interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,799 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2057 Commits

Author SHA1 Message Date
Jim Hague 52421be5f4 Correct error checking result of _getdns_tls_context_set_ca(). 2018-11-20 15:12:10 +00:00
Jim Hague 1b0a09a23f Wrap hostname/certificate verification. 
This removes the last OpenSSL items from stub.c.
 2018-11-20 14:53:31 +00:00
Jim Hague fb73bcb77e Correct return value error from _getdns_tls_connection_(read|write)(). 2018-11-20 12:43:17 +00:00
Jim Hague 2e8c48544b Move pubkey-pinning implementation under openssl/. 2018-11-19 13:55:02 +00:00
Jim Hague aba0e2fb4c Move non-TLS-library specific parts of tls.h to ~/src/tls.h and have it include lib-specific tls-internal.h. 
Update dependencies.
 2018-11-19 09:49:54 +00:00
Jim Hague 5d353d9efb To aid proof-of-concept work, insist on OpenSSL 1.1.1 or later. 
Remove ssl_dane as now surplus to requirements.
 2018-11-16 17:58:29 +00:00
Jim Hague 0fd6fd4c5c Replace (one instance of) SSL_get_peer_certificate(). 2018-11-16 17:09:26 +00:00
Jim Hague 4b8c9d1bd7 Replace SSL_get_version(). 2018-11-15 17:53:37 +00:00
Jim Hague 09019bee75 Replace SSL_write(). 2018-11-15 17:53:29 +00:00
Jim Hague e7453522d5 Replace SSL_read(). 2018-11-15 17:51:52 +00:00
Jim Hague e22c01e212 tls_do_handshake: move handshake and check for new session into abstraction layer. 2018-11-15 14:28:04 +00:00
Jim Hague ffd1136e94 tls_create_object(): Move setting client state and auto-retry into connection_new and add setting connection session. 2018-11-15 13:23:00 +00:00
Jim Hague d9fdd4c10d Abstracting TLS; let's start with context only. 
Change data types in context.h and fix up context.c. Do minimal fixups to stub.c.
 2018-11-15 11:01:13 +00:00
Willem Toorop 9b4e8e9e91 X509_get_notAfter not in OpenSSL 1.1.1 anymore 2018-06-12 16:37:46 +02:00
Willem Toorop 884f6ddc5e DS is always a delegation and never at the apex 2018-06-10 16:57:40 +02:00
Willem Toorop 25231aa686 Fix finding signer of NSEC and NSEC3s 
Thanks Philip Homburg
 2018-06-08 21:39:59 +02:00
Willem Toorop 000fa94ae2 Sync ldns & utils with unbound 2018-05-22 12:44:13 +02:00
Willem Toorop 799bd2f6b1 Bugfix #399: Reinclude <linux/sysctl.h> in getentropy_linux.c 2018-05-15 08:11:55 +02:00
Willem Toorop e481273ff4 Last minute update 2018-05-11 13:20:08 +02:00
wtoorop 0510fb00d3
Merge pull request #397 from ehmry/tcp_sendto 
No TCP sendto without TCP_FASTOPEN
 2018-05-11 12:04:49 +01:00
wtoorop 7fe45a7012
Merge pull request #396 from saradickinson/bugfix/windows_certs 
Temporary fix for https://github.com/getdnsapi/stubby/issues/87. Dete…
 2018-05-11 11:51:33 +01:00
Willem Toorop 6c99e7b8a6 Bugfix getdnsapi/stubby#106: Core dump when ... 
printing certain configuration. Thanks Han Vinke
 2018-05-11 11:28:52 +02:00
Willem Toorop 98b1ff624a Memory loss with empty string bindata's 2018-05-11 11:23:19 +02:00
Emery Hemingway a6ec2b2449 No TCP sendto without TCP_FASTOPEN 2018-05-08 14:58:17 +02:00
Willem Toorop 7331717990 Fix for Fallback to current (working) directory (for appdata_dir). 2018-05-04 15:30:27 +02:00
Willem Toorop 99bfe4a287 Fallback to current (working) directory (for appdata_dir). 
To improve integration with system and service managers like systemd
See also getdnsapi/stubby#106
 2018-05-04 10:40:49 +02:00
Willem Toorop 3c355d425b Warnings are errors :( 2018-05-03 12:15:48 +02:00
Willem Toorop 101d602739 Travis output showed it was a bracket issue 2018-05-03 11:48:07 +02:00
Willem Toorop de7f007bf3 Without dl_iterate_phdr for now... 2018-05-03 11:40:44 +02:00
Willem Toorop f5c588c955 Need _GNU_SOURCE before config.h 2018-05-03 11:30:28 +02:00
Willem Toorop f0f101511b _GNU_SOURCE needed for struct dl_phdr_info from link.h 2018-05-03 11:21:11 +02:00
Willem Toorop 4f050facc3 Bugfix #394: Update src/compat/getentropy_linux.c 
in order to handle ENOSYS (not implemented) fallback.
Thanks Brent Blood
 2018-05-02 14:32:12 +02:00
Willem Toorop 9c01968048 DS and DNSKEY lookups for tld and sld immediately 
Resolves issue getdnsapi/stubby#99
 2018-05-01 17:07:16 +02:00
Willem Toorop 7fecf5a93d Allow NSEC spans starting from (unexpanded) wildcards 2018-05-01 13:19:24 +02:00
Willem Toorop a834d32718 Fix negative reversed IPv4 test 
which assumes 1.1.1.1.in-addr.arpa does not exist
 2018-04-23 14:05:02 +02:00
Willem Toorop 1b5b0ca799 Force trailing '\0' with string config settings 
Because even though it is added when parsing from JSON, it will be lost when the bindata is copied into a dict with getdns_dict_set_bindata.
 2018-04-23 15:11:20 +02:00
saradickinson ced112ca74 Temporary fix for https://github.com/getdnsapi/stubby/issues/87. Detect and ignore duplicate certs in the root store. 2018-04-05 18:35:07 +01:00
Willem Toorop 7548b095bc Doxygen fixes 2018-03-05 16:12:49 +01:00
Willem Toorop 8a2fc5f5a9 max_udp_backoff should not be public 
At least, not with this point release
 2018-03-05 12:42:27 +01:00
Robert Groenenberg eec6ec29dd [UDP] try upstreams in round-robin fashion when all yupstreams have failed 2018-03-05 12:03:20 +01:00
Robert Groenenberg f787c87137 Reset back_off on successful query 2018-03-05 12:02:01 +01:00
Robert Groenenberg a0fb2c8424 Limit back_off value to avoid very long retry interval 2018-03-05 12:01:52 +01:00
Willem Toorop fd5e0cdc02 Merge branch 'bugfix/388-endless-fallback-loop' into release/1.4.1 2018-03-05 11:52:36 +01:00
Willem Toorop e93b583a26 Merge branch 'devel/dnssec_issues' into release/1.4.1 2018-03-05 11:41:55 +01:00
Willem Toorop 0ff1839a6f Upstream reset on searchpath retry 2018-03-02 23:31:33 +01:00
Willem Toorop b178f94505 Don't retry an already tried upstream 2018-03-02 15:56:00 +01:00
Willem Toorop e29cfb6b6a Query for DS i.s.o. SOA to find zonecuts 
Because of broken setups that have zonecuts without SOA:

```
$ drill -T www.gslb.kpn.com A
.	518400	IN	NS	i.root-servers.net.
com.	172800	IN	NS	a.gtld-servers.net.
kpn.com.	172800	IN	NS	ns1.kpn.net.
kpn.com.	172800	IN	NS	ns2.kpn.net.
gslb.kpn.com.	3600	IN	NS	gss1.kpn.com.
gslb.kpn.com.	3600	IN	NS	gss2.kpn.com.
www.gslb.kpn.com.	10	IN	A	145.7.170.135
```

but

```
$ drill gslb.kpn.com SOA
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 48303
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; gslb.kpn.com.	IN	SOA

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 8 msec
;; SERVER: 185.49.140.100
;; WHEN: Fri Mar  2 14:13:21 2018
;; MSG SIZE  rcvd: 30
```
 2018-03-02 14:14:28 +01:00
Willem Toorop abc69f96fe Follow unsigned SOA's as insecure zonecut indication 
Should resolve issue #385
 2018-03-02 11:15:45 +01:00
Daniel Kahn Gillmor 9301f8970c Fix minor spelling and formatting. 
These issues were found with the codespell tool.
 2018-02-23 14:12:11 -08:00
Willem Toorop e705109f22 Fix tpkg dependencies 2018-02-22 15:02:11 +01:00