mirror of https://github.com/getdnsapi/getdns.git
Compare commits
No commits in common. "291ecdae6400ffd3ad66481d26f5350742e5db8c" and "af87d9f70f07522a4934c967b3cb1c1f9a088781" have entirely different histories.
291ecdae64
...
af87d9f70f
|
|
@ -262,7 +262,6 @@ check_include_file(inttypes.h HAVE_INTTYPES_H)
|
||||||
check_include_file(limits.h HAVE_LIMITS_H)
|
check_include_file(limits.h HAVE_LIMITS_H)
|
||||||
check_include_file(sys/limits.h HAVE_SYS_LIMITS_H)
|
check_include_file(sys/limits.h HAVE_SYS_LIMITS_H)
|
||||||
check_include_file(stdarg.h HAVE_STDARG_H)
|
check_include_file(stdarg.h HAVE_STDARG_H)
|
||||||
check_include_file(stddef.h HAVE_STDDEF_H)
|
|
||||||
check_include_file(stdint.h HAVE_STDINT_H)
|
check_include_file(stdint.h HAVE_STDINT_H)
|
||||||
check_include_file(stdio.h HAVE_STDIO_H)
|
check_include_file(stdio.h HAVE_STDIO_H)
|
||||||
check_include_file(stdlib.h HAVE_STDLIB_H)
|
check_include_file(stdlib.h HAVE_STDLIB_H)
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,6 @@
|
||||||
#cmakedefine HAVE_LIMITS_H 1
|
#cmakedefine HAVE_LIMITS_H 1
|
||||||
#cmakedefine HAVE_SYS_LIMITS_H 1
|
#cmakedefine HAVE_SYS_LIMITS_H 1
|
||||||
#cmakedefine HAVE_STDARG_H 1
|
#cmakedefine HAVE_STDARG_H 1
|
||||||
#cmakedefine HAVE_STDDEF_H 1
|
|
||||||
#cmakedefine HAVE_STDINT_H 1
|
#cmakedefine HAVE_STDINT_H 1
|
||||||
#cmakedefine HAVE_STDIO_H 1
|
#cmakedefine HAVE_STDIO_H 1
|
||||||
#cmakedefine HAVE_STDLIB_H 1
|
#cmakedefine HAVE_STDLIB_H 1
|
||||||
|
|
@ -242,10 +241,6 @@
|
||||||
# define FD_SETSIZE 1024
|
# define FD_SETSIZE 1024
|
||||||
# endif
|
# endif
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* the version of the windows API enabled */
|
/* the version of the windows API enabled */
|
||||||
# ifndef WINVER
|
# ifndef WINVER
|
||||||
# define WINVER 0x0600 // 0x0502
|
# define WINVER 0x0600 // 0x0502
|
||||||
|
|
@ -312,11 +307,12 @@ extern "C" {
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_STDLIB_H
|
#ifdef __cplusplus
|
||||||
#include <stdlib.h>
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_STDDEF_H
|
#if STDC_HEADERS
|
||||||
|
#include <stdlib.h>
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3589,7 +3589,6 @@ getdns_context_set_local_proxy_policy(getdns_context *context,
|
||||||
size_t i, j;
|
size_t i, j;
|
||||||
getdns_proxy_policies *policies;
|
getdns_proxy_policies *policies;
|
||||||
getdns_list *resolvers;
|
getdns_list *resolvers;
|
||||||
struct sockaddr_in *sin4p;
|
|
||||||
struct sockaddr_in6 *sin6p;
|
struct sockaddr_in6 *sin6p;
|
||||||
|
|
||||||
fprintf(stderr, "in getdns_context_set_local_proxy_policy\n");
|
fprintf(stderr, "in getdns_context_set_local_proxy_policy\n");
|
||||||
|
|
@ -3678,12 +3677,6 @@ fprintf(stderr, "in getdns_context_set_local_proxy_policy\n");
|
||||||
== 0) {
|
== 0) {
|
||||||
if (addr_data->size != 4)
|
if (addr_data->size != 4)
|
||||||
goto error;
|
goto error;
|
||||||
sin4p= (struct sockaddr_in *)
|
|
||||||
&policies->policies[i].addrs[j];
|
|
||||||
sin4p->sin_family= AF_INET;
|
|
||||||
memcpy(&sin4p->sin_addr,
|
|
||||||
addr_data->data,
|
|
||||||
sizeof(sin4p->sin_addr));
|
|
||||||
}
|
}
|
||||||
else if (addr_type->size == 4 &&
|
else if (addr_type->size == 4 &&
|
||||||
memcmp(addr_type->data, "IPv6", 4)
|
memcmp(addr_type->data, "IPv6", 4)
|
||||||
|
|
|
||||||
|
|
@ -536,23 +536,6 @@ const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
|
||||||
return gnutls_protocol_get_name(gnutls_protocol_get_version(conn->tls));
|
return gnutls_protocol_get_name(gnutls_protocol_get_version(conn->tls));
|
||||||
}
|
}
|
||||||
|
|
||||||
/* CBN:TODO Implement! */
|
|
||||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn)
|
|
||||||
{
|
|
||||||
if (!conn || !conn->ssl)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
return 2 /* 2 is unknown */;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* CBN:TODO Implement! */
|
|
||||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn)
|
|
||||||
{
|
|
||||||
if (!conn || !conn->ssl)
|
|
||||||
return 0;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
|
||||||
|
|
@ -842,26 +842,6 @@ const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
|
||||||
return SSL_get_version(conn->ssl);
|
return SSL_get_version(conn->ssl);
|
||||||
}
|
}
|
||||||
|
|
||||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn)
|
|
||||||
{
|
|
||||||
uint8_t usage = 255; /* 0 and 1 for also PKIX, 2 and 3 for DANE only */
|
|
||||||
|
|
||||||
if (!conn || !conn->ssl)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
if (SSL_get0_dane_tlsa(conn->ssl, &usage, NULL, NULL, NULL, NULL) < 0)
|
|
||||||
return SSL_get_verify_result(conn->ssl) == X509_V_OK ? 1 : 0;
|
|
||||||
|
|
||||||
return usage <= 1 ? 1 : 2 /* 2 is unknown */;
|
|
||||||
}
|
|
||||||
|
|
||||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn)
|
|
||||||
{
|
|
||||||
if (!conn || !conn->ssl)
|
|
||||||
return 0;
|
|
||||||
return SSL_get0_dane_authority(conn->ssl, NULL, NULL) >= 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
||||||
{
|
{
|
||||||
int r;
|
int r;
|
||||||
|
|
|
||||||
|
|
@ -218,11 +218,6 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
|
||||||
net_req->debug_tls_peer_cert.size = 0;
|
net_req->debug_tls_peer_cert.size = 0;
|
||||||
net_req->debug_tls_peer_cert.data = NULL;
|
net_req->debug_tls_peer_cert.data = NULL;
|
||||||
net_req->debug_tls_version = NULL;
|
net_req->debug_tls_version = NULL;
|
||||||
net_req->debug_pkix_auth = 0; /* 1 == authenticated with PKIX
|
|
||||||
* 0 == not authenticated with PKIX
|
|
||||||
* 2 == unknown
|
|
||||||
*/
|
|
||||||
net_req->debug_pin_auth = 0; /* == 1 if authenticated with pinset */
|
|
||||||
net_req->debug_udp = 0;
|
net_req->debug_udp = 0;
|
||||||
|
|
||||||
/* Scheduling, touch only via _getdns_netreq_change_state!
|
/* Scheduling, touch only via _getdns_netreq_change_state!
|
||||||
|
|
|
||||||
|
|
@ -1853,8 +1853,6 @@ upstream_write_cb(void *userarg)
|
||||||
_getdns_tls_x509_free(&upstream->upstreams->mf, cert);
|
_getdns_tls_x509_free(&upstream->upstreams->mf, cert);
|
||||||
}
|
}
|
||||||
netreq->debug_tls_version = _getdns_tls_connection_get_version(netreq->upstream->tls_obj);
|
netreq->debug_tls_version = _getdns_tls_connection_get_version(netreq->upstream->tls_obj);
|
||||||
netreq->debug_pkix_auth = _getdns_tls_connection_get_pkix_auth(netreq->upstream->tls_obj);
|
|
||||||
netreq->debug_pin_auth = _getdns_tls_connection_get_pin_auth(netreq->upstream->tls_obj);
|
|
||||||
}
|
}
|
||||||
/* Need this because auth status is reset on connection close */
|
/* Need this because auth status is reset on connection close */
|
||||||
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
|
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
|
||||||
|
|
|
||||||
16
src/tls.h
16
src/tls.h
|
|
@ -265,22 +265,6 @@ _getdns_tls_session* _getdns_tls_connection_get_session(struct mem_funcs* mfs, _
|
||||||
*/
|
*/
|
||||||
const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn);
|
const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn);
|
||||||
|
|
||||||
/**
|
|
||||||
* Return whether or not the peer cert PKIX validated
|
|
||||||
*
|
|
||||||
* @param conn the connection
|
|
||||||
* @return 1 when the peer cert PKIX validated, 0 if it did not validate, 2 otherwise
|
|
||||||
*/
|
|
||||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return whether or not a pin from the pinset matched
|
|
||||||
*
|
|
||||||
* @param conn the connection
|
|
||||||
* @return 1 when the peer cert matched a pinset, 0 otherwise
|
|
||||||
*/
|
|
||||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Attempt TLS handshake.
|
* Attempt TLS handshake.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -244,9 +244,6 @@ typedef struct getdns_network_req
|
||||||
const char *debug_tls_version;
|
const char *debug_tls_version;
|
||||||
|
|
||||||
/* Some booleans */
|
/* Some booleans */
|
||||||
unsigned debug_pkix_auth: 2; /* 1 if TLS connection is PKIX valid
|
|
||||||
2 if this is unknown */
|
|
||||||
unsigned debug_pin_auth : 1; /* 1 if one of the pinset's matched */
|
|
||||||
unsigned debug_udp : 1;
|
unsigned debug_udp : 1;
|
||||||
unsigned keepalive_sent : 1;
|
unsigned keepalive_sent : 1;
|
||||||
unsigned badcookie_retry: 1;
|
unsigned badcookie_retry: 1;
|
||||||
|
|
|
||||||
|
|
@ -966,18 +966,6 @@ _getdns_create_call_reporting_dict(
|
||||||
getdns_dict_destroy(netreq_debug);
|
getdns_dict_destroy(netreq_debug);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
if (getdns_dict_set_int(netreq_debug, "tls_auth_pin",
|
|
||||||
netreq->debug_pin_auth)) {
|
|
||||||
|
|
||||||
getdns_dict_destroy(netreq_debug);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if (getdns_dict_set_int(netreq_debug, "tls_auth_pkix",
|
|
||||||
netreq->debug_pkix_auth)) {
|
|
||||||
|
|
||||||
getdns_dict_destroy(netreq_debug);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
if (getdns_dict_util_set_string(netreq_debug, "tls_version",
|
if (getdns_dict_util_set_string(netreq_debug, "tls_version",
|
||||||
netreq->debug_tls_version)){
|
netreq->debug_tls_version)){
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue