interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
1,552 Commits 58 Branches 69 Tags 14 MiB
Commit Graph

266 Commits

Author SHA1 Message Date
wtoorop 60be402062 Merge pull request #139 from ln5/parsing-resolvconf 
Don't treat "domain" or "search" as a nameserver.
Thank you Linus
 2016-02-04 10:06:40 +01:00
Linus Nordberg 466302131e Don't treat "domain" or "search" as a nameserver. 
Continue the while fgets() loop as soon as we're done with "domain" or
"search".

Simplify the logic of the function by removing the if else constructs.
 2016-02-03 14:57:09 +01:00
unknown db4207f60d More review changes and made comments C style, req Willem. 2016-02-01 11:02:24 -05:00
unknown 170795ad06 More review changes and made comments C style, req Willem. 2016-02-01 10:56:45 -05:00
unknown f5290b6a68 add change from Sara to return if a cert conversion or add to store fails 2016-01-31 00:13:09 -05:00
unknown 504881fc6f Minor fixes to compile and run the CA trust store adapter from Windows to openopenSSL 2016-01-27 16:30:50 -05:00
Sara Dickinson 111794158c Improve Windows CA handling code 2016-01-27 12:50:16 +00:00
unknown 7e9563faed Added a wincrypt adapter to read CA trust certs from Windows CA store and feed them into openssl for TLS hostname authentication 2016-01-23 18:47:03 -05:00
Willem Toorop 16a82eede2 Deal with roadblock avoid. + stub-only at run time 
And make the single usage function validate_extension static
 2016-01-05 12:38:35 +01:00
Sara Dickinson 1f9424ccf2 Fix output of get_api_settings functions 2016-01-05 09:25:49 +00:00
Willem Toorop 08c0c4d6e4 Fixes from testing on different platforms 2015-12-30 14:39:11 +01:00
Willem Toorop 8c46e969d6 Notify for not implemented namespaces and ... 
follow_redirects.
 2015-12-30 13:55:45 +01:00
Willem Toorop 11b0346ded Miscelaneous TSIG bugfixes 2015-12-30 12:25:58 +01:00
Willem Toorop 875ef3f9d4 Successive suffix append retries 2015-12-29 23:06:02 +01:00
Willem Toorop 89b6c04d4f First query append 2015-12-29 17:34:14 +01:00
Willem Toorop 54498cd556 Distinct between suffix and suffixes more clearly 2015-12-29 16:23:04 +01:00
Willem Toorop ebe3d361ea Returning strings does include the null byte 2015-12-29 16:17:17 +01:00
Willem Toorop 5a388386b4 Store suffixes in wireformat 2015-12-29 16:00:15 +01:00
Willem Toorop 3e2464af6d Changes that came out of portability tests 2015-12-24 15:28:12 +01:00
Willem Toorop a2bdfb2f22 Merge branch 'features/windows-support' into develop 2015-12-24 14:44:18 +01:00
Willem Toorop 9d3905459e Miscellaneous fixes to compile on windows 
Also without warnings.
 2015-12-24 14:41:50 +01:00
saradickinson b777552f34 Merge pull request #131 from saradickinson/feature/pubkey-pinning 
Feature/pubkey pinning
 2015-12-24 10:13:53 +00:00
Willem Toorop caba5f19d5 Merge branch 'develop' into features/windows-support 2015-12-24 11:01:26 +01:00
Willem Toorop 8bde787703 Use mkstemp instead of tmpnam to eliminate warning 2015-12-24 10:50:58 +01:00
Willem Toorop 71b2a44945 Remove root_servers comment leftovers 2015-12-23 21:19:52 +01:00
Daniel Kahn Gillmor 77802808ce rename GETDNS_AUTHENTICATION_HOSTNAME with GETDNS_AUTHENTICATION_REQUIRED 2015-12-23 18:00:43 +00:00
Daniel Kahn Gillmor 0d2256df09 set and return the pubkey_pinsets on the upstream resolvers 2015-12-23 17:59:50 +00:00
Daniel Kahn Gillmor 4dbe1813e4 added simple sha256 public key pinning linked list to getdns_upstream 2015-12-23 17:59:50 +00:00
Willem Toorop fbae577a54 Setting of root servers 
test with

	getdns_query -f yeti.key -R yeti.hints nlnetlabs.nl A +dnssec_return_status

where yeti.key comes from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/named.cache

and yeti.hints from:

	https://raw.githubusercontent.com/BII-Lab/Yeti-Project/master/domain/KSK.pub
 2015-12-23 17:15:45 +01:00
Willem Toorop fe7a1e89e3 Constify new work 2015-12-22 11:32:15 +01:00
Willem Toorop 5bbcbb97a1 Merge branch 'develop' into features/conversion_functions 2015-12-22 11:28:27 +01:00
Willem Toorop ee2a1fbfe6 Merge branch 'features/tsig' into develop 2015-12-22 01:08:25 +01:00
Sara Dickinson 746a827baa Implement client side edns-tcp-keepalive 2015-12-21 17:05:56 +00:00
Willem Toorop 98dc4018c3 Setting & getting of tsig info per upstream 2015-12-21 12:22:59 +01:00
Sara Dickinson 13ddf9ad83 Update constants 2015-12-18 16:14:54 +00:00
Sara Dickinson c5b839bda8 remove STARTTLS 2015-12-18 16:14:54 +00:00
Willem Toorop 5663f914fb Mode debug marco's to own header 
To reduce dependency location fixes in test directory.
 2015-12-18 13:40:52 +01:00
Willem Toorop a2e15a169d Revert syntactic/style changes 
So actual changes aren't obfuscated
 2015-12-17 12:37:33 +01:00
Willem Toorop d67949d1e7 iterators go over const wireformat data 2015-12-07 16:43:41 +01:00
unknown 22a8550caa Bug fix in get_os_defaults, clean up code in winsock_event, add code to handle event handling differences in Winsock2 2015-12-04 16:12:43 -05:00
unknown 2d58ed465c Changes for Windows, Fix configure.ac to take in a winsock option to configure and generafigure, add ifdef's to stub out windows code for other platforms. 2015-11-22 22:38:13 -05:00
Sara Dickinson d75ba83013 Fix bug with call_debugging reporting of UDP and add a getter for tls_authentication 2015-11-13 13:28:43 +00:00
Willem Toorop 1bb2daff1e ub_setup_recursing not used without libunbound 2015-11-11 14:03:16 +01:00
Willem Toorop c7f4fc3625 Fix disabling roadblock avoidance with configure 2015-11-05 07:43:33 +09:00
Willem Toorop 8a6f7d5b90 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-04 17:49:21 +09:00
Daniel Kahn Gillmor b3128652f4 add tls_query_padding_blocksize property for getdns_context 
This is a parameter to the getdns_context that tells the context how
much to pad queries that go out over TLS.

It is not yet functional in this commit, but the idea is to pad each
outbound query over TLS to a multiple of the requested blocksize.

Because we only have a set amount of pre-allocated space for dynamic
options (MAXIMUM_UPSTREAM_OPTION_SPACE), we limit the maximum
padding blocksize.

This is a simplistic padding policy.  Suggestions for improved padding
policies are welcome!
 2015-11-01 15:49:56 +09:00
Daniel Kahn Gillmor df3725e635 added edns_client_subnet_private to getdns_context 
https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-04

Using the above spec, an intermediate resolver may forward a chunk of
the client's IP address to the authoritative resolver.

Setting edns_client_subnet_private to a getdns_context in stub mode
will indicate to the next-hop recursive resolver that the client
wishes to keep their address information private.
 2015-11-01 15:49:50 +09:00
Willem Toorop b062974fb1 ub_setup_recursion also for non roadblock avoidance 2015-11-01 15:48:31 +09:00
Daniel Kahn Gillmor 3e90795680 enable talking to servers with ECDSA certs 
There is no clear reason to reject servers that don't have RSA certs.
We should accept ECDSA certs as well.

(also, clean up comments about opportunistic TLS)
 2015-11-01 15:47:03 +09:00
Willem Toorop af6947cbb3 Merge branch 'develop' into features/dnssec_roadblock_avoidance 2015-11-01 15:34:21 +09:00