7b8a6
Bugfix getdnsapi/stubby#106 : Core dump when ...
...
printing certain configuration. Thanks Han Vinke
2018-05-11 11:28:52 +02:00
Willem Toorop
98b1ff624a
Memory loss with empty string bindata's
2018-05-11 11:23:19 +02:00
Emery Hemingway
a6ec2b2449
No TCP sendto without TCP_FASTOPEN
2018-05-08 14:58:17 +02:00
Willem Toorop
5a816f3d51
Include systemd and contrib dir with stubby
2018-05-04 15:29:14 +02:00
Willem Toorop
9d48f1cf97
Update Stubby
2018-05-04 15:21:05 +02:00
Willem Toorop
9b7999ecf2
Update stubby
2018-05-04 15:19:33 +02:00