interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,921 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2921 Commits

Author SHA1 Message Date
Willem Toorop d71dccaf2c - Nested getdns_context_runt() prevention 
- Fix address query with qname and missing qtype for -I and -F too
- disable tiny delay again
 2019-01-23 12:43:20 +01:00
Willem Toorop 8980f5f5ee Fix nested scheduling with getdns_query -F and -I 
+ add 1 millisecond delay between batched queries, just because...
 2019-01-23 11:41:00 +01:00
Willem Toorop 0af9a629f4 Does smaller delay make a difference? 2019-01-23 10:50:57 +01:00
Willem Toorop ac379787a2 Reassure clang static analyzer that all is OK 2019-01-23 10:29:20 +01:00
Willem Toorop 79fbef07d8 type specifier misplaced by #ifdef unclarity 2019-01-23 10:27:17 +01:00
Willem Toorop 2bd853bda5 Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls 2019-01-23 09:49:17 +01:00
Jim Hague 61cae868e3 Update ChangeLog to include changes in this branch. 2019-01-17 11:24:40 +00:00
Jim Hague 814ee2c4cf Fix more gcc 8 warnings. 
As warnings, these cause builds to fail when running the test suite.
 2019-01-17 11:23:39 +00:00
Jim Hague 09ca9a826b Fix gcc 8 warnings. 2019-01-15 17:13:13 +00:00
Jim Hague 9024fd7736 Fix build with INTERCEPT_COM_DS defined. 
Decide that layout of handling write results is more readable, and use with read too.
 2019-01-15 15:34:33 +00:00
Jim Hague ee6bc7d978 Remove development test erroneously checked in. 2019-01-15 12:39:02 +00:00
Jim Hague 6553aa3aad The new minimum OpenSSL version means that Travis must switch to Xenial. 2019-01-15 12:11:13 +00:00
Jim Hague 8609a35e5b GnuTLS: Add support for TLS 1.3. 2019-01-15 11:31:22 +00:00
Jim Hague ccd6c3592d GnuTLS: Can't set priority for SSL3. 2019-01-15 11:30:56 +00:00
Jim Hague 24774fefd6 Remove 'upstream' association with connection, now unused. 2019-01-15 11:01:58 +00:00
Jim Hague 9e4add2219 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:15:53 +00:00
Jim Hague 3fe0c94357 Merge branch 'develop' into feature/abstract-tls 2019-01-14 19:09:20 +00:00
Willem Toorop 66f63b21bc Stubby with dns.google in stubby.yml.example 2019-01-11 14:52:40 +01:00
Willem Toorop 78d6bc30f5 Update stubby to 0.2.5 2019-01-11 13:04:07 +01:00
Jim Hague 51cb570809 Re-add support for OpenSSL prior to 1.1, but now require at least 1.0.2 and drop LibreSSL support. 2019-01-11 11:16:48 +00:00
Willem Toorop 35077bdc6d Update ChangeLog & bumb version 2019-01-11 12:08:38 +01:00
Willem Toorop 411c5cf571 Git rid of * if in libgetdns.symbols 2019-01-07 12:08:26 +01:00
Willem Toorop a4020a6841 mk-symfiles.sh improvent 
to filter out #defines as intended.
Thanks Zero King
 2019-01-07 11:33:21 +01:00
Willem Toorop 014ac3d368 Stubby with trust_anchors_backoff_time example config 2019-01-03 11:19:13 +01:00
Willem Toorop 426b6f67dd Merge branch 'devel/no-tls1.3-in-cipher_list' into develop 2018-12-31 16:14:26 +01:00
Willem Toorop bbe7dff257 No TLS1.3 ciphers in cipher_list only when ... 
SSL_set_ciphersuites in OpenSSL API.
 2018-12-31 16:13:20 +01:00
Willem Toorop c69a2f7806 Merge branch 'ArchangeGabriel-patch-1' into devel/no-tls1.3-in-cipher_list 2018-12-31 16:09:55 +01:00
Bruno Pagani 1962c03b79
context: remove TLS13 cipher from cipher_list 
TLS 1.3 ciphers have to be set in ciphersuites instead.
 2018-12-23 11:31:27 +00:00
Willem Toorop 6f4d25e096 Merge branch 'release/1.5.0' into develop 2018-12-21 17:22:01 +01:00
Willem Toorop 309db67f8b RFE getdnsapi/stubby#121 log re-instantiating TLS ... 
... upstreams (because they reached tls_backoff_time) at log level 4 (WARNING)
 2018-12-21 16:30:46 +01:00
Willem Toorop 345ed9a734 Final stubby update 2018-12-21 15:52:46 +01:00
Willem Toorop 4be406ce1f Bump version 2018-12-21 15:40:13 +01:00
Willem Toorop 7c52883341 Remove truncated response from transport test 2018-12-21 12:44:51 +01:00
Willem Toorop 431f86f414 Make tests aware of NODATA == NO_NAME change 2018-12-21 12:10:19 +01:00
Willem Toorop 5247fc8de4 Mention RESPSTATUS_NO_NAME change in Changelog 2018-12-21 11:44:04 +01:00
Willem Toorop 13e1e36ba3 RESPSTATUS_NO_NAME when no answers found 
(so for NODATA answers too)
 2018-12-21 11:28:00 +01:00
Willem Toorop ff1cdce6f8 s/explicitely/explicitly/g 
Thanks Andreas Schulze
 2018-12-20 15:06:01 +01:00
Jim Hague 65f4fbbc81 Make sure all connection deinits are only called if there is something to deinit. 2018-12-14 15:38:32 +00:00
Jim Hague c1bf12c8a2 Update default GnuTLS cipher suite priority string to one that gives the same ciphers as the OpenSSL version. 
Also fix deinit segfault.

./gnutls-ciphers "NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL"
Cipher suites for NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  	0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  	0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                   	0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                0xc0, 0x2 TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                 0xcc, 0xa9 TLS1.2

$ openssl ciphers -v TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=ChaCha20-Poly1305 Mac=AEAD
 2018-12-14 15:24:13 +00:00
Willem Toorop 79459f5d1d Merge branch 'release/1.5.0' into develop 2018-12-14 16:05:27 +01:00
Willem Toorop 36cb9b0243 We also always publish sha1 over tarballs 2018-12-14 13:45:22 +01:00
Willem Toorop 232f655663 trust_anchor_backoff_time also when appdata dir is not writable 2018-12-14 13:42:43 +01:00
Willem Toorop e9060792dc Merge branch 'release/1.5.0' into develop 2018-12-14 10:45:57 +01:00
Willem Toorop 990372329c typo 2018-12-13 15:26:13 +01:00
Willem Toorop dc6bb0fa52 Something wrong with /etc/hosts? 2018-12-13 15:24:37 +01:00
Willem Toorop eecc18703a Issue found with static analysis 2018-12-13 15:24:27 +01:00
Willem Toorop 154f98e321 Update consts 2018-12-13 15:24:19 +01:00
Willem Toorop 93b7cb6a01 ZONEMD rr-type 2018-12-13 14:53:41 +01:00
Jim Hague a4590bafcb Implement reading CAs from file or dir. 
I found gnutls_certificate_set_x509_trust_(file|dir)(), so it's a lot
easier than I feared. Plus a little diggiing shows that if you're
loading the system defaults, GnuTLS on Windows does load them from the
Windows certificate store.
 2018-12-13 13:33:54 +00:00
Willem Toorop 41f4940072 Log messages about trust anchor fetching and installing 2018-12-13 14:23:32 +01:00