Commit Graph

2928 Commits

Author SHA1 Message Date
Willem Toorop cad7eb2461 Probably the strlcpy 2019-01-23 14:06:04 +01:00
Willem Toorop f72fe60035 Cannot reuse qname (via name) after read_line_cb..
.. returns.
2019-01-23 13:55:29 +01:00
Willem Toorop 2206558376 Merge abstracted TLS API + GnuTLS alternative
Thank you Jim!

Merge branch 'devel/abstract-tls' into develop
2019-01-23 12:52:59 +01:00
Willem Toorop e657024531 Run all unit tests again 2019-01-23 12:50:44 +01:00
Willem Toorop 35f2ce37c0 Restore original serve delays 2019-01-23 12:49:22 +01:00
Willem Toorop c4bd91b196 Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls 2019-01-23 12:46:07 +01:00
Willem Toorop d71dccaf2c - Nested getdns_context_runt() prevention
- Fix address query with qname and missing qtype for -I and -F too
- disable tiny delay again
2019-01-23 12:43:20 +01:00
Jim Hague cdc0d43315 Correct auth state thinko. Spotter credit to Willem. 2019-01-23 11:34:02 +00:00
Willem Toorop 8980f5f5ee Fix nested scheduling with getdns_query -F and -I
+ add 1 millisecond delay between batched queries, just because...
2019-01-23 11:41:00 +01:00
Willem Toorop 0af9a629f4 Does smaller delay make a difference? 2019-01-23 10:50:57 +01:00
Willem Toorop ac379787a2 Reassure clang static analyzer that all is OK 2019-01-23 10:29:20 +01:00
Willem Toorop 79fbef07d8 type specifier misplaced by #ifdef unclarity 2019-01-23 10:27:17 +01:00
Willem Toorop 2bd853bda5 Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls 2019-01-23 09:49:17 +01:00
Jim Hague 61cae868e3 Update ChangeLog to include changes in this branch. 2019-01-17 11:24:40 +00:00
Jim Hague 814ee2c4cf Fix more gcc 8 warnings.
As warnings, these cause builds to fail when running the test suite.
2019-01-17 11:23:39 +00:00
Jim Hague 09ca9a826b Fix gcc 8 warnings. 2019-01-15 17:13:13 +00:00
Jim Hague 9024fd7736 Fix build with INTERCEPT_COM_DS defined.
Decide that layout of handling write results is more readable, and use with read too.
2019-01-15 15:34:33 +00:00
Jim Hague ee6bc7d978 Remove development test erroneously checked in. 2019-01-15 12:39:02 +00:00
Jim Hague 6553aa3aad The new minimum OpenSSL version means that Travis must switch to Xenial. 2019-01-15 12:11:13 +00:00
Jim Hague 8609a35e5b GnuTLS: Add support for TLS 1.3. 2019-01-15 11:31:22 +00:00
Jim Hague ccd6c3592d GnuTLS: Can't set priority for SSL3. 2019-01-15 11:30:56 +00:00
Jim Hague 24774fefd6 Remove 'upstream' association with connection, now unused. 2019-01-15 11:01:58 +00:00
Jim Hague 9e4add2219 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:15:53 +00:00
Jim Hague 3fe0c94357 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:09:20 +00:00
Willem Toorop 66f63b21bc Stubby with dns.google in stubby.yml.example 2019-01-11 14:52:40 +01:00
Willem Toorop 78d6bc30f5 Update stubby to 0.2.5 2019-01-11 13:04:07 +01:00
Jim Hague 51cb570809 Re-add support for OpenSSL prior to 1.1, but now require at least 1.0.2 and drop LibreSSL support. 2019-01-11 11:16:48 +00:00
Willem Toorop 35077bdc6d Update ChangeLog & bumb version 2019-01-11 12:08:38 +01:00
Willem Toorop 411c5cf571 Git rid of * if in libgetdns.symbols 2019-01-07 12:08:26 +01:00
Willem Toorop a4020a6841 mk-symfiles.sh improvent
to filter out #defines as intended.
Thanks Zero King
2019-01-07 11:33:21 +01:00
Willem Toorop 014ac3d368 Stubby with trust_anchors_backoff_time example config 2019-01-03 11:19:13 +01:00
Willem Toorop 426b6f67dd Merge branch 'devel/no-tls1.3-in-cipher_list' into develop 2018-12-31 16:14:26 +01:00
Willem Toorop bbe7dff257 No TLS1.3 ciphers in cipher_list only when ...
SSL_set_ciphersuites in OpenSSL API.
2018-12-31 16:13:20 +01:00
Willem Toorop c69a2f7806 Merge branch 'ArchangeGabriel-patch-1' into devel/no-tls1.3-in-cipher_list 2018-12-31 16:09:55 +01:00
Bruno Pagani 1962c03b79
context: remove TLS13 cipher from cipher_list
TLS 1.3 ciphers have to be set in ciphersuites instead.
2018-12-23 11:31:27 +00:00
Willem Toorop 6f4d25e096 Merge branch 'release/1.5.0' into develop 2018-12-21 17:22:01 +01:00
Willem Toorop 309db67f8b RFE getdnsapi/stubby#121 log re-instantiating TLS ...
... upstreams (because they reached tls_backoff_time) at log level 4 (WARNING)
2018-12-21 16:30:46 +01:00
Willem Toorop 345ed9a734 Final stubby update 2018-12-21 15:52:46 +01:00
Willem Toorop 4be406ce1f Bump version 2018-12-21 15:40:13 +01:00
Willem Toorop 7c52883341 Remove truncated response from transport test 2018-12-21 12:44:51 +01:00
Willem Toorop 431f86f414 Make tests aware of NODATA == NO_NAME change 2018-12-21 12:10:19 +01:00
Willem Toorop 5247fc8de4 Mention RESPSTATUS_NO_NAME change in Changelog 2018-12-21 11:44:04 +01:00
Willem Toorop 13e1e36ba3 RESPSTATUS_NO_NAME when no answers found
(so for NODATA answers too)
2018-12-21 11:28:00 +01:00
Willem Toorop ff1cdce6f8 s/explicitely/explicitly/g
Thanks Andreas Schulze
2018-12-20 15:06:01 +01:00
Jim Hague 65f4fbbc81 Make sure all connection deinits are only called if there is something to deinit. 2018-12-14 15:38:32 +00:00
Jim Hague c1bf12c8a2 Update default GnuTLS cipher suite priority string to one that gives the same ciphers as the OpenSSL version.
Also fix deinit segfault.

./gnutls-ciphers "NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL"
Cipher suites for NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  	0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  	0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                   	0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                0xc0, 0x2 TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                 0xcc, 0xa9 TLS1.2

$ openssl ciphers -v TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ChaCha20-Poly1305 Mac=AEAD
2018-12-14 15:24:13 +00:00
Willem Toorop 79459f5d1d Merge branch 'release/1.5.0' into develop 2018-12-14 16:05:27 +01:00
Willem Toorop 36cb9b0243 We also always publish sha1 over tarballs 2018-12-14 13:45:22 +01:00
Willem Toorop 232f655663 trust_anchor_backoff_time also when appdata dir is not writable 2018-12-14 13:42:43 +01:00
Willem Toorop e9060792dc Merge branch 'release/1.5.0' into develop 2018-12-14 10:45:57 +01:00