mirror of https://github.com/getdnsapi/getdns.git
Compare commits
No commits in common. "291ecdae6400ffd3ad66481d26f5350742e5db8c" and "af87d9f70f07522a4934c967b3cb1c1f9a088781" have entirely different histories.
291ecdae64
...
af87d9f70f
|
|
@ -262,7 +262,6 @@ check_include_file(inttypes.h HAVE_INTTYPES_H)
|
|||
check_include_file(limits.h HAVE_LIMITS_H)
|
||||
check_include_file(sys/limits.h HAVE_SYS_LIMITS_H)
|
||||
check_include_file(stdarg.h HAVE_STDARG_H)
|
||||
check_include_file(stddef.h HAVE_STDDEF_H)
|
||||
check_include_file(stdint.h HAVE_STDINT_H)
|
||||
check_include_file(stdio.h HAVE_STDIO_H)
|
||||
check_include_file(stdlib.h HAVE_STDLIB_H)
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
#cmakedefine HAVE_LIMITS_H 1
|
||||
#cmakedefine HAVE_SYS_LIMITS_H 1
|
||||
#cmakedefine HAVE_STDARG_H 1
|
||||
#cmakedefine HAVE_STDDEF_H 1
|
||||
#cmakedefine HAVE_STDINT_H 1
|
||||
#cmakedefine HAVE_STDIO_H 1
|
||||
#cmakedefine HAVE_STDLIB_H 1
|
||||
|
|
@ -242,10 +241,6 @@
|
|||
# define FD_SETSIZE 1024
|
||||
# endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* the version of the windows API enabled */
|
||||
# ifndef WINVER
|
||||
# define WINVER 0x0600 // 0x0502
|
||||
|
|
@ -312,11 +307,12 @@ extern "C" {
|
|||
#include <string.h>
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_STDLIB_H
|
||||
#include <stdlib.h>
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_STDDEF_H
|
||||
#if STDC_HEADERS
|
||||
#include <stdlib.h>
|
||||
#include <stddef.h>
|
||||
#endif
|
||||
|
||||
|
|
|
|||
|
|
@ -3589,7 +3589,6 @@ getdns_context_set_local_proxy_policy(getdns_context *context,
|
|||
size_t i, j;
|
||||
getdns_proxy_policies *policies;
|
||||
getdns_list *resolvers;
|
||||
struct sockaddr_in *sin4p;
|
||||
struct sockaddr_in6 *sin6p;
|
||||
|
||||
fprintf(stderr, "in getdns_context_set_local_proxy_policy\n");
|
||||
|
|
@ -3678,12 +3677,6 @@ fprintf(stderr, "in getdns_context_set_local_proxy_policy\n");
|
|||
== 0) {
|
||||
if (addr_data->size != 4)
|
||||
goto error;
|
||||
sin4p= (struct sockaddr_in *)
|
||||
&policies->policies[i].addrs[j];
|
||||
sin4p->sin_family= AF_INET;
|
||||
memcpy(&sin4p->sin_addr,
|
||||
addr_data->data,
|
||||
sizeof(sin4p->sin_addr));
|
||||
}
|
||||
else if (addr_type->size == 4 &&
|
||||
memcmp(addr_type->data, "IPv6", 4)
|
||||
|
|
|
|||
|
|
@ -536,23 +536,6 @@ const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
|
|||
return gnutls_protocol_get_name(gnutls_protocol_get_version(conn->tls));
|
||||
}
|
||||
|
||||
/* CBN:TODO Implement! */
|
||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return 0;
|
||||
|
||||
return 2 /* 2 is unknown */;
|
||||
}
|
||||
|
||||
/* CBN:TODO Implement! */
|
||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
||||
{
|
||||
int r;
|
||||
|
|
|
|||
|
|
@ -842,26 +842,6 @@ const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
|
|||
return SSL_get_version(conn->ssl);
|
||||
}
|
||||
|
||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn)
|
||||
{
|
||||
uint8_t usage = 255; /* 0 and 1 for also PKIX, 2 and 3 for DANE only */
|
||||
|
||||
if (!conn || !conn->ssl)
|
||||
return 0;
|
||||
|
||||
if (SSL_get0_dane_tlsa(conn->ssl, &usage, NULL, NULL, NULL, NULL) < 0)
|
||||
return SSL_get_verify_result(conn->ssl) == X509_V_OK ? 1 : 0;
|
||||
|
||||
return usage <= 1 ? 1 : 2 /* 2 is unknown */;
|
||||
}
|
||||
|
||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn)
|
||||
{
|
||||
if (!conn || !conn->ssl)
|
||||
return 0;
|
||||
return SSL_get0_dane_authority(conn->ssl, NULL, NULL) >= 0;
|
||||
}
|
||||
|
||||
getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
|
||||
{
|
||||
int r;
|
||||
|
|
|
|||
|
|
@ -218,11 +218,6 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
|
|||
net_req->debug_tls_peer_cert.size = 0;
|
||||
net_req->debug_tls_peer_cert.data = NULL;
|
||||
net_req->debug_tls_version = NULL;
|
||||
net_req->debug_pkix_auth = 0; /* 1 == authenticated with PKIX
|
||||
* 0 == not authenticated with PKIX
|
||||
* 2 == unknown
|
||||
*/
|
||||
net_req->debug_pin_auth = 0; /* == 1 if authenticated with pinset */
|
||||
net_req->debug_udp = 0;
|
||||
|
||||
/* Scheduling, touch only via _getdns_netreq_change_state!
|
||||
|
|
|
|||
|
|
@ -1853,8 +1853,6 @@ upstream_write_cb(void *userarg)
|
|||
_getdns_tls_x509_free(&upstream->upstreams->mf, cert);
|
||||
}
|
||||
netreq->debug_tls_version = _getdns_tls_connection_get_version(netreq->upstream->tls_obj);
|
||||
netreq->debug_pkix_auth = _getdns_tls_connection_get_pkix_auth(netreq->upstream->tls_obj);
|
||||
netreq->debug_pin_auth = _getdns_tls_connection_get_pin_auth(netreq->upstream->tls_obj);
|
||||
}
|
||||
/* Need this because auth status is reset on connection close */
|
||||
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
|
||||
|
|
|
|||
16
src/tls.h
16
src/tls.h
|
|
@ -265,22 +265,6 @@ _getdns_tls_session* _getdns_tls_connection_get_session(struct mem_funcs* mfs, _
|
|||
*/
|
||||
const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn);
|
||||
|
||||
/**
|
||||
* Return whether or not the peer cert PKIX validated
|
||||
*
|
||||
* @param conn the connection
|
||||
* @return 1 when the peer cert PKIX validated, 0 if it did not validate, 2 otherwise
|
||||
*/
|
||||
int _getdns_tls_connection_get_pkix_auth(_getdns_tls_connection* conn);
|
||||
|
||||
/**
|
||||
* Return whether or not a pin from the pinset matched
|
||||
*
|
||||
* @param conn the connection
|
||||
* @return 1 when the peer cert matched a pinset, 0 otherwise
|
||||
*/
|
||||
int _getdns_tls_connection_get_pin_auth(_getdns_tls_connection* conn);
|
||||
|
||||
/**
|
||||
* Attempt TLS handshake.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -244,9 +244,6 @@ typedef struct getdns_network_req
|
|||
const char *debug_tls_version;
|
||||
|
||||
/* Some booleans */
|
||||
unsigned debug_pkix_auth: 2; /* 1 if TLS connection is PKIX valid
|
||||
2 if this is unknown */
|
||||
unsigned debug_pin_auth : 1; /* 1 if one of the pinset's matched */
|
||||
unsigned debug_udp : 1;
|
||||
unsigned keepalive_sent : 1;
|
||||
unsigned badcookie_retry: 1;
|
||||
|
|
|
|||
|
|
@ -966,18 +966,6 @@ _getdns_create_call_reporting_dict(
|
|||
getdns_dict_destroy(netreq_debug);
|
||||
return NULL;
|
||||
}
|
||||
if (getdns_dict_set_int(netreq_debug, "tls_auth_pin",
|
||||
netreq->debug_pin_auth)) {
|
||||
|
||||
getdns_dict_destroy(netreq_debug);
|
||||
return NULL;
|
||||
}
|
||||
if (getdns_dict_set_int(netreq_debug, "tls_auth_pkix",
|
||||
netreq->debug_pkix_auth)) {
|
||||
|
||||
getdns_dict_destroy(netreq_debug);
|
||||
return NULL;
|
||||
}
|
||||
if (getdns_dict_util_set_string(netreq_debug, "tls_version",
|
||||
netreq->debug_tls_version)){
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue