b446bfdf11
Enable debugging symbols for better valgrind output
2019-12-19 14:56:12 +00:00
61dffd0e35
Fail eventloop test on errors
2019-12-19 12:45:47 +00:00
8b2e8c2be3
Memory leak via libunbound in FreeBSD11.3
2019-12-19 11:29:40 +00:00
a78b963aa9
Make check timeout larger than getdns timeout
...
- when timeout should be expected
2019-12-19 10:44:22 +00:00
489022dcb9
Some tests that use valgrind aren't flagged as such. Fix this.
2019-12-18 11:14:12 +00:00
0226096974
Suppress memory leak in libunbound to get test 125 passing on Bionic.
2019-12-18 10:23:45 +00:00
52cb444065
Update all submodules with .gitattributes
2019-12-16 16:27:28 +01:00
7d2e255ead
git-archive-all.sh based makedist file
2019-12-16 15:36:53 +01:00
60307d88fd
Merge pull request #447 from getdnsapi/feature/cmake
...
Feature/cmake
2019-12-16 12:33:12 +01:00
3e373ab2af
Now with actual fix for multiple localhost addresses
2019-12-16 12:05:29 +01:00
aafdba690d
Server capabilities test, listen on single localhost IPv4 address
2019-12-16 11:54:00 +01:00
0fbe0dccc3
Debugging server capability testing
2019-12-16 11:47:40 +01:00
f1ea127e7a
NLnet Labs reversed space takes long to lookup...
2019-12-16 11:04:49 +01:00
e2813299ee
Target everything does not exist with me ...
...
.. but did exist in travis???
2019-12-13 16:19:29 +01:00
39e2c8a33e
replace '//' with #ifdef 0 / #endif
...
because my compiler complains about it for some reason
2019-12-13 11:34:14 +01:00
17784bd3f5
Try to fix yxml
2019-12-13 11:29:34 +01:00
e28ee2b0e0
New commits in yxml
2019-12-10 15:21:51 +01:00
d92a91e771
Fix up unit tests for all the event loops.
...
Various housekeeping
2019-11-29 10:50:49 +00:00
33774228a3
Missed one SOA that is not returned
2019-11-28 16:42:42 +00:00
0fc75dfbaf
Work around issue in cmake (after 3.5 but fixed in 3.12) where object libraries could not be used with target_link_library().
...
Tweak libcheck/windows logic.
Hacks to make tests pass with strange bionic system resolver behaviour
Add to README that xenial doesn’t have libunbound-dev 1.5.9 packaged
2019-11-28 16:22:45 +00:00
26d678b344
More update to README
...
v. minor updates to tests to clean up output
2019-11-18 20:41:28 +00:00
38f59b7bea
Remove libidn support
...
More updates to README
2019-11-18 14:05:50 +00:00
fa72271221
Add simple test to run stubby
2019-11-15 16:35:56 +00:00
2925c7e80b
Add verbose on failure output to unit tests
2019-11-15 15:52:39 +00:00
323e6a6ba6
Update submodules and fix issue with loading local hosts
2019-11-15 14:29:33 +00:00
499555b8a5
More fixes for remaining tests..
2019-11-14 17:58:11 +00:00
d59380fca0
Start work on remaining tests
2019-11-14 14:40:24 +00:00
1cca550799
Fix lib name on linux
2019-11-14 14:05:47 +00:00
ffbc49cc2d
Get all of the tests run by ‘run-all.sh’ working apart from those that require valgrind…….
...
update stubby commit and ymlx commit to remove build warnings
2019-11-14 11:36:18 +00:00
3f6203bf0f
platform: Prefer poll.h to sys/poll.h
...
sys/poll.h seems to be some GNU extension. musl warns about this:
warning redirecting incorrect #include <sys/poll.h> to <poll.h>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-11-03 14:30:34 -08:00
e00a79a240
Remove autoconf build and update to autoconf-less Stubby.
2019-11-01 12:27:10 +00:00
1cac86424e
Fix build problem with ENABLE_DEBUG_STUB when not using ENABLE_DEBUG_ALL.
2019-11-01 10:44:55 +00:00
0e432cc7c2
Add option to build Doxygen.
...
This requires a change to the Doxyfile. I can't see a way to avoid this.
2019-10-31 13:41:04 +00:00
ea09baf376
Fix Windows build failure when libunbound is present.
2019-10-29 17:42:21 +00:00
5bab6921bd
Get libevent.c building under Windows.
2019-10-29 15:59:15 +00:00
87177cc103
Add a Windows implementation of getdns_context_set_resolvconf().
...
Have it return GETDNS_RETURN_NOT_IMPLEMENTED. This function is listed in the shared library exports, and it's part of the official API, so we need it.
2019-10-18 19:04:17 +01:00
cd62f2b716
Don't include OpenSSL headers in config.h.
...
Add an include of stdlib.h to various files that were relying on config.h to drag it in. I don't think config.h should be pulling in standard C headers.
2019-10-15 18:37:10 +01:00
a2d09d2be5
Fix type warning on Windows.
2019-10-15 16:56:34 +01:00
73e8e4653d
Update to latest fix of ssl_dane.c for Windows.
2019-10-15 16:55:16 +01:00
dd70108558
Windows does not have mkstemp(). Add compat version.
...
The compat version is Windows-specific.
2019-10-15 16:54:13 +01:00
323d76d7ae
Add the rest of the compat functions to the build, if required.
...
Remove any preprocess guards from the sources, and only include them in the build if required. Add some additional required Windows libraries.
2019-10-15 16:53:03 +01:00
5db0d03b13
Enable building on Windows with Visual Studio.
...
The change mostly consists of removing or replacing non-standard (usually POSIX) header includes.
Guards for replacements for inet_ntop(), inet_pton() and gettimeofday() are updated; the first two are macros on Windows, so the guards are changed to HAVE_DECL. gettimeofday() is present on MinGW builds but not Visual Studio, so that has a function check.
2019-10-15 10:09:17 +01:00
416c55734b
Optimize local addresses enumeration with old uClibc
...
uClibc 0.9.30rc1 - 0.9.32rc5 has bug - getaddrinfo() does not accept numeric
service without any hints. As the related side effect, hint struct with
ai_socktype == 0 (unspec) and ai_protocol == 0 (unpsec) gives the same
EAI_SERVICE error instead of same address with different proto enumebration.
For more details please refer https://bugs.busybox.net/show_bug.cgi?id=3841 and
https://git.uclibc.org/uClibc/commit/?id=bc3be18145e4d57e7268506f123c0f0f373a15e2
Since 0.9.3x uClibc versions are still not somewhat unique in embedded (issue
https://github.com/getdnsapi/stubby/issues/124 as example) and non-zero
ai_socktype allows to avoid address dups for each supported UDP/TCP/etc proto,
seems worth to have it specified, as a minor memory allocation optimization at
least.
SOCK_DGRAM vs SOCK_STREAM choice doesn't really matter here, both are actually
used for DNS and both are non-zero, no difference is expected on *nix. So
SOCK_DGRAM selected due original comment only.
2019-04-25 03:31:56 +05:00
4f4ed98112
Fix build error with gnu99 compilers
...
Typedefs sha256_pin_t & getdns_log_config multiple declaration in context.h,
tls.h and tls_internal.h causes build error with some gnu99 compilers, even
if the redefinition is identical.
One possible way is to protect each occurence with ifdefs, but it seems too
brute, other one is to keep typedef in context.h only and use struct types
in recently added tls* scope.
Error example:
../libtool --quiet --tag=CC --mode=compile arm-brcm-linux-uclibcgnueabi-gcc
-std=gnu99 -I. -I. -I./util/auxiliary -I./tls -I./openssl -I./../stubby/src
-Wall -Wextra -D_BSD_SOURCE -D_DEFAULT_SOURCE ... -c ./convert.c -o convert.lo
In file included from ./context.h:53:0,
from ./util-internal.h:42,
from ./convert.c:50:
./tls.h:45:27: error: redefinition of typedef 'sha256_pin_t'
./openssl/tls-internal.h:57:27: note: previous declaration of 'sha256_pin_t' was here
In file included from ./util-internal.h:42:0,
from ./convert.c:50:
./context.h:133:3: error: redefinition of typedef 'sha256_pin_t'
./tls.h:45:27: note: previous declaration of 'sha256_pin_t' was here
./context.h:267:3: error: redefinition of typedef 'getdns_log_config'
./openssl/tls-internal.h:58:34: note: previous declaration of 'getdns_log_config' was here
2019-04-12 01:40:51 +05:00
b22768709a
Runtime fallback and FreeBSD compatible TFO
2019-04-03 12:24:09 +02:00
b6e290f42a
Fix compiling for debugging
2019-04-03 11:51:35 +02:00
0a1883047d
Don't transmit an extra NULL byte in the anchor fetch HTTP request
...
When calculating HTTP request buffer size tas_connect() unnecessarily adds
an extra octet for the terminating NULL byte.
The terminating NULL was already accounted for by sizeof(fmt), however,
since sizeof("123") = 4.
The extra NULL byte at the end of the anchor fetch HTTP request resulted
in an extra "501 Not implemented" HTTP response from the trust anchor
server.
2019-03-24 00:51:20 +01:00
99e32f1e46
Increase anchor fetch timeout in tas_doc_read()
...
tas_doc_read() uses a very short 50 msec network read timeout which makes
fetching trust anchors pretty much impossible on high-latency connections
like 3G.
Use a 2 second read timeout, just like the other tas_read_cb() callback
setter does.
2019-03-24 00:50:49 +01:00
342b1090f8
Declarations are always defined
2019-03-15 17:22:31 +01:00
754d65eb6d
Correct dependencies
2019-03-15 16:58:10 +01:00
324370c537
GnuTLS with Zero configuration DNSSEC
2019-03-15 16:50:10 +01:00
7438de712a
Issue #422 : Update server & client TFO
...
Seems to work for TLS now too.
At least on Linux.
Thanks Craig Andrews
2019-03-15 12:13:38 +01:00
99d15b999c
Issue #423 : Fix insecure delegation detection while scheduling
2019-03-13 14:21:06 +01:00
968e914e94
Avoid build errors if $sysconfdir or $runstatedir contain a space.
...
Building on Windows was failing if sysconfdir was, e.g. C:\Program Files.
2019-02-21 14:37:25 +00:00
acc9b1cbd5
Typo and unused parameter warning
2019-02-15 13:46:28 +01:00
30367dada2
space needed for unit test to succeed
2019-02-15 13:43:28 +01:00
034b775e5c
DOA & AMTRELAY RR types implementation
2019-02-15 13:36:39 +01:00
71b773ab2f
'"' needs to be escaped too in json
2019-02-15 10:44:49 +01:00
c3d0afd47d
Issue #419 : Escape backslashes when printing json
...
Thanks boB Rudis
2019-02-15 10:29:39 +01:00
97ac5d3ddc
Merge branch 'develop' of github.com:getdnsapi/getdns into develop
2019-02-04 15:46:46 +01:00
0fef131e9b
bugfix #418 duplicate ,'s in Windows build
2019-02-04 15:46:10 +01:00
c68f5a7a8d
Fix various build warnings uncovered on NetBSD w/pkgsrc.
...
The isxxxx() and toxxxx() functions have a limited well-defined
input value range, namely that of "unsigned char" plus EOF. Cast
args accordingly.
Bring strncasecmp() into scope by including <strings.h>.
2019-01-28 11:24:10 +01:00
7c1b43b420
Fix sole pinset validation with ssl_dane library
2019-01-23 14:33:35 +00:00
cad7eb2461
Probably the strlcpy
2019-01-23 14:06:04 +01:00
f72fe60035
Cannot reuse qname (via name) after read_line_cb..
...
.. returns.
2019-01-23 13:55:29 +01:00
e657024531
Run all unit tests again
2019-01-23 12:50:44 +01:00
35f2ce37c0
Restore original serve delays
2019-01-23 12:49:22 +01:00
c4bd91b196
Merge remote-tracking branch 'jim/feature/abstract-tls' into devel/abstract-tls
2019-01-23 12:46:07 +01:00
d71dccaf2c
- Nested getdns_context_runt() prevention
...
- Fix address query with qname and missing qtype for -I and -F too
- disable tiny delay again
2019-01-23 12:43:20 +01:00
cdc0d43315
Correct auth state thinko. Spotter credit to Willem.
2019-01-23 11:34:02 +00:00
8980f5f5ee
Fix nested scheduling with getdns_query -F and -I
...
+ add 1 millisecond delay between batched queries, just because...
2019-01-23 11:41:00 +01:00
0af9a629f4
Does smaller delay make a difference?
2019-01-23 10:50:57 +01:00
ac379787a2
Reassure clang static analyzer that all is OK
2019-01-23 10:29:20 +01:00
79fbef07d8
type specifier misplaced by #ifdef unclarity
2019-01-23 10:27:17 +01:00
814ee2c4cf
Fix more gcc 8 warnings.
...
As warnings, these cause builds to fail when running the test suite.
2019-01-17 11:23:39 +00:00
09ca9a826b
Fix gcc 8 warnings.
2019-01-15 17:13:13 +00:00
9024fd7736
Fix build with INTERCEPT_COM_DS defined.
...
Decide that layout of handling write results is more readable, and use with read too.
2019-01-15 15:34:33 +00:00
8609a35e5b
GnuTLS: Add support for TLS 1.3.
2019-01-15 11:31:22 +00:00
ccd6c3592d
GnuTLS: Can't set priority for SSL3.
2019-01-15 11:30:56 +00:00
24774fefd6
Remove 'upstream' association with connection, now unused.
2019-01-15 11:01:58 +00:00
3fe0c94357
Merge branch 'develop' into feature/abstract-tls
2019-01-14 19:09:20 +00:00
51cb570809
Re-add support for OpenSSL prior to 1.1, but now require at least 1.0.2 and drop LibreSSL support.
2019-01-11 11:16:48 +00:00
411c5cf571
Git rid of * if in libgetdns.symbols
2019-01-07 12:08:26 +01:00
a4020a6841
mk-symfiles.sh improvent
...
to filter out #defines as intended.
Thanks Zero King
2019-01-07 11:33:21 +01:00
bbe7dff257
No TLS1.3 ciphers in cipher_list only when ...
...
SSL_set_ciphersuites in OpenSSL API.
2018-12-31 16:13:20 +01:00
1962c03b79
context: remove TLS13 cipher from cipher_list
...
TLS 1.3 ciphers have to be set in ciphersuites instead.
2018-12-23 11:31:27 +00:00
309db67f8b
RFE getdnsapi/stubby#121 log re-instantiating TLS ...
...
... upstreams (because they reached tls_backoff_time) at log level 4 (WARNING)
2018-12-21 16:30:46 +01:00
7c52883341
Remove truncated response from transport test
2018-12-21 12:44:51 +01:00
431f86f414
Make tests aware of NODATA == NO_NAME change
2018-12-21 12:10:19 +01:00
13e1e36ba3
RESPSTATUS_NO_NAME when no answers found
...
(so for NODATA answers too)
2018-12-21 11:28:00 +01:00
ff1cdce6f8
s/explicitely/explicitly/g
...
Thanks Andreas Schulze
2018-12-20 15:06:01 +01:00
65f4fbbc81
Make sure all connection deinits are only called if there is something to deinit.
2018-12-14 15:38:32 +00:00
c1bf12c8a2
Update default GnuTLS cipher suite priority string to one that gives the same ciphers as the OpenSSL version.
...
Also fix deinit segfault.
./gnutls-ciphers "NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL"
Cipher suites for NONE:+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305:+ECDHE-RSA:+ECDHE-ECDSA:+SIGN-RSA-SHA384:+AEAD:+COMP-ALL:+VERS-TLS-ALL:+CURVE-ALL
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_ECDHE_RSA_AES_128_GCM_SHA256 0xc0, 0x2f TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305 0xcc, 0xa8 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2 TLS1.2
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305 0xcc, 0xa9 TLS1.2
$ openssl ciphers -v TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20-Poly1305 Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20-Poly1305 Mac=AEAD
2018-12-14 15:24:13 +00:00
232f655663
trust_anchor_backoff_time also when appdata dir is not writable
2018-12-14 13:42:43 +01:00
990372329c
typo
2018-12-13 15:26:13 +01:00
dc6bb0fa52
Something wrong with /etc/hosts?
2018-12-13 15:24:37 +01:00
eecc18703a
Issue found with static analysis
2018-12-13 15:24:27 +01:00
154f98e321
Update consts
2018-12-13 15:24:19 +01:00
93b7cb6a01
ZONEMD rr-type
2018-12-13 14:53:41 +01:00
a4590bafcb
Implement reading CAs from file or dir.
...
I found gnutls_certificate_set_x509_trust_(file|dir)(), so it's a lot
easier than I feared. Plus a little diggiing shows that if you're
loading the system defaults, GnuTLS on Windows does load them from the
Windows certificate store.
2018-12-13 13:33:54 +00:00
Willem Toorop
Jim Hague
Sara Dickinson
Rosen Penev
Vladislav Grishenko
Maciej S. Szmigiero
Havard Eidnes
Bruno Pagani
Jim Hague