Willem Toorop
|
cad7eb2461
|
Probably the strlcpy
|
2019-01-23 14:06:04 +01:00 |
Willem Toorop
|
f72fe60035
|
Cannot reuse qname (via name) after read_line_cb..
.. returns.
|
2019-01-23 13:55:29 +01:00 |
Willem Toorop
|
2206558376
|
Merge abstracted TLS API + GnuTLS alternative
Thank you Jim!
Merge branch 'devel/abstract-tls' into develop
|
2019-01-23 12:52:59 +01:00 |
Willem Toorop
|
e657024531
|
Run all unit tests again
|
2019-01-23 12:50:44 +01:00 |
Willem Toorop
|
35f2ce37c0
|
Restore original serve delays
|
2019-01-23 12:49:22 +01:00 |
Willem Toorop
|
c4bd91b196
|
Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls
|
2019-01-23 12:46:07 +01:00 |
Willem Toorop
|
d71dccaf2c
|
- Nested getdns_context_runt() prevention
- Fix address query with qname and missing qtype for -I and -F too
- disable tiny delay again
|
2019-01-23 12:43:20 +01:00 |
Jim Hague
|
cdc0d43315
|
Correct auth state thinko. Spotter credit to Willem.
|
2019-01-23 11:34:02 +00:00 |
Willem Toorop
|
8980f5f5ee
|
Fix nested scheduling with getdns_query -F and -I
+ add 1 millisecond delay between batched queries, just because...
|
2019-01-23 11:41:00 +01:00 |
Willem Toorop
|
0af9a629f4
|
Does smaller delay make a difference?
|
2019-01-23 10:50:57 +01:00 |
Willem Toorop
|
ac379787a2
|
Reassure clang static analyzer that all is OK
|
2019-01-23 10:29:20 +01:00 |
Willem Toorop
|
79fbef07d8
|
type specifier misplaced by #ifdef unclarity
|
2019-01-23 10:27:17 +01:00 |
Willem Toorop
|
2bd853bda5
|
Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls
|
2019-01-23 09:49:17 +01:00 |
Jim Hague
|
61cae868e3
|
Update ChangeLog to include changes in this branch.
|
2019-01-17 11:24:40 +00:00 |
Jim Hague
|
814ee2c4cf
|
Fix more gcc 8 warnings.
As warnings, these cause builds to fail when running the test suite.
|
2019-01-17 11:23:39 +00:00 |
Jim Hague
|
09ca9a826b
|
Fix gcc 8 warnings.
|
2019-01-15 17:13:13 +00:00 |
Jim Hague
|
9024fd7736
|
Fix build with INTERCEPT_COM_DS defined.
Decide that layout of handling write results is more readable, and use with read too.
|
2019-01-15 15:34:33 +00:00 |
Jim Hague
|
ee6bc7d978
|
Remove development test erroneously checked in.
|
2019-01-15 12:39:02 +00:00 |
Jim Hague
|
6553aa3aad
|
The new minimum OpenSSL version means that Travis must switch to Xenial.
|
2019-01-15 12:11:13 +00:00 |
Jim Hague
|
8609a35e5b
|
GnuTLS: Add support for TLS 1.3.
|
2019-01-15 11:31:22 +00:00 |
Jim Hague
|
ccd6c3592d
|
GnuTLS: Can't set priority for SSL3.
|
2019-01-15 11:30:56 +00:00 |
Jim Hague
|
24774fefd6
|
Remove 'upstream' association with connection, now unused.
|
2019-01-15 11:01:58 +00:00 |
Jim Hague
|
9e4add2219
|
Merge branch 'develop' into feature/abstract-tls
|
2019-01-14 19:15:53 +00:00 |
Jim Hague
|
3fe0c94357
|
Merge branch 'develop' into feature/abstract-tls
|
2019-01-14 19:09:20 +00:00 |
Willem Toorop
|
66f63b21bc
|
Stubby with dns.google in stubby.yml.example
|
2019-01-11 14:52:40 +01:00 |
Willem Toorop
|
78d6bc30f5
|
Update stubby to 0.2.5
|
2019-01-11 13:04:07 +01:00 |
Jim Hague
|
51cb570809
|
Re-add support for OpenSSL prior to 1.1, but now require at least 1.0.2 and drop LibreSSL support.
|
2019-01-11 11:16:48 +00:00 |
Willem Toorop
|
35077bdc6d
|
Update ChangeLog & bumb version
|
2019-01-11 12:08:38 +01:00 |
Willem Toorop
|
411c5cf571
|
Git rid of * if in libgetdns.symbols
|
2019-01-07 12:08:26 +01:00 |
Willem Toorop
|
a4020a6841
|
mk-symfiles.sh improvent
to filter out #defines as intended.
Thanks Zero King
|
2019-01-07 11:33:21 +01:00 |
Willem Toorop
|
014ac3d368
|
Stubby with trust_anchors_backoff_time example config
|
2019-01-03 11:19:13 +01:00 |
Willem Toorop
|
426b6f67dd
|
Merge branch 'devel/no-tls1.3-in-cipher_list' into develop
|
2018-12-31 16:14:26 +01:00 |
Willem Toorop
|
bbe7dff257
|
No TLS1.3 ciphers in cipher_list only when ...
SSL_set_ciphersuites in OpenSSL API.
|
2018-12-31 16:13:20 +01:00 |
Willem Toorop
|
c69a2f7806
|
Merge branch 'ArchangeGabriel-patch-1' into devel/no-tls1.3-in-cipher_list
|
2018-12-31 16:09:55 +01:00 |
Bruno Pagani
|
1962c03b79
|
context: remove TLS13 cipher from cipher_list
TLS 1.3 ciphers have to be set in ciphersuites instead.
|
2018-12-23 11:31:27 +00:00 |
Willem Toorop
|
6f4d25e096
|
Merge branch 'release/1.5.0' into develop
|
2018-12-21 17:22:01 +01:00 |
Willem Toorop
|
309db67f8b
|
RFE getdnsapi/stubby#121 log re-instantiating TLS ...
... upstreams (because they reached tls_backoff_time) at log level 4 (WARNING)
|
2018-12-21 16:30:46 +01:00 |
Willem Toorop
|
345ed9a734
|
Final stubby update
|
2018-12-21 15:52:46 +01:00 |
Willem Toorop
|
4be406ce1f
|
Bump version
|
2018-12-21 15:40:13 +01:00 |
Willem Toorop
|
7c52883341
|
Remove truncated response from transport test
|
2018-12-21 12:44:51 +01:00 |
Willem Toorop
|
431f86f414
|
Make tests aware of NODATA == NO_NAME change
|
2018-12-21 12:10:19 +01:00 |
Willem Toorop
|
5247fc8de4
|
Mention RESPSTATUS_NO_NAME change in Changelog
|
2018-12-21 11:44:04 +01:00 |
Willem Toorop
|
13e1e36ba3
|
RESPSTATUS_NO_NAME when no answers found
(so for NODATA answers too)
|
2018-12-21 11:28:00 +01:00 |
Willem Toorop
|
ff1cdce6f8
|
s/explicitely/explicitly/g
Thanks Andreas Schulze
|
2018-12-20 15:06:01 +01:00 |
Jim Hague
|
65f4fbbc81
|
Make sure all connection deinits are only called if there is something to deinit.
|
2018-12-14 15:38:32 +00:00 |
Jim Hague
|
c1bf12c8a2
|
Update default GnuTLS cipher suite priority string to one that gives the same ciphers as the OpenSSL version.
Also fix deinit segfault.
./gnutls-ciphers "NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL"
Cipher suites for NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2 TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2
$ openssl ciphers -v TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
|
2018-12-14 15:24:13 +00:00 |
Willem Toorop
|
79459f5d1d
|
Merge branch 'release/1.5.0' into develop
|
2018-12-14 16:05:27 +01:00 |
Willem Toorop
|
36cb9b0243
|
We also always publish sha1 over tarballs
|
2018-12-14 13:45:22 +01:00 |
Willem Toorop
|
232f655663
|
trust_anchor_backoff_time also when appdata dir is not writable
|
2018-12-14 13:42:43 +01:00 |
Willem Toorop
|
e9060792dc
|
Merge branch 'release/1.5.0' into develop
|
2018-12-14 10:45:57 +01:00 |