interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,541 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

157 Commits

Author SHA1 Message Date
Sara Dickinson 28ffb2fdf6 Add ls_authentication to API 2015-10-16 17:00:14 +01:00
Sara Dickinson 6b4ee4ed31 Block authenticated requests on unauthenticated connection 2015-10-16 17:00:14 +01:00
Sara Dickinson af617e92a7 Implement authenticaiton fallback on a given upstream (needs more work). Also need API option to set auth requirement. 2015-10-16 17:00:14 +01:00
Sara Dickinson e710286e45 Start work on better authentication 2015-10-16 16:57:13 +01:00
Willem Toorop 53e23f1358 Revert "Revert "Merge pull request #112 from saradickinson/features/tls_auth"" 
This reverts commit 6d29e6044e.
 2015-09-04 10:56:30 +02:00
Willem Toorop 6d29e6044e Revert "Merge pull request #112 from saradickinson/features/tls_auth" 
This reverts commit d436165a88, reversing
changes made to 7c902bf73c.
 2015-08-27 13:31:22 +02:00
Willem Toorop 015e387ea5 Final internal symbols rename to _getdns prefix 2015-08-19 16:33:19 +02:00
Willem Toorop b9e8455e27 Internal symbols always prefixed with _getdns 2015-08-19 16:30:15 +02:00
Willem Toorop fcd595298a Rename all priv_getdns internal symbols to _getdns 2015-08-19 16:22:38 +02:00
Willem Toorop 450aabefcc Make util symbols private (i.e. prefix _getdns) 2015-08-19 16:07:01 +02:00
wtoorop d436165a88 Merge pull request #112 from saradickinson/features/tls_auth 
Features/tls auth
 2015-08-17 12:53:38 +02:00
Willem Toorop 7c902bf73c Fix fallback failures fix ;) 2015-08-17 12:35:10 +02:00
Sara Dickinson dc7d7e7689 Fix openssl dependancy 2015-08-15 16:35:30 +01:00
Sara Dickinson 45de1f65b3 Update docs with details of OS X certificate handling. 2015-08-15 14:40:16 +01:00
saradickinson cb1dff1ac7 Add ability to verify server certificate using hostname for TLS/STARTTLS 
NOTE: This implementation will only work for OpenSSL v1.0.2 and later.
Doing it for earlier versions is totally insane:

  https://wiki.openssl.org/index.php/Hostname_validation
 2015-08-15 14:40:15 +01:00
Sara Dickinson ab60211020 Fix fallback failures. Add manual regression test script. 2015-08-12 11:42:02 +01:00
Willem Toorop 9daaa1638c One more event callback setting before clearance 2015-07-14 13:42:40 +02:00
Willem Toorop d4e932890a Do not reset event callbacks before clearing 2015-07-14 11:54:25 +02:00
Willem Toorop 70857ccc74 Proper handling of system stub query timeouts 2015-07-09 23:09:39 +02:00
Willem Toorop f066d5ef73 Merge branch 'features/native-stub-dnssec' into develop 
Conflicts:
	configure.ac
	src/stub.c
 2015-07-02 10:27:27 +02:00
Willem Toorop 8d5ac3afde Store dnsreq->name in wire format 2015-06-29 23:32:49 +02:00
Willem Toorop 407ecffb67 dnssec_status in netreqs 2015-06-29 22:23:01 +02:00
wtoorop 93e0237273 Merge pull request #106 from saradickinson/features/transport_fixups 
Features/transport fixups
 2015-06-29 21:09:47 +02:00
Sara Dickinson e5a80943e2 Turn fast open on by default. Fix build warning. 2015-06-29 11:54:31 +01:00
Sara Dickinson e20d679bc8 Improve TCP close handling and sync connection closing 2015-06-29 09:09:13 +01:00
wtoorop 9ac1ea39b8 Merge pull request #105 from saradickinson/features/transport_fallback 
Features/transport fallback
 2015-06-29 09:21:31 +02:00
Sara Dickinson 8c61ecd024 Finally fix problem with upstream walking that was causing intermittent crash. And fix sync idle timeouts. Again. 2015-06-26 16:14:04 +01:00
Sara Dickinson 8925fb22fc More bug fixes and tidy up 2015-06-26 14:27:21 +01:00
Sara Dickinson ddd90e29c5 Fix idle_timeout bug 2015-06-26 08:19:22 +01:00
Sara Dickinson cb5bbac26d Do better with unbound transport mapping and fix problems with sync fallback 2015-06-25 20:21:00 +01:00
Sara Dickinson 8819d29535 Implement TCP fallback and hack for lack of sync idle timeout. 2015-06-24 18:49:34 +01:00
Sara Dickinson c425f96e0b Fix TLS handshake for sync messages. 2015-06-23 15:39:56 +01:00
Willem Toorop 5c01df226c Init netreq dnssec status at netreq init time 2015-06-23 16:39:30 +02:00
Sara Dickinson 67e282edd1 More work on transport/upstream fallback. TLS and UDP fallback not working yet.... Probably need to maintain a current upstream for each transport to get this working properly 2015-06-22 18:02:28 +01:00
Sara Dickinson 57b163c790 Fix bug in STARTTLS timeout 2015-06-22 14:31:19 +01:00
Sara Dickinson b73b5b2792 Fix some bugs... 2015-06-21 16:55:12 +01:00
Sara Dickinson 635cf9e182 Re-factor of internal handing of transport list. 2015-06-19 18:28:29 +01:00
wtoorop d819bc901b Merge pull request #104 from saradickinson/features/transport_api 
Commit addition of transport list to the API.
 2015-06-18 22:02:46 +02:00
Sara Dickinson 68dfb15706 Add context idle timeout 2015-06-18 17:11:11 +01:00
Sara Dickinson 8dd8d90e74 Commit addition of transport list to the API. 
- set and get functions are added.
- Existing transport functions retained for backwards compatibility.
- Basic combinations work as before, but underlying functional changes and cleanup are not complete yet...
- Context level options for timeouts and max_transactions_per_tcp_connection coming soon...
 2015-06-17 17:18:09 +01:00
Willem Toorop 39639a86c4 Make dname_equal reusable 
+ some symbol renames
 2015-06-16 16:11:51 +02:00
Willem Toorop 97f0dddb1e remove ldns dependency from rr-dict.c 
Only dnssec.c left
 2015-06-12 13:51:36 +02:00
Willem Toorop e820452aaa Rm 2 outdated ldns usage cases 2015-06-11 11:21:12 +02:00
Willem Toorop d5f70ab904 rm spurious execute bits +unit test to detect them 
Thanks Paul Wouters
 2015-05-26 14:16:27 +02:00
Sara Dickinson 894cb1555b Fix intermittent crash for STARTTLS 2015-05-13 17:15:56 +01:00
Willem Toorop 98b3364b65 uniform debugging method + disable stub debugging 2015-05-13 12:47:17 +02:00
saradickinson 3ac5e660f9 Address few minor bugs pointed out by willem 2015-05-11 22:01:31 +02:00
Sara Dickinson 9a7bfdd45b Add trivial stub_debug functions. 2015-05-03 15:39:21 +01:00
Sara Dickinson 9d967317d3 Improve the timeout handling for TLS. 2015-05-03 15:11:46 +01:00
Sara Dickinson 01adce8299 Organise code in stub.c and add some utility methods. 2015-05-02 18:08:45 +01:00
Sara Dickinson d6d83b219d Make sure UDP only uses 1 upstream per IP address. Fix a couple of other bugs. 2015-04-30 19:07:49 +01:00
Sara Dickinson 450a3bc6ff Fix STARTTLS fallback. 2015-04-30 14:52:16 +01:00
Sara Dickinson 7905eda8b7 Some clean up of connection handling. Still a problem with STARTTLS fallback that needs fixing. 2015-04-30 12:24:13 +01:00
Sara Dickinson 79b3412fbf Add another transport option as proof of concept for STARTTLS. 2015-04-29 19:20:25 +01:00
Sara Dickinson b533bc59c5 Fix bug when fallback not available 2015-04-27 16:37:16 +01:00
Sara Dickinson 4e6e66fc77 Get sync messages working with new async code. 2015-04-27 15:32:57 +01:00
Sara Dickinson 3de15ad782 Change internal transport handling to use a list, not a fixed type 2015-04-24 16:29:08 +01:00
Sara Dickinson f2ae55858f First pass at making handshake async. Lots of issues with this code still 
- timeouts are not being rescheduled on fallback
- several error cases are not being handled correctly (e.g. 8.8.8.8) and a user callback is not always called
- the fallback mechanism is not generic (specific to tls to tcp)
 2015-04-23 17:46:31 +01:00
Sara Dickinson 6c7ffc4e4e 1) Fix enum mapping error. 
2) Also add detection of TLS 1.2 in openssl during configure and warn that it if not available then TLS will not be available. Using TLS_ONLY in stub mode will then error with BAD_CONTEXT. TLS/TCP will fallback to TCP.

3) Explicitly disallow use of TLS_ONLY in RECURSIVE mode since it isn't supported yet. TLS/TCP will fallback to TCP.

4) Fix for MAC OS X build where openssl not linked correctly
 2015-04-17 18:38:13 +01:00
Sara Dickinson ab4fb8d9e9 Enable GETDNS_TRANSPORT_TLS_ONLY_KEEP_CONNECTIONS_OPEN for libunbound. Should only be used in stub mode. 
GETDNS_TRANSPORT_TLS_FIRST_AND_FALL_BACK_TO_TCP_KEEP_CONNECTIONS_OPEN still just does TCP.
Also some tidy up of new transport types.
 2015-04-17 15:50:08 +01:00
Sara Dickinson 99c1973fae Cleanup of TLS code 2015-04-16 18:05:51 +01:00
saradickinson 99aa79b48f First pass at TLS implementation - needs work! 2015-04-16 18:05:27 +01:00
Willem Toorop 3c816b0c86 Emberassing mistake (dont look) 2015-03-23 15:38:50 -05:00
Willem Toorop 19547536ac arc4random in secret generation 2015-03-22 11:01:37 -05:00
Willem Toorop d06d94a0c7 Merge branch 'arc4random' into release-0.1.7 
Conflicts:
	src/config.h.in
 2015-03-22 10:55:03 -05:00
Willem Toorop 00f047816d EDNS cookies processing as stub 2015-03-22 10:50:48 -05:00
Willem Toorop 4683208fd1 First go at using arc4random 4 random numbers 2015-03-21 04:41:25 -05:00
Willem Toorop 04e2d4c2c1 bugfix: on tcp read, realloc with *new* buffer sz 2015-02-12 12:05:10 +01:00
Willem Toorop cd098f9429 bugfix: Dynamic max payload only when OPT present 2015-02-12 12:03:20 +01:00
Willem Toorop f01ed133f5 ldns_wire2pkt at create_getdns_response time only 
This break priv_get_validation_chain
 2015-02-11 14:55:22 +01:00
Willem Toorop 9ed074e58d set max_udp_payload_size 2 response size 2015-02-03 11:36:08 +01:00
Willem Toorop b5a6fa8064 rm some obsolete includes in stub.c 2015-02-03 11:24:35 +01:00
Willem Toorop 545a83e1a6 netreq->response contains wire_data packet 2015-02-03 11:12:05 +01:00
Willem Toorop f1b916aac8 Store wireformat queries in netreq's too 2015-02-03 10:46:44 +01:00
Willem Toorop 3f046cf573 Embed netreqs in dns_reqs and wire_data in netreqs 
TODO: make sure the wire_data buffer is filled with the response
 2015-01-29 12:30:40 +01:00
Willem Toorop 736f5ff157 No executable flags on source files 
Thanks Paul Wouters
 2015-01-20 12:16:49 +01:00
saradickinson 593670f524 Removing debug statement (blush) 2014-11-07 20:17:03 -10:00
saradickinson 0680e1144f Add detection of TFO support during configure 2014-10-28 17:51:49 +00:00
saradickinson 9d7d9997df TCP fast open support (linux only). Enabled with --enable-tcp-fastopen configure option. 2014-10-28 17:51:49 +00:00
Willem Toorop d92dc8b460 edns_do_bit defaults to 0 with stub 
And better handling of including OPT RR in stub query
 2014-10-28 14:32:29 +01:00
Willem Toorop 35c58cc598 set payload size < 512 to 512 with extensions too 2014-10-27 19:26:15 +01:00
Willem Toorop f633886cbf recv, write and sendto return ssize_t 2014-10-24 23:12:28 +02:00
saradickinson c5d63ed9d7 Fix 2 small bugs with resending tcp data 2014-10-24 14:38:22 +00:00
Willem Toorop d03a22ba62 fix: stub udp max_udp_size > 4096 support 2014-10-23 15:17:54 +02:00
Willem Toorop 6f6b8e65a2 Stub edns0 payload 1232 for IPv6 and 1432 for IPv4 2014-10-23 14:30:23 +02:00
Willem Toorop 07848b20ff fix: add OPT to query when just options specified 2014-10-23 13:55:37 +02:00
Willem Toorop 2d77d02084 Fallback to TCP when TC bit is set 
with stub queries...
 2014-10-21 00:17:57 +02:00
Willem Toorop ae8105bd78 Bugfix event handling with sync TCP pipelining 2014-10-20 23:51:05 +02:00
Willem Toorop e9548fc5fb Fix for TCP stub mode 
Stupid mistake.
One can not clear an freshly "cleared" initialized event!
 2014-10-19 22:51:42 +02:00
Willem Toorop fa02e3ae70 Fix timeout issue with async stub TCP pipelining 2014-10-19 08:08:45 +02:00
Willem Toorop fc6e583b4b Stub TCP pipelining 
TODO: Resolve issue with timeouts in async pipelining mode.
 2014-10-18 14:32:55 +02:00
Willem Toorop 181d8cd3f4 stub tcp lookups 
And the foundation for tcp keep connections open
 2014-10-18 00:25:41 +02:00
Willem Toorop 623c9b04a5 Retry stub with different upstream after timeout 
Backing off the broken upsteams so they are tried again (increasingly less)
 2014-10-16 14:24:13 +02:00
Willem Toorop bd01b0b83e write callback for stub requests 
which is nice for scheduling retries etc.
 2014-10-15 23:57:24 +02:00
Willem Toorop 9d1ad9d110 Respond correctly to non-blocking events 2014-10-15 23:32:33 +02:00
Willem Toorop 124de13caa Initialize udp socket nonblocking 2014-10-15 23:28:59 +02:00
Willem Toorop a0cb4e1774 Move stub resolving to stub.c again 
Merged hostname.c and service.c in general so that getdns_general_ns can become static.
Removed specialized synchronous handling from return_validation_chain code.
Removed un_timed_resolve (specialized sync handling is not needed anymore)
Renamed inter-object file symbols to priv_<name> and made intra-object symbols static as much as possible.
 2014-10-15 23:04:39 +02:00
Willem Toorop ee316741ac Async stub resolver using crafted packets 2014-10-15 15:12:16 +02:00
Willem Toorop a1be0c985d Miscelaneous fixes that came out of the unit tests 
TODO: libuv still has issues.  Do we really need a close callback?
 2014-10-15 01:13:39 +02:00
Willem Toorop 3ee930d44e Stub resolving with the libmini_event extension 2014-10-13 15:37:45 +02:00