interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,911 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

2911 Commits

Author SHA1 Message Date
Jim Hague bedd3a02cf Revise concurrency test to use <n>.delay.getdnsapi.net. 
This gives more secure results than the previous method.
 2018-01-22 17:39:25 +00:00
Jim Hague 1e774a95f5 Don't rely on GCC extensions. 2018-01-22 16:49:53 +00:00
Jim Hague 8c3047dbe0 Add 'concurrent' test 
The concurrent test works by sending a known good query synchronously,
and then sending asynchronous queries for three random TLDs followed by
the known good query. The latter should be answerable from cache, and so
give a result before at least one of the random TLDs.
 2018-01-22 16:49:53 +00:00
Willem Toorop d38f233a80 Track readbuf free's 
As tcp_connection_destroy() might be called more than once per connection (depending on outstanding work)
 2018-01-22 16:56:48 +01:00
Jim Hague f9e4c9f853 Revise output. 
If in monitoring mode, make output conform to Nagios norms. This starts with the probe type and result, so we need to save output generated during the operation and print it at the end.

If not in monitoring mode, make the formatting more expansive.
 2018-01-22 14:36:54 +00:00
Jim Hague 0291e205fd Add TLS 1.3 test. 
Add a new item tls_version to call_reporting, containing the OpenSSL version string for the name of the protocol used for the connection.

The test does a normal lookup, but first sets the cipher list to TLS1.3 only ciphers. This will cause a Bad Context error at search time, so we can tell if the underlying OpenSSL library lacks TLS 1.3. The check the call reporting for a TLS version of "TLSv1.3".
 2018-01-19 15:56:40 +00:00
Jim Hague 62ad159f15 Update dnssec-validate. Check we can retrieve info for bogus domain, and remove must use TCP flag. 
Run a second query with the CD bit set and check that succeeds.
 2018-01-19 14:51:46 +00:00
Jim Hague 3fd4f7f240 Add 'dnssec-validate' test. 
This test checks whether the server does DNSSEC validation. If it manages to find an A record for dnssec-failed.org, it doesn't.
 2018-01-19 14:51:46 +00:00
Jim Hague 1a3025a405 If server does not return expected TXT in qname-min, return UNKNOWN not WARNING. 2018-01-18 17:17:16 +00:00
Jim Hague ea035fa82e Correct some code formatting. 2018-01-18 17:16:28 +00:00
Jim Hague f5322c701d Add more missing make targets causing test 105 to fail. 
It's amazing how fiddly it is to add a single executable/source file to the build.
 2018-01-18 11:49:16 +00:00
Jim Hague add818fea2 Remove dependency on timegm() when using OpenSSL < 1.0.2. 
Convert dates to Julian and diff. This is basically what ASN1_TIME_diff() does internally.

And that's quite enough near-pointless polishing here.
 2018-01-18 10:55:44 +00:00
Jim Hague 00c17dca14 Add to certificate time conversion to cope with pre-1.0.2 OpenSSL. Also tag printed time with UTC. 
The time parse with pre-1.0.2 is a best effort, and relies on timegm() to convert struct tm in UTC to time_t. There being attractive alternative. Isn't C time handling grotty?
 2018-01-17 18:38:28 +00:00
Willem Toorop 155b035cd8 Forgot to surround surround yaml include with defines 2018-01-17 17:07:36 +01:00
Jim Hague 760269acbd Make internal types POSIX-compliant by not naming them *_t. 
See: http://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xsh_chap02.html#tag_22_02_12_01

The change tacitly ignores the colossal number of coach and horses the entire world, including getdns, has stampeded through this POSIX hope for decades, but simply hopes for some small recognition when the Recording Angel tots up the damages.
 2018-01-17 15:35:56 +00:00
Jim Hague 6bd0f8b980 Encode exit status words in () to make it clear that it's not part of the sentence. 
'Server validates OK' -> 'Server validates (OK)'
 2018-01-17 15:24:17 +00:00
Jim Hague 3666d994a7 Add 'keepalive' test and supporting changes to getdns library. 
Checking for server support for keepalive means we need to know if the server did send a keepalive option to the client. This information is not currently exposed in getdns, so add a flag 'server_keepalive_received' to call_reporting. This is 0 if not received, 1 if received. If received, the actual timeout is in 'idle timeout in ms', though watch out for the overflow alternative.
 2018-01-17 15:17:20 +00:00
Jim Hague a4ff6de985 Add 'tls-padding' test. 2018-01-16 12:59:03 +00:00
Jim Hague fdafb458ef Decide we don't want return_both_v4_and_v6 on queries. 2018-01-16 12:19:33 +00:00
Jim Hague b8424e494d Fix up some small usage typos, and don't report result if issuing test usage message. 2018-01-16 11:05:16 +00:00
Jim Hague 5ea0edf262 Update usage. 2018-01-15 17:42:57 +00:00
Jim Hague 8dc3a84735 Add options specifying transport. 2018-01-15 17:42:43 +00:00
Jim Hague 3438c68591 Prefix TLS-only options with 'tls-'. 2018-01-15 13:26:09 +00:00
Jim Hague 08b5976f9c Decouple from getdns config. This is now a pure getdns client. 2018-01-15 13:19:48 +00:00
Jim Hague 3298b5cd50 Extract common processing into search_check() and parse_search_check(). 2018-01-15 12:37:57 +00:00
Jim Hague cb7af33488 Some tests imply TLS. Explicitly make sure these always go over TLS. 2018-01-15 11:28:11 +00:00
Jim Hague 77a5a15cdf Minor output corrections. 2018-01-15 11:02:14 +00:00
Jim Hague 22996bf07d If TLS auth name given, lookup is to go over TLS. 2018-01-15 11:00:12 +00:00
Jim Hague c0d7d2c279 Print exit status at end of main output line. 2018-01-15 10:27:10 +00:00
Jim Hague 5d4bc8bc96 Add rtt test. 2018-01-15 10:16:26 +00:00
Jim Hague b9312e790f Correct certificate expiry custom threshold handling. 2018-01-15 10:01:01 +00:00
Jim Hague 3258fdfd5a Tabs? Spaces? Currently both, switch to spaces only. 2018-01-14 23:28:55 +00:00
Jim Hague 379662a3f3 Add plain lookup test. 2018-01-14 13:41:44 +00:00
Jim Hague 60118e9241 Improve cert-valid argument order to most likely first. 2018-01-13 14:56:55 +00:00
Jim Hague e7618321ce Add cert-valid test. 2018-01-12 18:21:38 +00:00
Jim Hague e597daa4c0 Add 'auth' test. 2018-01-12 17:23:42 +00:00
Jim Hague 305daab9aa Add first version of getdns_server_mon. 
Currently only QNAME minimisation check is working.
 2018-01-12 16:11:48 +00:00
Norbert Copones 0fa6d1fe2d src/stub.c: LibreSSL has hostname verification turned on by default 2018-01-12 05:44:27 +08:00
Willem Toorop d44237554d No warnings from danessl allowed 2018-01-11 12:40:01 +01:00
Willem Toorop dd433ede68 Merge branch 'develop' into devel/spki_pinset_via_tlsa_checking 2018-01-10 14:36:43 +01:00
Willem Toorop a746ea5e08 Dependencies 2018-01-10 14:36:33 +01:00
Willem Toorop 6b4446c7cd Suppress compiler warnings in danessl library 2018-01-10 14:34:25 +01:00
Willem Toorop 712617e568 Dead assignment (without stub debugging) 2018-01-10 13:54:18 +01:00
Willem Toorop 7c5bdd5431 Use danessl submodule when OpenSSL version between 1.0.0 and 1.1.0 2018-01-10 12:47:14 +01:00
Willem Toorop 9e34588f19 logic error 2018-01-08 16:04:40 +01:00
Willem Toorop 546b75a9b1 libidn2 support. Thanks Paul Wouters 2018-01-08 12:54:48 +01:00
Willem Toorop a1e5cc44a0 Add https://github.com/vdukhovni/ssl_dane submodule 2018-01-08 10:33:25 +01:00
Willem Toorop 608189710c Log printing in getdns_query 2018-01-04 16:35:22 +01:00
Willem Toorop 2471f43dea Less logging with successful authenticated upstreams 2018-01-04 16:15:50 +01:00
Willem Toorop 540735a956 Check pins with DANE functions when available 2018-01-04 15:58:09 +01:00