interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,601 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1908 Commits

Author SHA1 Message Date
Willem Toorop 97cc67d026 s/CApath/tls_ca_path/g s/CAfile/tls_ca_file/g 2017-12-21 13:08:01 +01:00
Willem Toorop ae38a29a50 Upstream specific tls_cipher_list's 2017-12-21 12:30:15 +01:00
Willem Toorop 8f88981efe rename set_cipher_list() to set_tls_cipher_list() 2017-12-21 11:35:05 +01:00
Willem Toorop 7fe3bd6a1f getdns_context_set_ciphers_list() 2017-12-20 13:13:02 +01:00
Willem Toorop 274bc9bc4a Merge branch 'develop' into release/1.2.2 2017-12-20 09:37:56 +01:00
Pascal Ernster 65c7a738eb
Add support for TLS 1.3 and Chacha20-Poly1305 
Add support for TLS 1.3 (requires OpenSSL 1.1.1) and Chacha20-Poly1305 (requires OpenSSL 1.1).

Older OpenSSL versions will simply ignore ciphersuite specifications they don't understand and use the subset which they do unterstand.

Note that "EECDH" does *not* select anonymous cipher suites (as opposed to "kECDHE").
 2017-12-15 20:01:30 +00:00
Sara Dickinson 00d3232ba4 Fix windows build 2017-12-15 16:53:23 +00:00
Willem Toorop ac17d4ebed We need a specific install location for tests builds ... 
to not load default library
 2017-12-14 11:53:15 +01:00
wtoorop 9c35fa1643
Merge pull request #364 from saradickinson/move_macos_script 
Update makefile because a file in Stubby was moved
 2017-12-13 16:35:32 +01:00
Willem Toorop 0615457dfa Resolve constant conflict 2017-12-13 15:43:36 +01:00
Sara Dickinson d232353f93 Update makefile because a file in Stubby was moved 2017-12-13 14:22:52 +00:00
Willem Toorop 2c66487635 Merge branch 'devel/dnssec_meta_queries' into release/1.2.2 2017-12-13 14:52:00 +01:00
Willem Toorop 5f1a2f8659 Merge branch 'features/CA_verify_locations' into release/1.2.2 2017-12-13 14:49:42 +01:00
Willem Toorop a63e5edb86 trust-anchor meta queries need to be done opportunistic too 
In anticipation of DANE authenticated upstreams
 2017-12-13 12:58:24 +01:00
Willem Toorop e691312a3f Schedule DNSSEC meta queries against existing context 2017-12-13 12:50:03 +01:00
Willem Toorop 362d168380 no_dnssec_checking_disabled extension for internal use only 2017-12-13 12:36:02 +01:00
Willem Toorop d5518bad67 Return which extensions are set 
(for programs (Stubby) to know whether a context will do native dnssec validation or not)
 2017-12-13 11:12:49 +01:00
Willem Toorop da3f023d8f set_CApath() and set_CAfile() for alt verify locs 2017-12-12 15:10:37 +01:00
Willem Toorop 96ed06c6a9 Initialize context with given resolv.conf and hosts files 
- getdns_context_create with set_from_os set will simply call these
  functions with the defaults

+ filechg_check is simplified somewhat (reducting memory management)
+ get OpenSSL version version via get_api_information()
 2017-12-12 12:24:31 +01:00
Willem Toorop 01197f10ff Merge branch 'develop' into features/resolvconf 2017-11-29 15:25:50 +01:00
wtoorop b105faad7d
Merge pull request #360 from getdnsapi/bugfix/private_ecs_with_family 
Bugfix #359: edns_client_subnet_private should set family
 2017-11-28 16:59:37 +01:00
Willem Toorop 8c87028d77 Only get root-anchors.xml when BOGUS root dnskey... 
did have signatures which did not validate
 2017-11-28 16:58:12 +01:00
Willem Toorop 2a39b6e2e8 Handle the uninitialized memory error the brutal way 
Because clang (or valgrind with clang) is just wrong here
 2017-11-28 16:51:28 +01:00
Willem Toorop 72eb8628d0 Report on single unit tests too 2017-11-28 16:44:08 +01:00
Willem Toorop 543435d89d Clang bitfield issue 2017-11-28 16:40:17 +01:00
Willem Toorop 025f1cdff3 set_from_os last to initialize ... 
... because it is initialized with values from context itself!
I.e. context->tls_backoff_time, context->tls_connection_retries and context->log are used to initialize upstreams in upstreams_create() called from set_from_os
 2017-11-28 16:04:23 +01:00
Willem Toorop 30e440d35c Access of freed memory in stub DNSSEC cleanup code 
Should fix the latest core dump reported in getdnsapi/stubby#34
 2017-11-27 15:26:45 +01:00
Willem Toorop 323239be58 Scan valgrind logs for errors too 2017-11-27 15:02:32 +01:00
Willem Toorop 27847b9a0a Initialize context->sys_ctxt! 2017-11-23 13:23:00 +01:00
Willem Toorop 6afb02b2f1 Bugfix #359: edns_client_subnet_private should set family 
Thanks Daniel Areiza
 2017-11-23 13:20:42 +01:00
Willem Toorop c3cdf496e3 Meta queries to upstreams from resolvconf setting 2017-11-23 12:48:48 +01:00
Willem Toorop c0a3babe0a Separate sys_ctxt for meta queries 2017-11-23 12:44:40 +01:00
Willem Toorop 3e16075563 Test getdns_context_create2 with getdns_query 2017-11-23 12:26:40 +01:00
Willem Toorop ed6c7a6b58 getdns_context_create2 and family that set an ... 
... alternative resolvconf file
 2017-11-22 15:49:30 +01:00
Willem Toorop a7a6240202 Set default resolvconf and hosts during configure 2017-11-22 15:01:38 +01:00
Willem Toorop 3a1cb30c28 BOGUS answer because unable to fetch root DNSKEY... 
... should not cause segfault
 2017-11-21 15:38:49 +01:00
Willem Toorop 8821c1c8cf Merge branch 'release/1.2.1' into develop 2017-11-11 10:24:25 +08:00
Willem Toorop 260416a859 Ignore SIGPIPE signal (for not suddenly stopping) 2017-11-10 10:42:17 +01:00
Willem Toorop 6f20016889 default_trust_anchor_location in api_information 
instead of trust_anchor_file
 2017-11-10 10:35:41 +01:00
Sara Dickinson 26eb5b8969 Add DESTDIR to runstatedir creation path 2017-11-08 11:38:52 +00:00
wtoorop 168d83ac19
Merge pull request #353 from getdnsapi/devel/errno_handling 
Handle more harmless I/O error cases +
 2017-11-03 20:00:40 +01:00
Willem Toorop 439f41149b Last rename + explicit EMFILE check replacement 2017-11-03 16:42:38 +01:00
Willem Toorop 9b019b8c6e Check errno is not 0 before testing errors 2017-11-03 16:29:43 +01:00
Willem Toorop 4508ec77fb Few more renames 2017-11-03 16:26:19 +01:00
Willem Toorop 3b7b83e309 Review comments from Jim 2017-11-03 15:41:31 +01:00
Willem Toorop a8fac29a66 Handle more harmless I/O error cases + 
- never exit on I/O errors
- never stop listening on I/O errors
- extended platfrom.[ch] with _getdns_strerror()
 2017-11-03 13:50:13 +01:00
wtoorop b683cc4870
Merge pull request #352 from saradickinson/bugfix/make_runstatedir 
Make sure the runstatedir exists
 2017-11-03 13:42:52 +01:00
Sara Dickinson 4b8ea64140 Make sure the runstatedir exists 2017-11-02 16:55:25 +00:00
Willem Toorop 2434336ead Include all RRSIGs in validation chain 
Because we don't know algorithm support of other validators.

But still canonicalize the RRset with the one used to validate just because we can.
 2017-11-02 12:42:26 +01:00
Willem Toorop 7e103217c6 unsigned RRs in authority section with BIND 
when +CD flag is used
 2017-11-01 16:47:28 +01:00