interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,788 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2047 Commits

Author SHA1 Message Date
Jim Hague 3666d994a7 Add 'keepalive' test and supporting changes to getdns library. 
Checking for server support for keepalive means we need to know if the server did send a keepalive option to the client. This information is not currently exposed in getdns, so add a flag 'server_keepalive_received' to call_reporting. This is 0 if not received, 1 if received. If received, the actual timeout is in 'idle timeout in ms', though watch out for the overflow alternative.
 2018-01-17 15:17:20 +00:00
Jim Hague a4ff6de985 Add 'tls-padding' test. 2018-01-16 12:59:03 +00:00
Jim Hague fdafb458ef Decide we don't want return_both_v4_and_v6 on queries. 2018-01-16 12:19:33 +00:00
Jim Hague b8424e494d Fix up some small usage typos, and don't report result if issuing test usage message. 2018-01-16 11:05:16 +00:00
Jim Hague 5ea0edf262 Update usage. 2018-01-15 17:42:57 +00:00
Jim Hague 8dc3a84735 Add options specifying transport. 2018-01-15 17:42:43 +00:00
Jim Hague 3438c68591 Prefix TLS-only options with 'tls-'. 2018-01-15 13:26:09 +00:00
Jim Hague 08b5976f9c Decouple from getdns config. This is now a pure getdns client. 2018-01-15 13:19:48 +00:00
Jim Hague 3298b5cd50 Extract common processing into search_check() and parse_search_check(). 2018-01-15 12:37:57 +00:00
Jim Hague cb7af33488 Some tests imply TLS. Explicitly make sure these always go over TLS. 2018-01-15 11:28:11 +00:00
Jim Hague 77a5a15cdf Minor output corrections. 2018-01-15 11:02:14 +00:00
Jim Hague 22996bf07d If TLS auth name given, lookup is to go over TLS. 2018-01-15 11:00:12 +00:00
Jim Hague c0d7d2c279 Print exit status at end of main output line. 2018-01-15 10:27:10 +00:00
Jim Hague 5d4bc8bc96 Add rtt test. 2018-01-15 10:16:26 +00:00
Jim Hague b9312e790f Correct certificate expiry custom threshold handling. 2018-01-15 10:01:01 +00:00
Jim Hague 3258fdfd5a Tabs? Spaces? Currently both, switch to spaces only. 2018-01-14 23:28:55 +00:00
Jim Hague 379662a3f3 Add plain lookup test. 2018-01-14 13:41:44 +00:00
Jim Hague 60118e9241 Improve cert-valid argument order to most likely first. 2018-01-13 14:56:55 +00:00
Jim Hague e7618321ce Add cert-valid test. 2018-01-12 18:21:38 +00:00
Jim Hague e597daa4c0 Add 'auth' test. 2018-01-12 17:23:42 +00:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Norbert Copones 0fa6d1fe2d src/stub.c: LibreSSL has hostname verification turned on by default 2018-01-12 05:44:27 +08:00
Willem Toorop d44237554d No warnings from danessl allowed 2018-01-11 12:40:01 +01:00
Willem Toorop dd433ede68 Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-01-10 14:36:43 +01:00
Willem Toorop a746ea5e08 Dependencies 2018-01-10 14:36:33 +01:00
Willem Toorop 6b4446c7cd Suppress compiler warnings in danessl library 2018-01-10 14:34:25 +01:00
Willem Toorop 712617e568 Dead assignment (without stub debugging) 2018-01-10 13:54:18 +01:00
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00
Willem Toorop 9e34588f19 logic error 2018-01-08 16:04:40 +01:00
Willem Toorop 546b75a9b1 libidn2 support. Thanks Paul Wouters 2018-01-08 12:54:48 +01:00
Willem Toorop a1e5cc44a0 Add https://github.com/vdukhovni/ssl_dane submodule 2018-01-08 10:33:25 +01:00
Willem Toorop 608189710c Log printing in getdns_query 2018-01-04 16:35:22 +01:00
Willem Toorop 2471f43dea Less logging with successful authenticated upstreams 2018-01-04 16:15:50 +01:00
Willem Toorop 540735a956 Check pins with DANE functions when available 2018-01-04 15:58:09 +01:00
Willem Toorop 03d4950470 We need to set transport list before first query 
(this needs to be reviewed...)
 2017-12-21 16:49:19 +01:00
Willem Toorop 9aa1d067d2 Detect dnsmasq and skip the unit test that fails with it 
This actually resolves issue #300
Thanks Tim Rühsen and Konomi Kitten
 2017-12-21 16:21:10 +01:00
Willem Toorop aa419a88d0 Skip some more truncation issues with dnsmasq 2017-12-21 16:01:48 +01:00
Willem Toorop 81ffa2f48d Skip test that breaks with dnsmasq 
when SKIP_DNSMASQ_ISSUE variable is test.
Helps out a little with issue #300
 2017-12-21 15:45:58 +01:00
Willem Toorop 0ef910b9ee read_buf's may remain on canceled tcp requests 2017-12-21 14:53:54 +01:00
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 8f88981efe rename set_cipher_list() to set_tls_cipher_list() 2017-12-21 11:35:05 +01:00
Willem Toorop 7fe3bd6a1f getdns_context_set_ciphers_list() 2017-12-20 13:13:02 +01:00
Willem Toorop 274bc9bc4a Merge branch 'develop' into release/1.2.2 2017-12-20 09:37:56 +01:00
Pascal Ernster 65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305 
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).

Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.

Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
 2017-12-15 20:01:30 +00:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop ac17d4ebed We need a specific install location for tests builds ... 
to not load default library
 2017-12-14 11:53:15 +01:00
wtoorop 9c35fa1643
Merge pull request #364 from saradickinson/move_macos_script 
Update makefile because a file in Stubby was moved
 2017-12-13 16:35:32 +01:00
Willem Toorop 0615457dfa Resolve constant conflict 2017-12-13 15:43:36 +01:00
Sara Dickinson d232353f93 Update makefile because a file in Stubby was moved 2017-12-13 14:22:52 +00:00
Willem Toorop 2c66487635 Merge branch 'devel/dnssec_meta_queries' into release/1.2.2 2017-12-13 14:52:00 +01:00
Willem Toorop 5f1a2f8659 Merge branch 'features/CA_verify_locations' into release/1.2.2 2017-12-13 14:49:42 +01:00
Willem Toorop a63e5edb86 trust-anchor meta queries need to be done opportunistic too 
In anticipation of DANE authenticated upstreams
 2017-12-13 12:58:24 +01:00
Willem Toorop e691312a3f Schedule DNSSEC meta queries against existing context 2017-12-13 12:50:03 +01:00
Willem Toorop 362d168380 no_dnssec_checking_disabled extension for internal use only 2017-12-13 12:36:02 +01:00
Willem Toorop d5518bad67 Return which extensions are set 
(for programs (Stubby) to know whether a context will do native dnssec validation or not)
 2017-12-13 11:12:49 +01:00
Willem Toorop da3f023d8f set_CApath() and set_CAfile() for alt verify locs 2017-12-12 15:10:37 +01:00
Willem Toorop 96ed06c6a9 Initialize context with given resolv.conf and hosts files 
- getdns_context_create with set_from_os set will simply call these
  functions with the defaults

+ filechg_check is simplified somewhat (reducting memory management)
+ get OpenSSL version version via get_api_information()
 2017-12-12 12:24:31 +01:00
Willem Toorop 01197f10ff Merge branch 'develop' into features/resolvconf 2017-11-29 15:25:50 +01:00
wtoorop b105faad7d
Merge pull request #360 from getdnsapi/bugfix/private_ecs_with_family 
Bugfix #359: edns_client_subnet_private should set family
 2017-11-28 16:59:37 +01:00
Willem Toorop 8c87028d77 Only get root-anchors.xml when BOGUS root dnskey... 
did have signatures which did not validate
 2017-11-28 16:58:12 +01:00
Willem Toorop 2a39b6e2e8 Handle the uninitialized memory error the brutal way 
Because clang (or valgrind with clang) is just wrong here
 2017-11-28 16:51:28 +01:00
Willem Toorop 72eb8628d0 Report on single unit tests too 2017-11-28 16:44:08 +01:00
Willem Toorop 543435d89d Clang bitfield issue 2017-11-28 16:40:17 +01:00
Willem Toorop 025f1cdff3 set_from_os last to initialize ... 
... because it is initialized with values from context itself!
I.e. context->tls_backoff_time, context->tls_connection_retries and context->log are used to initialize upstreams in upstreams_create() called from set_from_os
 2017-11-28 16:04:23 +01:00
Willem Toorop 30e440d35c Access of freed memory in stub DNSSEC cleanup code 
Should fix the latest core dump reported in getdnsapi/stubby#34
 2017-11-27 15:26:45 +01:00
Willem Toorop 323239be58 Scan valgrind logs for errors too 2017-11-27 15:02:32 +01:00
Willem Toorop 27847b9a0a Initialize context->sys_ctxt! 2017-11-23 13:23:00 +01:00
Willem Toorop 6afb02b2f1 Bugfix #359: edns_client_subnet_private should set family 
Thanks Daniel Areiza
 2017-11-23 13:20:42 +01:00
Willem Toorop c3cdf496e3 Meta queries to upstreams from resolvconf setting 2017-11-23 12:48:48 +01:00
Willem Toorop c0a3babe0a Separate sys_ctxt for meta queries 2017-11-23 12:44:40 +01:00
Willem Toorop 3e16075563 Test getdns_context_create2 with getdns_query 2017-11-23 12:26:40 +01:00
Willem Toorop ed6c7a6b58 getdns_context_create2 and family that set an ... 
... alternative resolvconf file
 2017-11-22 15:49:30 +01:00
Willem Toorop a7a6240202 Set default resolvconf and hosts during configure 2017-11-22 15:01:38 +01:00
Willem Toorop 3a1cb30c28 BOGUS answer because unable to fetch root DNSKEY... 
... should not cause segfault
 2017-11-21 15:38:49 +01:00
Willem Toorop 8821c1c8cf Merge branch 'release/1.2.1' into develop 2017-11-11 10:24:25 +08:00
Willem Toorop 260416a859 Ignore SIGPIPE signal (for not suddenly stopping) 2017-11-10 10:42:17 +01:00
Willem Toorop 6f20016889 default_trust_anchor_location in api_information 
instead of trust_anchor_file
 2017-11-10 10:35:41 +01:00
Sara Dickinson 26eb5b8969 Add DESTDIR to runstatedir creation path 2017-11-08 11:38:52 +00:00
wtoorop 168d83ac19
Merge pull request #353 from getdnsapi/devel/errno_handling 
Handle more harmless I/O error cases +
 2017-11-03 20:00:40 +01:00
Willem Toorop 439f41149b Last rename + explicit EMFILE check replacement 2017-11-03 16:42:38 +01:00
Willem Toorop 9b019b8c6e Check errno is not 0 before testing errors 2017-11-03 16:29:43 +01:00
Willem Toorop 4508ec77fb Few more renames 2017-11-03 16:26:19 +01:00
Willem Toorop 3b7b83e309 Review comments from Jim 2017-11-03 15:41:31 +01:00
Willem Toorop a8fac29a66 Handle more harmless I/O error cases + 
- never exit on I/O errors
- never stop listening on I/O errors
- extended platfrom.[ch] with _getdns_strerror()
 2017-11-03 13:50:13 +01:00
wtoorop b683cc4870
Merge pull request #352 from saradickinson/bugfix/make_runstatedir 
Make sure the runstatedir exists
 2017-11-03 13:42:52 +01:00
Sara Dickinson 4b8ea64140 Make sure the runstatedir exists 2017-11-02 16:55:25 +00:00
Willem Toorop 2434336ead Include all RRSIGs in validation chain 
Because we don't know algorithm support of other validators.

But still canonicalize the RRset with the one used to validate just because we can.
 2017-11-02 12:42:26 +01:00
Willem Toorop 7e103217c6 unsigned RRs in authority section with BIND 
when +CD flag is used
 2017-11-01 16:47:28 +01:00
Willem Toorop 270c3d654f Support DNSSEC validation without support records 2017-11-01 15:28:46 +01:00
Willem Toorop b4ae4b7121 Cannot fetch DNSKEY when in DNSKEY callback ... 
for the same name in full recursion
 2017-11-01 15:01:58 +01:00
Willem Toorop 4669956391 retry full recursion bogus answers only when... 
dnssec validation was requested in the first place
 2017-11-01 10:59:55 +01:00
Willem Toorop 09b4f6d57d One more _getdns_perror 2017-10-31 16:22:09 +01:00
Willem Toorop 12272dda36 Merge branch 'develop' into devel/robustness 2017-10-20 16:10:35 +02:00
Willem Toorop 971d876c70 Dependencies 2017-10-20 15:59:42 +02:00
Willem Toorop b2d32430f6 Merge branch 'develop' into features/mingw-win10-perror 2017-10-20 15:57:50 +02:00
Willem Toorop fc073267f1 Dead assignment 2017-10-19 14:14:37 +02:00
Willem Toorop f8e1ed78b8 Make upstream_reset static (and not shared between .c files) 2017-10-19 12:48:58 +02:00
Willem Toorop 5ce764ab70 Merge branch 'devel/robustness' into devel/robustness_bugfix 2017-10-19 12:37:53 +02:00
Willem Toorop 272d0cf0ef Allow clearing of upstreams 2017-10-19 12:35:10 +02:00
Sara Dickinson ddade192a3 Merge branch 'devel/robustness' of https://github.com/getdnsapi/getdns into devel/robustness_bugfix 2017-10-19 10:37:08 +01:00
Sara Dickinson 8886c5317d Fix 2 bugs: 
- backoff time was not incrementing correctly
- best authentication information state was not being kept for shutdowns during setup (needed if e.g. hostname authentication failed during handshake).
 2017-10-19 10:36:46 +01:00
Willem Toorop 87879783ec Postpone dealing with upstream derenferencing issue 2017-10-18 14:33:59 +02:00
Willem Toorop eedd1a1448 Eat incoming garbage on statefull transports 
Can deal with timed out queries that are answered anyway.
+ reset the upstream on failure always
  (since requests are rescheduled for fallback by upstream_failed now anyway)
 2017-10-17 16:58:01 +02:00
Willem Toorop dc5a78b154 Printing something which is not on stack 
(causing segfault in some cases)
 2017-10-17 14:19:59 +02:00
Willem Toorop f83c8e217e Decrease assumptions based on network_by_query_id 2017-10-17 13:47:29 +02:00
Willem Toorop ee4feb0cc6 Clean parallel builds too 2017-10-17 13:32:56 +02:00
Willem Toorop 11e4635f2b Dependencies 2017-10-17 13:32:41 +02:00
Willem Toorop ce4c44830d Unused variables 2017-10-16 15:26:00 +02:00
Willem Toorop 968d94d2be atomic netreq removal from write_queue in upstream_write_cb 2017-10-16 14:17:49 +02:00
Jim Hague 4ca8ee008b Add _getdns_perror(). On Windows this reports Winsock errors. 2017-10-06 18:15:18 +01:00
Jim Hague 34f4e13833 Have separate Windows DEBUG_NL() similar to DEBUG_ON(). 
This removes a build warning.
 2017-10-06 16:24:56 +01:00
Jim Hague 4b5303e6fb Merge branch 'features/mingw-win10' into features/mingw-win10-warnings 2017-10-06 15:28:10 +01:00
Jim Hague 5e415b60b6 Add missing platform.h include. 2017-10-06 15:04:49 +01:00
Jim Hague 74eaf4b03e Previous commit omitted platform.h. 2017-10-06 14:38:59 +01:00
Jim Hague eb6da94e25 Convert one more poll() to _getdns_poll(). 2017-10-06 12:07:47 +01:00
Jim Hague dc7daede40 Move Windows/Unix functions into new platform.h. 2017-10-06 12:07:15 +01:00
Jim Hague 0874a0a472 Use PRI format strings in wire2str.c and remove ARG_LL. 2017-10-05 19:17:12 +01:00
Jim Hague ff7c85ab20 Fix build errors introduced by a0c3134. 2017-10-05 12:43:35 +01:00
Jim Hague 0895522734 Merge branch 'develop' into features/mingw-win10 2017-10-05 10:52:06 +01:00
Jim Hague 1eae1ad96b Fix problem where Stubby stops listening to UDP on Win10. 
Winsock can return ECONNRESET when receiving UDP via recvfrom() if an ICMP Port Unreachable has been received. Rather than treat the socket as being in error and closing it, just ignore the error.
 2017-10-04 17:42:06 +01:00
Jim Hague 757becc812 write() on a socket is equivalent to send() with flag value of 0. 2017-10-04 17:32:52 +01:00
Jim Hague a0c313412d Adjust Unix socket/Winsock handling. 
Centralise it into util-internal.h, remove duplicate definitions from mdns, and add new pseudo-functions _getdns_closesocket(), _getdns_poll() and _getdns_socketerror(). Convert error values to simple values and convert error checking to use _getdns_socketerror() and the simple values. The simple values can also be used with the result from getsockopt() with SO_ERROR in stub.c.
 2017-10-04 17:31:33 +01:00
Willem Toorop ffc72ff253 Rearrange includes for finding inet_ntop on Windows 
+ make sure stubby is linked with initial LDFLAGS (i.e. static) as well
 2017-10-03 17:09:33 +02:00
Willem Toorop 3e221ebed5 Fix parallel make install's 2017-10-02 16:36:07 +02:00
Willem Toorop d1aebd3c24 Don't test hostname auth without support in libssl 2017-09-29 11:07:43 +02:00
Willem Toorop 23daf9aac3 Fix TLS authentication 2017-09-28 22:17:36 +02:00
Willem Toorop a9ba50dff1 Fail transport test on failures 2017-09-28 22:17:06 +02:00
Willem Toorop e75cf0b7a3 A missing symbol fails on macos 2017-09-28 20:21:10 +02:00
Willem Toorop c3df13b27c PATH_MAX can be in sys/limits.h too.. 
and must have a fallback value
 2017-09-28 19:45:16 +02:00
Willem Toorop 52a4500792 Signedness error 2017-09-28 15:13:57 +02:00
Willem Toorop 15eec724a5 Portable CR to CRLF conversion 2017-09-28 15:09:55 +02:00
Willem Toorop 078c50f1b2 fread with mingw32 compiled can return < file sz, 
because it automatically converts \r\n into \n
 2017-09-28 15:09:16 +02:00
Willem Toorop b9260f8fca Install Windows format stubby.yml on Windows 2017-09-27 16:24:32 +02:00
Willem Toorop 3ab01cf45d Dont do yaml tpkg test 2017-09-27 13:27:24 +02:00
Willem Toorop cefeed2b47 PRIsz usage like PRIu64 etc. 2017-09-27 13:15:12 +02:00
Willem Toorop 7ac289f726 dependencies 2017-09-27 13:07:11 +02:00
Willem Toorop a7fc760141 Dependencies 2017-09-27 12:47:01 +02:00
Willem Toorop bf2e08e2df Move yaml config handling to Stubby 2017-09-27 12:45:13 +02:00
Willem Toorop 114b5785f7 Doxygen documentation for Zero configuration DNSSEC 
+ rename of getdns_context_(get|set)_trust_anchor_*()
         to getdns_context_(get|set)_trust_anchors_*()
 2017-09-22 12:25:56 +02:00
Willem Toorop a3bfee7d0a Issues from unit tests 2017-09-22 11:12:27 +02:00
Willem Toorop da2aa634d3 Make appdata_dir configurable + 
settings via getdns_context_config()
 2017-09-21 17:06:29 +02:00
Willem Toorop 1b47ce4d10 Slightly different function prototypes 2017-09-21 12:38:49 +02:00
Willem Toorop 712f62a4c1 Things that came out of compiling on Windows 2017-09-21 11:03:38 +02:00
Willem Toorop 8897bdf18f dependencies 2017-09-20 15:55:24 +02:00
Willem Toorop 7c229c40cd Merge branch 'features/zeroconf-dnssec' into release/v1.2.0 2017-09-20 15:45:27 +02:00
Willem Toorop fbc1526f47 Merge branch 'devel/compile-on-windows' into release/v1.2.0 2017-09-20 15:40:31 +02:00
Willem Toorop e6536bb2ef Typo 2017-09-20 15:18:43 +02:00
Willem Toorop 36943a4380 A dnsreq is bogus if any of its netreqs is 2017-09-20 14:42:35 +02:00
Willem Toorop 17d7ee79f2 Fix NULL pointer dereference 2017-09-20 12:44:14 +02:00