interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,168 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

1600 Commits

Author SHA1 Message Date
Willem Toorop 7550980be8 Loose bc dependency with tpkg 2016-03-10 14:37:00 +01:00
Willem Toorop 36e620d769 TCP handling on windows 2016-03-09 15:37:47 +01:00
Willem Toorop a83c54387d Reuse sync eventloop per context 
So recursive resolution can depend on and continue with outstanding queries it depends on
 2016-03-09 11:16:19 +01:00
Willem Toorop 70cc65f786 Replace default append_name setting 
to GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE
 2016-03-09 10:37:05 +01:00
Willem Toorop aeeadde299 Synchronous with pluggable event APIs again 2016-03-07 16:35:43 +01:00
Willem Toorop ebb892def1 Revert "Run context's event loop when doing sync requests" 
This reverts commit d50860c089.
 2016-03-04 12:08:46 +01:00
Willem Toorop 75ee40b98f Small improvements for ub_loop's 2016-03-04 11:52:50 +01:00
Willem Toorop 8e4dd05379 Anticipate magic number 2016-03-02 12:38:29 +01:00
Willem Toorop 4230961e9f Basic usage of unbound pluggable event loop 2016-03-01 16:29:37 +01:00
wtoorop 8f66d69286 Merge pull request #143 from wtoorop/bugfix/memory_leaks 
Fix memory leak with getdns_get_api_information()
 2016-02-26 12:26:53 +01:00
Willem Toorop 6fd05675aa Fix memory leak with getdns_get_api_information() 
Thanks Robert Groenenberg.
 2016-02-26 12:24:45 +01:00
Willem Toorop 4a4339f023 load gost algorithm if digest is seen before key algorithm 2016-02-26 12:20:16 +01:00
Willem Toorop 707b0d21c8 bugfix: don't reset skew 2016-02-11 11:27:03 +01:00
Willem Toorop 045d0d481c Offline dnssec validation at a given point in time 2016-02-11 11:24:22 +01:00
Willem Toorop e6f5cdb45b Merge branch 'develop' into devel/default_eventloop 2016-02-04 15:17:25 +01:00
wtoorop 60be402062 Merge pull request #139 from ln5/parsing-resolvconf 
Don't treat "domain" or "search" as a nameserver.
Thank you Linus
 2016-02-04 10:06:40 +01:00
Linus Nordberg 466302131e Don't treat "domain" or "search" as a nameserver. 
Continue the while fgets() loop as soon as we're done with "domain" or
"search".

Simplify the logic of the function by removing the if else constructs.
 2016-02-03 14:57:09 +01:00
unknown db4207f60d More review changes and made comments C style, req Willem. 2016-02-01 11:02:24 -05:00
unknown 170795ad06 More review changes and made comments C style, req Willem. 2016-02-01 10:56:45 -05:00
unknown f5290b6a68 add change from Sara to return if a cert conversion or add to store fails 2016-01-31 00:13:09 -05:00
unknown 504881fc6f Minor fixes to compile and run the CA trust store adapter from Windows to openopenSSL 2016-01-27 16:30:50 -05:00
Sara Dickinson 111794158c Improve Windows CA handling code 2016-01-27 12:50:16 +00:00
unknown 7e9563faed Added a wincrypt adapter to read CA trust certs from Windows CA store and feed them into openssl for TLS hostname authentication 2016-01-23 18:47:03 -05:00
Willem Toorop 24b58074bf Prevent chain checks to be performed too early 2016-01-20 13:09:18 +01:00
Willem Toorop d50860c089 Run context's event loop when doing sync requests 2016-01-20 11:10:53 +01:00
Willem Toorop ca36c879a0 Set unbound target fetch policy to on demand only 2016-01-20 10:21:05 +01:00
Willem Toorop ae2b16665b Setup getdns eventloop in libunbound 
When unbound supports this
 2016-01-19 16:52:11 +01:00
Willem Toorop 0c0868517c Remove leftover debugging printfs 2016-01-12 16:57:17 +01:00
Willem Toorop fed8cc51ed Initial TCP support for Windows 2016-01-12 16:54:42 +01:00
Willem Toorop 61c0a51ec5 Disable clearing ub_fd too (for windows) 2016-01-12 16:43:25 +01:00
Willem Toorop 2a6318afd2 Disable scheduling ub_fd() 2016-01-12 16:38:10 +01:00
Willem Toorop 4fd8d3dddd Replace mini_event extension by default_eventloop 
* default_eventloop was prototyped in getdns_query and is still in there as my_eventloop
  * It interfaces directly with the scheduling primitives of getdns.
  * It can operate entirely from stack and does not have to do
    any memory allocations or deallocations.

* Adapted configure.ac to allow libunbound to be linked with Windows
  (with the removal of winsock_event.c we have no symbol clashed anymore)

* Added STUB_TCP_WOULDBLOCK return code in stub_resolving helper functions,
  to anticipate dealing with edge triggered event loops (versus level triggered). (i.e. Windows)
 2016-01-12 15:52:14 +01:00
Willem Toorop 39f7e87f1a Get rid of unkown format specifiers on windows 2016-01-11 12:11:17 +01:00
Willem Toorop a970dd420f Deal with Windows vsnprintf behaviour 
+ a better situated DEBUG_STUB statement in getdns_query
 2016-01-10 12:29:37 +01:00
Sara Dickinson f8b041cd40 Bug fix for segmentation fault when using NULL pin. Unit test to come in later update. 2016-01-07 17:17:09 +00:00
Willem Toorop cf387ca3f2 Fixes for cross compiling 2016-01-07 15:32:23 +01:00
Willem Toorop 4d67db5b83 Bring gldns in sync with upstream unbound's sldns 2016-01-05 14:17:28 +01:00
Willem Toorop 16a82eede2 Deal with roadblock avoid. + stub-only at run time 
And make the single usage function validate_extension static
 2016-01-05 12:38:35 +01:00
Willem Toorop a58037904f Default is stub when compiling stub only 2016-01-05 12:30:58 +01:00
Sara Dickinson 1f9424ccf2 Fix output of get_api_settings functions 2016-01-05 09:25:49 +00:00
Willem Toorop f0bd64d57a Pretty print "bad_dns" list with constant names 2015-12-31 12:40:20 +01:00
Willem Toorop 03425d192d Miscellaneous Makefile issues 2015-12-31 11:53:46 +01:00
Willem Toorop 6b2d9a2d70 Unused var compile warning in certain conditions 2015-12-31 11:26:29 +01:00
Willem Toorop 08c0c4d6e4 Fixes from testing on different platforms 2015-12-30 14:39:11 +01:00
Willem Toorop 9b97eb9361 Update dependencies 2015-12-30 14:18:19 +01:00
Willem Toorop 1128ebdd54 Unit test fail with unimplemented follow_redirect 2015-12-30 14:10:36 +01:00
Willem Toorop 8c46e969d6 Notify for not implemented namespaces and ... 
follow_redirects.
 2015-12-30 13:55:45 +01:00
Willem Toorop 2a9dd53d8d Complement getdns_query documentation 
+ +specify_class extension
 2015-12-30 13:38:14 +01:00
Willem Toorop 11b0346ded Miscelaneous TSIG bugfixes 2015-12-30 12:25:58 +01:00
Willem Toorop 853bc6c150 Merge branch 'features/suffix_handling' into develop 2015-12-30 10:51:37 +01:00
Willem Toorop d85d395770 Options to getdns_query to test suffix appending 2015-12-30 10:44:08 +01:00
Willem Toorop 875ef3f9d4 Successive suffix append retries 2015-12-29 23:06:02 +01:00
Willem Toorop 89b6c04d4f First query append 2015-12-29 17:34:14 +01:00
Willem Toorop 54498cd556 Distinct between suffix and suffixes more clearly 2015-12-29 16:23:04 +01:00
Willem Toorop ebe3d361ea Returning strings does include the null byte 2015-12-29 16:17:17 +01:00
Willem Toorop 5a388386b4 Store suffixes in wireformat 2015-12-29 16:00:15 +01:00
Willem Toorop f91e263f09 Simplify _set_string functions 2015-12-29 15:57:55 +01:00
Willem Toorop f3e3e47e15 Implement bad_dns extension 2015-12-29 14:10:18 +01:00
Willem Toorop d79884f10a Replace ssize_t with int in conversion funcs tpkg 2015-12-24 16:22:38 +01:00
Willem Toorop 240b34e215 Missing file removals with distclean 2015-12-24 16:22:03 +01:00
Willem Toorop 3e2464af6d Changes that came out of portability tests 2015-12-24 15:28:12 +01:00
Willem Toorop a09a051ed5 New code, new dependencies... 2015-12-24 15:01:45 +01:00
Willem Toorop a2bdfb2f22 Merge branch 'features/windows-support' into develop 2015-12-24 14:44:18 +01:00
Willem Toorop 9d3905459e Miscellaneous fixes to compile on windows 
Also without warnings.
 2015-12-24 14:41:50 +01:00
saradickinson b777552f34 Merge pull request #131 from saradickinson/feature/pubkey-pinning 
Feature/pubkey pinning
 2015-12-24 10:13:53 +00:00
Willem Toorop caba5f19d5 Merge branch 'develop' into features/windows-support 2015-12-24 11:01:26 +01:00
Sara Dickinson f94798b237 Final mixups 2015-12-24 10:00:15 +00:00
Willem Toorop 8bde787703 Use mkstemp instead of tmpnam to eliminate warning 2015-12-24 10:50:58 +01:00
Willem Toorop 71b2a44945 Remove root_servers comment leftovers 2015-12-23 21:19:52 +01:00
Sara Dickinson 3afba25dad Update test case and changeling 2015-12-23 18:00:44 +00:00
Sara Dickinson a5027981d9 Change how the aliasing is done so the tpkg tests will pass 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 2a50f4d2ac Set tls_auth_failed when any present authentication mechanism fails 
We used to only have hostnames available.  now we have pubkey_pinsets
available as well.

We want upstream->tls_auth_failed to be 1 when any authentication
mechanism we've been asked for fails (and also when we haven't been
given any authentication mechanism at all).
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 57a04f61db Allow AUTHENTICATION_REQUIRED w/o hostname when pubkey pinset is available 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Sara Dickinson 792ecd65b8 Add missing constant to const-info.c 2015-12-23 18:00:43 +00:00
Sara Dickinson 2ce806c05b Tinker with debug statements/comments. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor a9eb9ccca9 Check that the pinset matches if it is configured 
if the upstream is configured to allow fallback, this will not be a
fatal error, but it will still be checked.

Future work:

 * verify any certs higher in the chain than the end-entity cert
 * deal with raw public keys
 * in the fallback case, report to the user whether the pinset match failed
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor d09675539e Provide access to the pinsets during the TLS verification callback 
We do this by associating a getdns_upstream object with the SSL object
handled by that upstream.

This allows us to collapse the verification callback code to a single
function.

Note that if we've agreed that fallback is ok, we are now willing to
accept *any* cert verification error, not just HOSTNAME_MISMATCH.
This is fine, because the alternative is falling back to cleartext,
which would be worse.

We also always set SSL_VERIFY_PEER, since we might as well try to do
so; we'll drop the verification error ourselves if we know we're OK
with falling back.
 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 614d317fd8 getdns_query: add -K option to attach pinsets to getdns_contexts. 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 0d2256df09 set and return the pubkey_pinsets on the upstream resolvers 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor b305f073fe add functions to translate between getdns_list and sha256_pin linked list 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 5e64f1262b add getdns_pubkey_pinset_sanity_check() 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 91f04ecd5e add getdns_pubkey_pin_create_from_string() 2015-12-23 17:59:50 +00:00
Willem Toorop 29b033c14c off-by-one bugfixes 2015-12-23 17:38:36 +01:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop 746c26dafc Update Makefile dependencies 2015-12-23 12:26:39 +01:00
Willem Toorop f9c2f96996 Fixes for miscelanous little zone parse errors 
Hopefully the tpkg test is more deterministic now too...
 2015-12-23 12:06:09 +01:00
Willem Toorop 11cd892662 Clean boundries on wireformat scans 2015-12-22 19:14:18 +01:00
Willem Toorop e4fa06a57b getdns_fp2rr_list conversion function 
+ private conversion functions that respect custom memory handlers
+ converage of more different example functions in 260-conversion-functions test package
 2015-12-22 18:37:24 +01:00
Willem Toorop 0cb513e9b7 Doc of (|_buf|_scan) style conversion funcs 
+ (|_buf|_scan) versions of most of the conversion directions.
+ mk-const-info handles new return_t's defines
 2015-12-22 16:04:43 +01:00
Willem Toorop 6519a05780 all debug config option for broadest src coverage 
With the 300 tpkg test
 2015-12-22 11:43:06 +01:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop 0a809cb7d8 Allow truncated answers to be returned 2015-12-22 10:56:20 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Willem Toorop 8a8a017fc5 Validate received TSIG reply 2015-12-22 01:03:31 +01:00
Willem Toorop 6c1e00fc3f Send TSIG 2015-12-21 22:11:16 +01:00
Sara Dickinson f55721d261 Update unit test. Since 0 is the default, it can be set via the function. 2015-12-21 17:36:59 +00:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson 91a73ab3d0 cleanup 2015-12-18 16:22:09 +00:00
Sara Dickinson 4165e874de Fix tests 2015-12-18 16:14:54 +00:00
Sara Dickinson 13ddf9ad83 Update constants 2015-12-18 16:14:54 +00:00
Sara Dickinson 3e97e1f032 Fix make file 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop bc2ec7cee3 Specify TSIG parameters with getdns_query 2015-12-18 15:16:48 +01:00
Willem Toorop 95e9fa1f35 Better/shorter tpkg descriptions 2015-12-18 14:09:30 +01:00
Willem Toorop 0129550130 Dependencies 2015-12-18 14:04:16 +01:00
Willem Toorop 54f3179c0e Fix libmini_event getting context's mem funcs 2015-12-18 13:57:20 +01:00
Willem Toorop c8a9da69ea Fix libuv.c dependencies 2015-12-18 13:50:17 +01:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop e60afbdf0c Leave space with builddir recplacements 
in make depend
 2015-12-18 13:21:14 +01:00
Willem Toorop 8eab1530bf Fix make depend from builddir != srcdir 2015-12-18 13:14:27 +01:00
Willem Toorop 0d156abf5a Dependencies 2015-12-18 12:24:06 +01:00
Willem Toorop 638b841855 tpkg for dependencies checking 2015-12-18 12:22:54 +01:00
Willem Toorop 17d44a769c Test & fix installing 2015-12-18 11:13:22 +01:00
Willem Toorop 34af4a22f2 Get rid of tpkg help files 
The fewer files to maintain the better
 2015-12-18 11:03:54 +01:00
Willem Toorop 94cc17ff16 Wrong help text of symbols checkining tpkg 2015-12-18 10:46:11 +01:00
Willem Toorop 5a65d2b693 Look further then you nose Willem! 2015-12-17 15:46:31 +01:00
Willem Toorop d3d2dbc1d3 inet_ntop and inet_pton from compat 2015-12-17 15:36:43 +01:00
Willem Toorop b839b97ac2 Oops... reverted syntax/style to agressively 2015-12-17 13:07:39 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00
Willem Toorop 4f37fb1e93 Fix mk-const-info problem with travis 2015-12-16 16:19:50 +01:00
Willem Toorop 71d8a50519 tpkg to warn if consts and symbols are out of sync 2015-12-16 15:48:09 +01:00
Sara Dickinson fc4e4f23df Rename return_call_debugging to return_call_reporting. Update index.html with change of content. 2015-12-16 14:20:35 +00:00
Willem Toorop 16b62f43eb Merge branch 'develop' into features/conversion_functions 2015-12-16 13:53:25 +01:00
wtoorop 69b54be99c Merge pull request #126 from saradickinson/feature/mac_tfo 
Enable TFO by default if possible, add MAC OSX TFO support
Looks good, thanks.
 2015-12-16 13:45:14 +01:00
Willem Toorop e747efe415 Merge branch 'develop' into features/conversion_functions 2015-12-16 12:42:32 +01:00
Willem Toorop 1ef4db8e9d Unique NSEC and NSEC3 rrsets in "validation_chain" 2015-12-16 12:40:32 +01:00
Willem Toorop d09e892285 Convert rr_dict with missing rdata to wire format 
In wireformat this then means no rdata.
This is needed with the zonecut indicating DSes returned in the validation chain.
 2015-12-16 12:02:53 +01:00
Willem Toorop 2c2359af61 Remove duplicate records in RRset before verifying 
As suggested in RFC4034 section 6.3
 2015-12-16 10:47:15 +01:00
Willem Toorop b0aae6b51d Repeating and special rdata field 2 wireformat 2015-12-15 00:07:05 +01:00
Willem Toorop 0433c47466 Fix memory leak when deleting list items 2015-12-15 00:04:33 +01:00
Willem Toorop de269a4695 Wireformat writing for special rdata fields 2015-12-14 15:25:37 +01:00
Willem Toorop 4ae24761c7 Rename special wireformat parsing funcs 
in aticipation of the special writing to wireformat functions
 2015-12-14 12:38:25 +01:00
Willem Toorop 7baec89d4c Don't misuse getdns_data_type for something else 2015-12-14 12:13:06 +01:00
Sara Dickinson 736d9f20bf Enable TCP FastOpen by default and add support for OSX implementation of TFO. 2015-12-13 17:44:31 +00:00
Willem Toorop aadd4dc8bb Add conversion functions test package 2015-12-13 15:59:36 +01:00
Willem Toorop 5ae854b8bf Fix dict to wire of repeating rdata fields 2015-12-13 15:58:45 +01:00
Willem Toorop 75b0ae669a Fix rdf iter of single RR wireformat 2015-12-13 15:58:21 +01:00
Willem Toorop 61cd25d862 Merge branch 'develop' into features/conversion_functions 2015-12-11 12:22:34 +01:00
Willem Toorop f88214ab76 Correct include path on json pointer test 2015-12-11 12:21:58 +01:00
Willem Toorop 3752bf0a46 Merge branch 'develop' into features/conversion_functions 2015-12-11 11:59:27 +01:00
Willem Toorop c0831dd598 Move json pointers test to tpkg test 2015-12-11 11:56:44 +01:00
Willem Toorop c1b4694931 Setup test env from individually ran test packages 2015-12-11 11:05:52 +01:00
Willem Toorop 426d59d767 Disable IPv6 only test, because travis containers 
don't support IPv6 :-(.

See: https://blog.travis-ci.com/2015-11-27-moving-to-a-more-elastic-future

Disabled test: getdns_context_set_upstream_recursive_servers_10
 2015-12-10 16:49:55 +01:00
Willem Toorop de490408cd Use the verisign IPv6 upstream 
google's sometimes timeouts...
 2015-12-10 16:26:40 +01:00
Willem Toorop 69aed75d57 Travid in containers 2015-12-10 15:53:43 +01:00
Willem Toorop 2675554f6a Don't configure before running tests 
+ run tests in a separate directory
 2015-12-10 15:32:29 +01:00
Willem Toorop 5a4628e6fe tpkg based testing 2015-12-10 11:55:32 +01:00
Willem Toorop 47dc07e940 First go at conversion to and from rr_dicts 2015-12-09 12:04:00 +01:00
Willem Toorop c53f074fdf Propagate consts with debugging symbols 2015-12-08 09:39:28 +01:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
unknown 22a8550caa Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2 2015-12-04 16:12:43 -05:00
Willem Toorop dd836b2a11 Conversion functions prototypes 2015-12-03 14:54:38 +01:00
unknown 2d58ed465c Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms. 2015-11-22 22:38:13 -05:00
Willem Toorop 08bf613cde Prevent segfault with failed TLS handshake? 
Need proper review for this patch!  Sara?
 2015-11-15 12:46:21 -05:00
Willem Toorop 95618bb3a7 Merge branch 'release/v0.5.1' of github.com:getdnsapi/getdns into release/v0.5.1 2015-11-14 20:01:48 -05:00
Willem Toorop afe5db6b55 Get validation chain avoiding roadblocks 2015-11-14 20:00:13 -05:00
Sara Dickinson 508127a856 Add missing file.... 2015-11-13 14:47:03 +00:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop b9f8f94361 Update ChangeLog and check versions 2015-11-11 12:40:23 +01:00
saradickinson 1a72454b88 Remove debug 2015-11-05 14:41:23 +09:00
saradickinson 5f60683f57 Fix seg fault on timeout 2015-11-05 14:41:23 +09:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 26566a3b00 Merge branch 'develop' of github.com:getdnsapi/getdns into develop 2015-11-04 23:25:49 +01:00
Willem Toorop 7f4bdc0868 Bumb versions 2015-11-04 23:25:38 +01:00
Willem Toorop eb4ba438f7 return_validation_chain + roadblock_avoidance bug 2015-11-05 07:11:51 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Willem Toorop 0c3eb08f4d Merge branch 'features/call_debug' into develop 2015-11-04 16:23:22 +09:00
Willem Toorop 3a19050413 Code review changes 
Commented inline on github
 2015-11-04 16:18:22 +09:00
wtoorop 7230031c0a Merge pull request #119 from dkg/ietf94-privacy-hackathon 
Thank you dkg!  Great work!

Interestingly you've put the configuration of those two features at "context" level.  Since both options (just like cookies) relate to upstreams, I think they should be configurable per upstream as well  (perhaps using the context settings as the defaults, over-loadable by those upstream options).  With my cookie implementation, I've implemented activation with an extension, but cookies also relate to upstreams, so perhaps they should be enableable per upstream as well (and have a global over-loadable setting in context).

Cheers,
-- Willem
 2015-11-02 16:26:25 +09:00
Gowri 1bccd56244 Name change on test server certificate 2015-11-02 03:05:17 +01:00
Daniel Kahn Gillmor c322a8a330 add -P flag to getdns_query for EDNS padding policy 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 83bf5ab08b actually implement tls_query_padding_blocksize 
since no DNS OPT value has been allocated, i chose a random value in
the experimental/local range.
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 1457c1a2b5 stash tls_query_padding_blocksize in the dns_req from the context 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 8291cdb455 add -c flag for EDNS Client Subnet privacy to getdns_query 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor 05585281eb add test for context update callback for edns_client_subnet_private 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 0b388872ea clarify per-query options vs. per-upstream options 
Sending DNS cookies was overwriting any existing options (DNS OPT) in
the outbound query.

Also, DNS cookies may not be the only option that gets set
per-upstream (instead of per-query).

This changeset establishes a set of per-query options (established at
the time of the query), and a buffer of additional space for adding
options based on the upstream is in use.

The size of this buffer is defined at configure time (defaults to 3000
octets).

Just before a query is sent out, we add the per-upstream options to
the query.

Note: we're also standardizing the query in tls too, even though we're
not sending any upstream options in that case at the moment
(edns_cookies are much weaker than TLS itself)
 2015-11-01 15:47:22 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00
Willem Toorop 8b9041325b Bugfix don't grow upstreams memory 
upstreams have internal references and cannot be realloc'ed easily
 2015-11-01 15:23:26 +09:00
jad 30043d2ba5 corrected name 2015-11-01 13:09:18 +09:00
jad 51eb2fdf55 working prototype 6 2015-11-01 12:47:49 +09:00
Willem Toorop ae2cc39a36 Full roadblock avoidance functionality 2015-11-01 12:28:43 +09:00
jad f5662bbf32 working prototype 5 2015-11-01 11:43:12 +09:00
jad 2d20e18b8a working prototype 4 2015-11-01 11:14:45 +09:00
jad 25f7f2182b working prototype 3 2015-11-01 11:04:03 +09:00
jad 80864655d7 Working prototype 2 2015-11-01 10:51:00 +09:00
jad a85b17c885 working prototype 1 2015-11-01 10:24:02 +09:00
Willem Toorop 58885e04d7 dnssec_roadblock_avoidance extension 2015-10-31 21:04:08 +09:00
Willem Toorop 35c803208b Bit more concise and clear confusing code text 2015-10-31 18:24:24 +09:00
Willem Toorop fb6642d6a5 Print response dict when there is one 2015-10-31 17:59:14 +09:00
Willem Toorop 521e46879b Document that thing that we keep forgetting about 2015-10-31 17:15:36 +09:00
Willem Toorop 9ce441e59a --enable-debug-sched for getdns_query too 2015-10-31 16:24:49 +09:00
Willem Toorop de59b700ce Fix libidn really absent + NetBSD fixes 2015-10-29 19:13:39 +01:00
Willem Toorop 0a717f5d51 Warning with older (less intelligent) compiles 2015-10-29 16:25:07 +01:00
Willem Toorop 8c3d348f05 Help text typo 2015-10-27 16:43:25 +01:00
Sara Dickinson e397d1e020 Fix error that was not allowing cipher suite fallback for opportunistic TLS. 2015-10-25 15:28:20 +00:00
Willem Toorop c613743644 Update spec to 0.701 2015-10-22 15:12:15 +02:00
Willem Toorop 973fcbddcc Don't assume mini_event loop 2015-10-22 14:38:34 +02:00
Willem Toorop 47b77c948a Fix small memory leak when switching event loops 2015-10-22 14:16:53 +02:00
Willem Toorop 98a2c497d2 ldns CFLAGS for tests (+ make deps) 2015-10-22 13:46:23 +02:00
Willem Toorop fbc3b2d6a8 Use the NOT_IMPLEMENTED return code! 2015-10-22 12:13:40 +02:00
Willem Toorop b88c74b4c8 Synchronize with October 2015 spec 2015-10-22 12:02:04 +02:00
Willem Toorop 31a07752f0 New non API functions + consts in getdns_extra.h 2015-10-21 17:02:50 +02:00
Willem Toorop ebd94f48cf Anticipate missing X509_V_ERR_HOSTNAME_MISMATCH 2015-10-21 16:01:40 +02:00
Willem Toorop 7647005285 Report memory errors in json-pointers test 2015-10-21 16:01:16 +02:00
Willem Toorop 3cc44ffcb1 Merge remote-tracking branch 'sara/feature/tls_auth_api' into features/tls_auth_api 2015-10-21 15:34:57 +02:00
Sara Dickinson 3be47edbb3 More cleanup 2015-10-16 18:40:33 +01:00
Sara Dickinson b74c62066c Cleanup 2015-10-16 18:31:57 +01:00
Sara Dickinson 689447509a Change port used for TLS to 853 2015-10-16 17:00:14 +01:00
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop d0a80925c2 Bugfixes for setting with json pointers 
+ scratchpad for developing/debugging
 2015-10-08 12:54:30 +02:00
Willem Toorop 820a657297 Check getdns_dict_remove_name parameters 2015-10-06 13:12:33 +02:00
Willem Toorop 3aca772220 Off-by-one error 2015-10-06 09:46:59 +02:00
Willem Toorop e3947d7110 getdns_dict_remove_name with json pointers 
+ improved json pointers symantics
 2015-10-05 17:18:32 +02:00
Willem Toorop f6619d28d8 JSON pointer setters 2015-10-02 15:26:05 +02:00
Willem Toorop 40269a241c Merge branch 'develop' into features/json-pointers 2015-10-02 12:47:10 +02:00
Willem Toorop 65663e6da8 DNSSEC zonecut finding issues 
Thanks Theogene Bucuti
 2015-10-02 12:45:32 +02:00
Willem Toorop 6a0d1a968d Multi-level json pointers (retry) 
+ synchronous-concise example
 2015-10-01 15:43:17 +02:00
Willem Toorop ca50a984c8 1 level JSON pointer reference lookup 2015-09-30 16:05:19 +02:00
Willem Toorop 8dfb7454d6 Signature inception and expiry checking 2015-09-28 13:48:51 +02:00
Willem Toorop 7bf481d812 ldns still (but only) needed for unit tests 2015-09-28 11:44:39 +02:00
Willem Toorop 59f4feb5e6 Native DS with DNSKEY compare + rm ldns dependency 2015-09-25 14:28:47 +02:00
Willem Toorop d8cc7b1ba3 Native signature verification 2015-09-25 11:48:58 +02:00
Willem Toorop 2e4c0928f7 Import unbound's crypto 2015-09-23 16:48:54 +02:00
Willem Toorop fda5394540 Verify raw buffer (still with ldns) 2015-09-23 16:03:59 +02:00
Willem Toorop 8b414c8570 Sort RR's to validate 2015-09-22 12:27:17 +02:00
Willem Toorop e47bd33ec0 Determine validation buffer size 2015-09-21 17:13:44 +02:00
Willem Toorop bf7f44dcb7 Put rrs to validate in rrset 2015-09-21 12:59:30 +02:00
Willem Toorop f673e12106 Memory management for _getdns_verify_rrsig 2015-09-21 12:36:41 +02:00
Willem Toorop 5db5a8b5e6 Correct some comment text 2015-09-18 09:53:27 +02:00
Willem Toorop 505bcf028b Merge branch 'v0.3.3' into develop 2015-09-09 12:46:05 +02:00
Willem Toorop dbc53e773d 0.3.3 quickfix release 2015-09-09 12:45:29 +02:00
Willem Toorop bb29789d24 Merge branch 'v0.3.3' into develop 2015-09-08 12:01:08 +02:00
Willem Toorop a543c23926 Spelling 2015-09-08 11:24:45 +02:00
Willem Toorop 84ad5850c9 get_api_information():version_string also for RCs 2015-09-08 11:20:52 +02:00
Willem Toorop 46ea366f5f Fix dnssec validation of direct CNAME queries 
Thanks Simson L. Garfinkel.
 2015-09-08 10:52:04 +02:00
Willem Toorop c3b59e76fa Merge branch 'v0.3.3' into develop 2015-09-04 16:14:41 +02:00
Willem Toorop b5ac8c1b50 Don't alter events before clearing... 2015-09-04 16:13:49 +02:00
Willem Toorop 87b7c6a834 Merge branch 'v0.3.2' into develop 2015-09-04 11:04:08 +02:00
Willem Toorop 75f1aa6ccd Typo 2015-09-04 11:02:39 +02:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop a3f02905b0 thread instead of a process for ub_fd() signalling 2015-09-04 10:33:08 +02:00
Willem Toorop 0e66d28be8 Set processing flag around user callbacks 
To fix destroying contexts from user callbacks in stub mode.
The complete test suite runs in stub mode now too.
 2015-09-03 15:07:29 +02:00
Willem Toorop 5f73fded75 Simplify list creation a little bit 2015-09-03 13:14:34 +02:00
Willem Toorop b1489eac1f One more priv_ name renamed to _ 2015-09-03 13:13:57 +02:00
Willem Toorop cbb668379f One more string2bindata case... 2015-09-03 12:15:22 +02:00
Willem Toorop 6d13ec19cd --with-getdns_query configure option + 
make pub target (for signing and hashing dist tarball) +
make megaclean target (for erasing all source and git reset --hard)
 2015-08-28 13:33:02 +02:00
Willem Toorop 8ca93a22de --enable-stub-only configure option 2015-08-28 11:09:32 +02:00
Willem Toorop d58d90752b HAVE_LIB* only after include "config.h" 2015-08-27 14:38:23 +02:00
Willem Toorop a8d2e489ad Allow --without-libidn configure option 2015-08-27 14:24:01 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 55aa759730 Don't spawn extra process for recursion calls 2015-08-27 13:22:24 +02:00
Willem Toorop 6446643396 Get lines via custom eventloop 2015-08-26 22:25:42 +02:00
Willem Toorop 32e4e8fa9d Debug custom event loop 2015-08-26 17:01:28 +02:00
Willem Toorop 4ecf6b23dc First round of bugfixes in custom eventloop 2015-08-26 16:13:25 +02:00
Willem Toorop c86df63b7a Custom event loop in getdns_query 2015-08-26 14:32:46 +02:00
Willem Toorop f312a6cfc5 Revert "plain_mem_funcs_user_arg need not be exposed" 
This reverts commit d0ff5d8fea.

It does need to be exposed and is used inderectly through GETDNS_MALLOC which uses MF_PLAIN which is an alias for plain_mem_funcs_user_arg.
 2015-08-24 14:37:02 +02:00
Willem Toorop d0ff5d8fea plain_mem_funcs_user_arg need not be exposed 2015-08-24 14:15:31 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop 1f638ccd0b Internal getdns_mini_event to _getdns_mini_event 2015-08-19 16:26:39 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 7971152742 Make all private functions static 2015-08-19 16:15:26 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
Willem Toorop 09492cbf46 _getdns_nsec3_hash_label without ldns 2015-08-19 15:19:02 +02:00
Willem Toorop 6350b4fad4 --without-libunbound option to configure 2015-08-19 10:47:46 +02:00
Willem Toorop 972ebf55d0 Merge branch 'features/str_without0byte' into develop 2015-08-17 16:30:54 +02:00
wtoorop d436165a88 Merge pull request #112 from saradickinson/features/tls_auth 
Features/tls auth
 2015-08-17 12:53:38 +02:00
Willem Toorop 7c902bf73c Fix fallback failures fix ;) 2015-08-17 12:35:10 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 2404cc2c8e Extend regression test 2015-08-15 15:27:58 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
Sara Dickinson dbad8a9003 Restrict transport list to 1 entry for each valid transport 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Sara Dickinson 8beace7036 Fix location in manual test script. Add build/ to .gitignore 2015-08-15 14:36:36 +01:00
Sara Dickinson ab60211020 Fix fallback failures. Add manual regression test script. 2015-08-12 11:42:02 +01:00
Daniel Kahn Gillmor 319a20a66c improve documentation 
improve the documentation of the getdns_upstream objects.
 2015-07-19 12:22:10 +02:00
Willem Toorop d52b10e703 Fix builddir/srcdir for tests 2015-07-19 12:15:28 +02:00
Willem Toorop e91f7d53b5 Correct getdns_extra.h location for tests too 2015-07-19 11:48:24 +02:00
Willem Toorop ac6e0b641d rm autoconf generated files from repo 2015-07-19 11:40:03 +02:00
Willem Toorop 44b8e44c07 Fix srcdir/buildir locations for version.lo 2015-07-19 11:35:29 +02:00
Willem Toorop e2170cb115 Fix srcdir/buildir locations 2015-07-19 11:28:42 +02:00
Willem Toorop 0c5dd59035 Fix upstream/transport array in 1 upstream dict 2015-07-19 09:43:12 +02:00
Willem Toorop 898fc15b6b Zero size only for non-repeating remaining data 2015-07-18 18:04:11 +02:00
Willem Toorop 276e9fa5f3 Zero size only allowed for non repeating rdfs 2015-07-18 16:59:00 +02:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 3c80a8a1af Check destruction of upstreams in correct way 2015-07-14 11:11:06 +02:00
Willem Toorop 587b320d95 DNS tree was upside down (wording in comments) 
According to RFC1034 Section 4.2.1., the zone's apex is at the top and delegations at the bottom.
 2015-07-14 10:49:00 +02:00
Willem Toorop 554f015931 Deschedule idle_timeouts on context destroy 2015-07-14 10:44:15 +02:00
Willem Toorop 6f21d89e2a Lookup DS only, for no sigs INSECURE 2015-07-14 10:22:42 +02:00
Willem Toorop a8adf662d1 Fix memory leak setting transports 2015-07-13 16:39:43 +02:00
Willem Toorop 5c61954427 Fix geting recursive_upstream_servers 2015-07-13 16:22:39 +02:00
Willem Toorop c7d40e2cbc Strings in bindata's without '\0' byte 2015-07-13 15:41:40 +02:00
Willem Toorop 12567f5338 Fix compiling with --enable-debug-sched 2015-07-13 11:09:56 +02:00
Willem Toorop 431415bd3d rm debugging fprintf leftover 2015-07-10 10:18:00 +02:00
Willem Toorop 0d2f3a5bd9 functions and defines to get versions 
About the library and the API
In both strings and in numbers
 2015-07-10 00:57:58 +02:00
Willem Toorop 2884abe870 Allow alternative trust anchors + ... 
Switch freely between stub and recursive resolving
 2015-07-10 00:05:26 +02:00
Willem Toorop 4987a27264 Pretty print TLDs 2015-07-10 00:04:14 +02:00
Willem Toorop 2dab8dd4d6 Fix handling of non specific trust anchors and ... 
unsported DS digest types
 2015-07-09 23:11:56 +02:00
Willem Toorop 254699ad8b Constants must be in searchable order 2015-07-09 23:11:28 +02:00
Willem Toorop cacd8951ff getdns_query -k to test for root trust anchor 
has exit status 0 on success, 1 otherwise.
 2015-07-09 23:10:22 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop 4135f633ac Fix invalid memory reads 2015-07-09 15:40:00 +02:00
Willem Toorop d9fca20f18 Update consts, symbols and dependencies 2015-07-09 14:40:13 +02:00
Willem Toorop cea8ae4d11 [API 0.602] getdns_context_set_dns_transport_list 
And the getdns_context_set_idle_timeout() functions.
 2015-07-09 14:00:26 +02:00
Willem Toorop ec476a9129 getdns_root_trust_anchor up in getdns.h.in 
So it is on the same spot as where it is in the original specification.
This to ease comparing getdns.h with the API's getdns_code_only.h
 2015-07-09 10:37:02 +02:00
Willem Toorop 098e0f19c4 Don't skip points zone cuts with trusted keys 
A new keyset must be authenticated at every zone cut.
A keyset from an ancecter of the immediate zone may never be used
to authenticate RRsets within a zone.

(Review from Wouter)
 2015-07-09 08:15:38 +02:00
Willem Toorop d87d951874 set ds_signer only when actually signed 2015-07-08 17:15:27 +02:00
Willem Toorop d4849dc0ba Fix read of uninitialized memory 
Not a dangerous one though, but still...
 2015-07-08 15:36:39 +02:00
Willem Toorop e8030b34d2 query_len not used 2015-07-08 15:05:40 +02:00
Willem Toorop 201b6af9a2 clang compiler warnings + 1 bug! 
Bug is countring insecure answers in util-internal.c
found by clang warning reporting
 2015-07-08 13:07:24 +02:00
Willem Toorop 2918c8b472 DSes with best digest + INSECURE on unsupportd alg 
Adaptations to function ds_authenticates_keys.

With multiple DSes, only the ones with the highest (supported)
digest type will be used to authenticate DNSKEYs.

NO_SUPPORTED_ALGORITHMS will be returned if there were
DSes for a key in the DNSKEY set, but none of them has a supported
digest or algorithm.  This leads to dnssec_status INSECURE.
 2015-07-08 12:21:04 +02:00
Willem Toorop a5bacfefcf memory leak fixes 2015-07-08 11:07:44 +02:00
Willem Toorop 51a04f8f6c RSAMD5 is deprecated 2015-07-08 00:18:19 +02:00
Willem Toorop 3b45255d1e Try only closest trust anchors 2015-07-08 00:10:10 +02:00
Willem Toorop e48b0c7fd7 INSECURE when NSEC3 iteration count too high 
Fix from Wouter's review
 2015-07-07 22:33:53 +02:00
Willem Toorop 4b53d70199 Review from Wouter minor issues 2015-07-07 14:52:32 +02:00
Willem Toorop e571883811 Fix test for NODATA address_sync lookup 
hampster.com no longer suitable anymore.
 2015-07-07 11:46:52 +02:00
Willem Toorop 83425f959e Review comments from Wouter 
Thanks!
 2015-07-07 11:15:38 +02:00
Willem Toorop 43980e9020 [API 0.601] CSYNC RR type 2015-07-06 14:14:46 +02:00
Willem Toorop af23930725 CSYNC rr type 2015-07-06 12:45:08 +02:00
Willem Toorop 55444d07a2 Documentation in comments as a review guideline 2015-07-06 11:57:16 +02:00
Willem Toorop 70edb60f09 Some comment about google public dns 2015-07-04 13:14:16 +02:00
Willem Toorop 0e977ee4fb rearrangements for documentational reasons 
+ a fix for opt_out bug
 2015-07-04 13:01:16 +02:00
Willem Toorop 7e3fbe547a Check NSEC3 CE to be without delegations 
(no DNAME, no NS or, if NS then also SOA)
 2015-07-04 10:53:31 +02:00
Willem Toorop f59b32414c Three NSEC3 related things: 
- Better checking for type bits
- NSEC3 Insecure proofs for opt-out on head's
- NSEC3 wildcard NODATA proof
 2015-07-04 10:23:02 +02:00
Willem Toorop 99f0026961 Allow remaining data RDF to be zero size 
Usefull for NSECs on empty non terminals!
 2015-07-04 08:09:50 +02:00
Willem Toorop 682f10b271 NSEC3s on empty non terminals 
bitmap might even not be present.
 2015-07-04 00:08:03 +02:00
Willem Toorop 2c09ff2541 Deal with synthesized CNAMEs from DNAMEs 2015-07-03 23:44:15 +02:00
Willem Toorop 4d4f235f76 NSEC handling complete 2015-07-03 22:50:29 +02:00
Willem Toorop a66232153a Some more NSEC conditional checks 
(from studying unbound code)
 2015-07-03 00:44:53 +02:00
Willem Toorop af49184fd5 A single RRSIG per RRSET in validation_chain 2015-07-02 17:30:37 +02:00
Willem Toorop d47c533b64 getdns_validate_dnssec validate replies in turn 2015-07-02 15:31:31 +02:00
Willem Toorop ae580575d0 Only validate NOERROR & NXDOMAIN 2015-07-02 12:59:28 +02:00
Willem Toorop e3fe89c802 Turn on specific debugging with configure options 2015-07-02 12:49:50 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 6cffc4792b Validate replies with getdns_validate_dnssec 
You can feed it the replies_tree as the records to validate list
 2015-07-02 00:25:41 +02:00
Willem Toorop f92dd5ac0d getdns_validate_dnssec with new DNSSEC code 2015-07-01 21:50:47 +02:00
Willem Toorop 2b3aa84337 getdns_query show output of getdns_validate_dnssec 2015-07-01 14:38:24 +02:00
Willem Toorop 41cf772fb3 Trust anchors in wireformat in context 2015-06-30 14:43:52 +02:00
Willem Toorop 996b09ba2b Reminder for single RRSIG per RRSET return 
With the dnssec_return_validation_chain extension
 2015-06-30 00:12:30 +02:00
Willem Toorop 3cd9caa704 Evaluate DNSSEC only with stub resolution 2015-06-29 23:48:46 +02:00
Willem Toorop 8d5ac3afde Store dnsreq->name in wire format 2015-06-29 23:32:49 +02:00
Willem Toorop 407ecffb67 dnssec_status in netreqs 2015-06-29 22:23:01 +02:00
wtoorop 93e0237273 Merge pull request #106 from saradickinson/features/transport_fixups 
Features/transport fixups
 2015-06-29 21:09:47 +02:00
Sara Dickinson e5a80943e2 Turn fast open on by default. Fix build warning. 2015-06-29 11:54:31 +01:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
wtoorop 9ac1ea39b8 Merge pull request #105 from saradickinson/features/transport_fallback 
Features/transport fallback
 2015-06-29 09:21:31 +02:00
Willem Toorop 2b83bddd4d More sense making parameter names for is_subdomain 2015-06-29 09:18:53 +02:00
Willem Toorop 4e45d31413 No wildcard NSEC3 check on opt-out 2015-06-28 13:41:48 +02:00
Willem Toorop 170218c350 Expand dname rdata fields before compare 2015-06-27 23:47:47 +02:00
Willem Toorop f6c1a48b6e Validaton of wildcard answers 2015-06-27 23:28:23 +02:00
Sara Dickinson 8c61ecd024 Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again. 2015-06-26 16:14:04 +01:00
Sara Dickinson 8925fb22fc More bug fixes and tidy up 2015-06-26 14:27:21 +01:00
Willem Toorop 0411668cb4 blah 2015-06-26 11:39:44 +02:00
Sara Dickinson ddd90e29c5 Fix idle_timeout bug 2015-06-26 08:19:22 +01:00
Willem Toorop fe4b7095b3 Set has_ta before unbound context initialization 2015-06-26 00:29:20 +02:00
Willem Toorop 19b79b066f NSEC NXDOMAIN + NSEC3 denial of exist. validation 2015-06-26 00:26:40 +02:00
Sara Dickinson cb5bbac26d Do better with unbound transport mapping and fix problems with sync fallback 2015-06-25 20:21:00 +01:00
Willem Toorop ea69d30e64 Validation of signed responses 
+ start with unsigned responses (only the NSEC NOERROR case)
 2015-06-25 10:04:19 +02:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson c9a0ffc7a5 Improve error reporting in getdns_query. 2015-06-23 17:01:43 +01:00
Willem Toorop c7c7884350 Generalize getdns_rrset for raw pkt, not netreq 2015-06-23 16:41:34 +02:00
Willem Toorop 1babc715b7 Init context->dnssec_trust_anchors with default 2015-06-23 16:40:47 +02:00
Sara Dickinson c425f96e0b Fix TLS handshake for sync messages. 2015-06-23 15:39:56 +01:00
Willem Toorop 5c01df226c Init netreq dnssec status at netreq init time 2015-06-23 16:39:30 +02:00
Willem Toorop 3631cd658a get_val_chain for all possible scenarios 2015-06-23 00:00:20 +02:00
Sara Dickinson 67e282edd1 More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly 2015-06-22 18:02:28 +01:00
Sara Dickinson 57b163c790 Fix bug in STARTTLS timeout 2015-06-22 14:31:19 +01:00
Sara Dickinson b73b5b2792 Fix some bugs... 2015-06-21 16:55:12 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
Willem Toorop e328f848eb getdns_rrset and iterators 2015-06-19 18:02:16 +02:00
wtoorop d819bc901b Merge pull request #104 from saradickinson/features/transport_api 
Commit addition of transport list to the API.
 2015-06-18 22:02:46 +02:00
Sara Dickinson 0acdcc34b0 Changelog, idle_timeout test, formatting 2015-06-18 17:29:23 +01:00
Sara Dickinson 68dfb15706 Add context idle timeout 2015-06-18 17:11:11 +01:00
Sara Dickinson 8dd8d90e74 Commit addition of transport list to the API. 
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
 2015-06-17 17:18:09 +01:00
Willem Toorop 129e340e8e Collect validation chains for RRs without sigs 2015-06-17 14:46:44 +02:00
Willem Toorop 39639a86c4 Make dname_equal reusable 
+ some symbol renames
 2015-06-16 16:11:51 +02:00
Willem Toorop 4445a5f9cc Include rdata size with compressed names 2015-06-12 15:45:50 +02:00
Willem Toorop 731cc37434 Another redundant ldns reference 2015-06-12 15:45:37 +02:00
Willem Toorop 97f0dddb1e remove ldns dependency from rr-dict.c 
Only dnssec.c left
 2015-06-12 13:51:36 +02:00
Willem Toorop ae1db39a33 Native stub validation 2015-06-11 15:40:44 +02:00
Willem Toorop c28f6ee595 rm of superfluous ldns_rr to getdns_dict funcs 2015-06-11 12:17:47 +02:00
Willem Toorop fd385454b4 rm a few more leftover ldns references 2015-06-11 12:04:59 +02:00
Willem Toorop e820452aaa Rm 2 outdated ldns usage cases 2015-06-11 11:21:12 +02:00
Willem Toorop d5f70ab904 rm spurious execute bits +unit test to detect them 
Thanks Paul Wouters
 2015-05-26 14:16:27 +02:00
Willem Toorop 42bdaaa69d We already redefined minievent symbols 2015-05-21 15:02:51 +02:00
Willem Toorop f78ad93853 Update Makefile's, constants and symbols 2015-05-13 23:30:14 +02:00
Sara Dickinson 894cb1555b Fix intermittent crash for STARTTLS 2015-05-13 17:15:56 +01:00
Willem Toorop 98b3364b65 uniform debugging method + disable stub debugging 2015-05-13 12:47:17 +02:00
Willem Toorop 011b504496 Fix misplaced freeaddrinfo 2015-05-13 12:39:24 +02:00
Willem Toorop b89b625321 autoreconf -fi on FreeBSD to get libtool 2.4.6 2015-05-12 20:47:23 +02:00
wtoorop 802c693ee5 Merge pull request #97 from saradickinson/features/async_tls 
Features/async tls
Thank you Sara!
 2015-05-12 17:05:10 +02:00
saradickinson 3ac5e660f9 Address few minor bugs pointed out by willem 2015-05-11 22:01:31 +02:00
Willem Toorop 01d4275336 Run once with libevent! 2015-05-08 13:12:06 +02:00
Sara Dickinson 9a7bfdd45b Add trivial stub_debug functions. 2015-05-03 15:39:21 +01:00
Sara Dickinson 9d967317d3 Improve the timeout handling for TLS. 2015-05-03 15:11:46 +01:00
Sara Dickinson 01adce8299 Organise code in stub.c and add some utility methods. 2015-05-02 18:08:45 +01:00
Sara Dickinson d6d83b219d Make sure UDP only uses 1 upstream per IP address. Fix a couple of other bugs. 2015-04-30 19:07:49 +01:00
Sara Dickinson 450a3bc6ff Fix STARTTLS fallback. 2015-04-30 14:52:16 +01:00
Sara Dickinson 7905eda8b7 Some clean up of connection handling. Still a problem with STARTTLS fallback that needs fixing. 2015-04-30 12:24:13 +01:00
Sara Dickinson 79b3412fbf Add another transport option as proof of concept for STARTTLS. 2015-04-29 19:20:25 +01:00
Sara Dickinson b533bc59c5 Fix bug when fallback not available 2015-04-27 16:37:16 +01:00
Sara Dickinson 4e6e66fc77 Get sync messages working with new async code. 2015-04-27 15:32:57 +01:00
Sara Dickinson 3de15ad782 Change internal transport handling to use a list, not a fixed type 2015-04-24 16:29:08 +01:00
Sara Dickinson f2ae55858f First pass at making handshake async. Lots of issues with this code still 
- timeouts are not being rescheduled on fallback
- several error cases are not being handled correctly (e.g. 8.8.8.8) and a user callback is not always called
- the fallback mechanism is not generic (specific to tls to tcp)
 2015-04-23 17:46:31 +01:00
Willem Toorop 2a6fc74314 netinet/in.h and openssl/ssl.h from config.h 2015-04-18 22:30:56 +02:00
Willem Toorop 0ba6af3523 upstreams_cleanup from upstreams_dereference 2015-04-18 22:17:28 +02:00
Willem Toorop 84c5b67ee0 Re-enable printing of json with getdns_query 2015-04-18 09:53:50 +02:00
Willem Toorop b26f09d1aa autoreconf -if # For convenience... 2015-04-18 09:35:46 +02:00
Sara Dickinson 6c7ffc4e4e 1) Fix enum mapping error. 
2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
 2015-04-17 18:38:13 +01:00
Sara Dickinson ab4fb8d9e9 Enable GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN for libunbound. Should only be used in stub mode. 
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN still just does TCP.
Also some tidy up of new transport types.
 2015-04-17 15:50:08 +01:00
Sara Dickinson 99c1973fae Cleanup of TLS code 2015-04-16 18:05:51 +01:00
saradickinson 99aa79b48f First pass at TLS implementation - needs work! 2015-04-16 18:05:27 +01:00
Willem Toorop b163ad1870 Doxygen documentation for the new functions 2015-04-08 15:36:12 +02:00
Willem Toorop 830e0267b3 Fix ASSERT_RC macro with check_getdns 2015-04-03 00:15:32 +02:00
Willem Toorop c63bbd1399 s/getdns_strerror/getdns_get_errorstr_by_id/g 
In the unit tests make use of the newly exposed error string getter
 2015-04-02 23:08:35 +02:00
Willem Toorop 87eb9307a7 A getter for context update callbacks 2015-04-02 22:01:30 +02:00
Willem Toorop 498dedbb8d typo :( 2015-04-02 15:56:13 +02:00
Willem Toorop a0aabc3543 getdns_get_errorstr_by_id replaces getdns_strerror 
In the future maybe.  Discuss on list.
 2015-04-02 15:33:10 +02:00
Willem Toorop 56bb9dbbdc Pass along a userarg with context update callbacks 2015-04-02 14:42:26 +02:00
Willem Toorop 18381e7753 Get rid of +sit option in getdns_query 2015-04-02 13:59:10 +02:00
Willem Toorop eb7920a4a6 Issue #84 getdns_address modifies extensions param 2015-04-02 13:58:27 +02:00
Willem Toorop c9a61bd91e Query for AAAA first with getdns_address 
They were already sent out simultaneously and then listened for, but A went out on the wire first.  Now AAAA.
 2015-04-02 13:32:00 +02:00
Willem Toorop c0bc799c3e Fix some C99 compat issues with FreeBSD 2015-03-26 17:03:55 -05:00
Willem Toorop b5d6180506 enlarge timeouts for hostname_12 unit tests 2015-03-26 13:40:39 -05:00
Willem Toorop 3c816b0c86 Emberassing mistake (dont look) 2015-03-23 15:38:50 -05:00
Willem Toorop 526c3a3491 Fix stub validation key rollover issue 2015-03-22 15:41:55 -05:00
Willem Toorop 8b5b8519aa Merge branch 'print_json' into release-0.1.7 2015-03-22 11:01:58 -05:00
Willem Toorop 19547536ac arc4random in secret generation 2015-03-22 11:01:37 -05:00
Willem Toorop d06d94a0c7 Merge branch 'arc4random' into release-0.1.7 
Conflicts:
	src/config.h.in
 2015-03-22 10:55:03 -05:00
Willem Toorop 00f047816d EDNS cookies processing as stub 2015-03-22 10:50:48 -05:00
Willem Toorop 4683208fd1 First go at using arc4random 4 random numbers 2015-03-21 04:41:25 -05:00
Willem Toorop 3aea9da626 edns_cookies extension 2015-03-20 21:37:54 +01:00
Willem Toorop 5da3bf1af2 Check for libcrypto (required with cookies) 2015-03-20 21:17:14 +01:00
Willem Toorop e6462aa0e4 JSON output 2015-03-20 19:55:17 +01:00
Willem Toorop 3ca69266d1 getdns_query target 2015-03-20 18:25:21 +01:00
Willem Toorop a5e8f22246 snprintf style fixed buffers 2015-03-20 18:19:06 +01:00
Willem Toorop a53f50b530 Minor stub validation fixes and improvements 2015-03-19 10:55:34 +01:00
Willem Toorop d2345285a6 dnssec_return_validation_chain with stub resolving 2015-03-18 23:45:26 +01:00
Willem Toorop 7fc18e8c35 Anticipate older libldns with travis 2015-03-18 21:43:41 +01:00
Willem Toorop fa782d1043 --enable-broken-native-stub-dnssec 
Still needs a little more work for wildcards and NODATA answers...
 2015-03-18 14:45:06 +01:00
Willem Toorop 59c92b884c Syntax more closed to dnsextlang 2015-03-18 09:38:30 +01:00
Willem Toorop 9942550748 dnssec_return_validation_chain without ldns 2015-03-16 17:05:03 +01:00
Willem Toorop 70cb26bb00 Read trust anchor file without ldns 2015-03-15 21:25:38 +01:00
Willem Toorop 2ad1470b4e char *getdns_pretty_print_list(getdns_list *list) 
Handy for debugging purposes
 2015-03-15 21:23:44 +01:00
Willem Toorop ebb519919a Get rid of ldns usage, and a malloc/free 2015-03-12 23:09:04 +01:00
Willem Toorop c02f895358 Miscelaneous cleanups 
as a consequence of ldns elemination with local-hosts
 2015-03-12 22:41:39 +01:00
Willem Toorop 4b7ae8d0bc Merge branch 'master' into local-hosts 2015-03-12 21:41:11 +01:00
Willem Toorop 90ae4bf62c local-hosts handling without ldns 2015-03-12 21:37:03 +01:00
ngoyal fb80ad9b4e Update symbols to reflect new getters 2015-03-12 12:18:02 -04:00
Willem Toorop 5dd2236675 getdns_query edns cookies testing 2015-03-09 23:32:21 +01:00
Willem Toorop d48c509bfc Fix single repeat dict case 2015-03-09 23:31:49 +01:00
Willem Toorop d72151ed51 rdata_raw for unknown rr types 2015-03-06 16:12:51 +01:00
Willem Toorop fe10123323 header bits are 1 or 0 2015-03-05 15:26:06 +01:00
Willem Toorop 5575b9e31f Miscellaneous memory issues found with valgrind 2015-03-05 15:03:40 +01:00
Willem Toorop 30806ce760 Remove ldns dependency from convert.c 2015-03-02 12:21:29 +01:00
Willem Toorop 13b7133b9d Fix NOERROR/NODATA test 
Because hampster.com started to be an e-mailable domain
 2015-03-02 11:44:27 +01:00
Willem Toorop 2b8f65f389 rm ldns dependency from dict.[ch] 2015-03-02 11:38:46 +01:00
Willem Toorop fe8f46b0af The CSYNC RR type 2015-02-19 14:07:42 +01:00
Willem Toorop af47cf81a3 Fix reversed IPv6 to domain under our control 2015-02-19 10:31:18 +01:00
Willem Toorop 9a0f4700ea rm rdf template helper comments 2015-02-19 00:21:37 +01:00
Willem Toorop 12d3ca6797 HIP wireformat parsing 2015-02-19 00:20:13 +01:00
Willem Toorop 0a9477d9d7 getdns_query RR type parsing bugfix 
We need a terminating '\0' as last character always
 2015-02-19 00:19:01 +01:00
Willem Toorop e845ffa3bf IPSECKEY wireformat parsing 2015-02-18 23:36:32 +01:00
Willem Toorop 9b90ced595 Make special handlers for rdf work 
+ bugfix in repetition of rdf blocks
 2015-02-18 20:39:56 +01:00
Willem Toorop bea4b50422 handlers for APL "n" and "adfpart" rdf's 2015-02-18 15:44:09 +01:00
Willem Toorop f78fdd0594 Fix canonical_name at root of response dict 
It will be the first canonical name in the replies.
 2015-02-18 14:46:55 +01:00
Willem Toorop a77f156d08 Remote the ldns_pkt result from the netreq 
Proving that we don't need ldns_pkt any more
 2015-02-18 12:36:42 +01:00
Willem Toorop a722778b3c Already lose some replaced functions 2015-02-17 23:11:37 +01:00
Willem Toorop 05cc557de0 Special handling for OPT 2015-02-17 22:59:47 +01:00
Willem Toorop b1bf4a6741 canonical_name in reply dict + lose debug printing 2015-02-17 22:36:57 +01:00
Willem Toorop ceeab9965a Print null terminated bindata strings as strings 2015-02-17 21:44:16 +01:00
Willem Toorop 7fecb7d922 Get rid of debugging info 2015-02-17 21:44:01 +01:00
Willem Toorop 73776bcd48 dname's as decompressed bindata's 2015-02-17 21:28:39 +01:00
Willem Toorop 3c5b28ffaf Fix printing of text type rdata fields 2015-02-17 17:06:36 +01:00
Willem Toorop 1fea8d3d1f Don't forget to handle canonical name & dname's! 2015-02-17 11:58:51 +01:00
Willem Toorop ced873a80d Start with rdf iterators to rdata dict conversion 
Todo:  OPT
 2015-02-17 11:53:01 +01:00
Willem Toorop fd9ead4fec Function to get the section of a rr_iter 2015-02-17 11:52:03 +01:00
Willem Toorop d3f480009b Convenience list append functions 2015-02-16 16:01:15 +01:00
Willem Toorop 177ee2046a Wireformat rdata field iterator 2015-02-14 21:42:25 +01:00
Willem Toorop 2dcc0a0da6 Prefix private types with priv_ too 2015-02-14 12:30:51 +01:00
Willem Toorop e0ab471de8 draft-levine-dnsextlang'ish type rr and rdata defs 2015-02-14 11:44:13 +01:00
Willem Toorop 04e2d4c2c1 bugfix: on tcp read, realloc with *new* buffer sz 2015-02-12 12:05:10 +01:00
Willem Toorop cd098f9429 bugfix: Dynamic max payload only when OPT present 2015-02-12 12:03:20 +01:00
Willem Toorop c649c675e2 bugfix: Include OPT when max payload is dynamic 2015-02-12 11:59:44 +01:00
Willem Toorop 37def257ee Start with wireformat RR iterator 2015-02-11 23:51:20 +01:00
Willem Toorop 6a16a56717 create response header from wireformat 2015-02-11 16:59:47 +01:00