Update Stubby to fix Windows build issues

Increase CMake required version 3.5 -> 3.20

.gitattributes

@@ -0,0 +1,18 @@
+/.dir-locals.el	export-ignore
+/.gitattributes	export-ignore
+/.gitignore	export-ignore
+/.gitmodules	export-ignore
+/.indent.pro	export-ignore
+/.travis.yml	export-ignore
+/getdns.pmdoc	export-ignore
+/gldns/compare.sh	export-ignore
+/gldns/import.sh	export-ignore
+/project-doc	export-ignore
+/src/test/tpkg	export-ignore
+/src/test/README	export-ignore
+/src/tools/Dockerfile	export-ignore
+/src/tools/README.adoc	export-ignore
+/src/util/import.sh	export-ignore
+/src/mk-const-info.c.sh	export-ignore
+/src/mk-symfiles.sh	export-ignore
+/README		export-ignore

.gitignore

@@ -1,5 +1,7 @@
 *~
 .DS_Store
+build*/
+tests*/
 getdns*.tar.gz
 *.o
 *.so
@@ -39,6 +41,7 @@ src/test/check_getdns_ev
 src/test/scratchpad
 src/test/scratchpad.c
 src/tools/getdns_query
+src/tools/getdns_server_mon
 src/stubby
 doc/*.3
 src/getdns/getdns.h

.gitmodules

@@ -2,7 +2,15 @@
 	path = src/jsmn
 	url = https://github.com/getdnsapi/jsmn.git
 	branch = getdns
+[submodule "src/yxml"]
+	path = src/yxml
+	url = https://github.com/getdnsapi/yxml.git
+	branch = master
 [submodule "stubby"]
 	path = stubby
 	url = https://github.com/getdnsapi/stubby.git
 	branch = develop
+[submodule "src/ssl_dane"]
+	path = src/ssl_dane
+	url = https://github.com/getdnsapi/ssl_dane
+	branch = getdns

.travis.yml

@@ -1,4 +1,5 @@
 sudo: false
+dist: bionic
 language: c
 compiler:
   - gcc
@@ -6,15 +7,21 @@ compiler:
 addons:
   apt:
     packages:
+    - libssl-dev
     - libunbound-dev
-    - libidn11-dev
+    - libidn2-0-dev 
+    - libyaml-dev
     - check
     - libevent-dev
     - libev-dev
+    - libuv-dev
     - valgrind
     - clang
     - wget
+    - openssh-client
+    - libgnutls28-dev
 script:
   - mkdir tests
   - cd tests
   - ../src/test/tpkg/run-all.sh
+# - ../src/test/tpkg/run-one.sh 290-transports.tpkg -V

ChangeLog

@@ -1,4 +1,291 @@
-* 2017-0?-??: Version 1.1.3
+* 2023-??-??: Version 1.7.4
+  * Issue #536: Broken trust anchor files are silently ignored
+    Thanks Stéphane Bortzmeyer
+
+* 2022-12-22: Version 1.7.3
+  * PR #532: Increase CMake required version 3.5 -> 3.20, because we
+    need cmake_path for Absolute paths in pkg-config (See Issue #517)
+    Thanks Gabriel Ganne
+  * Updated to Stubby 0.4.3 quickfix release
+
+* 2022-08-19: Version 1.7.2
+  * Updated to Stubby 0.4.2 quickfix release
+
+* 2022-08-19: Version 1.7.1
+  * Always send the `dot` ALPN when using DoT
+  * Strengthen version determination for Libidn2 during cmake processing
+    (thanks jpbion).
+  * Fix for issue in UDP stream selection in case of timeouts.
+    Thanks Shikha Sharma
+  * Fix using asterisk in ipstr for any address. Thanks uzlonewolf.
+  * Issue stubby#295: rdata not correctly written for validation for
+    certain RR type. Also, set default built type to RelWithDebInfo and
+    expose CFLAGS via GETDNS_BUILD_CFLAGS define and via
+    getdns_context_get_api_information()
+  * Issue #524: Bug fixes from submodules' upstream?
+    Thanks Johnnyslee
+  * Issue #517: Allow Absolute path CMAKE_INSTALL_{INCLUDE,LIB}DIR in
+    pkg-config files. Thanks Alex Shpilkin
+  * Issue #512: Update README.md to show correct PGP key location.
+    Thanks Katze Prior.
+
+* 2021-06-04: Version 1.7.0
+  * Make TLS Handshake timeout max 4/5th of timeout for the query,
+    just like connection setup timeout was, so fallback transport
+    have a chance too when TCP connection setup is less well
+    detectable (as with TCP_FASTOPEN on MacOS).
+  * Issue #466: Memory leak with retrying queries (for examples
+    with search paths). Thanks doublez13.
+  * Issue #480: Handling of strptime when Cross compiling with CMake.
+    A new option to FORCE_COMPAT_STRPTIME (default disabled) will
+    (when disabled) make cmake assume the target platform has a POSIX
+    compatible strptime when cross-compiling.
+  * Setting of the number of milliseconds send data may remain
+    unacknowledged by the peer in a TCP connection (when supported 
+    by the OS) with getdns_context_set_tcp_send_timeout()
+    Thanks maciejsszmigiero.
+  * Issue #497: Fix typo in CMAKE included files, so Stubby can use
+    TLS v1.3 with chipersuites options ON. Thanks har-riz.
+  * Basic name compression on server replied messages. Thanks amialkow!
+    This alleviates (but might not completely resolve) issues #495 and
+    #320 .
+  * Eventloop extensions back to the old names libgetdns_ext_event,
+    libgetdns_ext_ev and libgetdns_ext_uv.
+  * Compilation warning fixes. Thanks Andreas!
+
+* 2020-02-28: Version 1.6.0
+  * Issues #457, #458, #461: New symbols with libnettle >= 3.4.
+    Thanks hanvinke & kometchtech for testing & reporting.
+  * Issue #432: answer_ipv4_address and answer_ipv6_address in reply
+    and response dicts.
+  * Issue #430: Record and guard UDP max payload size with servers.
+  * Issue #407: Run only offline-tests option with:
+    src/test/tpkg/run-offline-only.sh (only with git checkouts).
+  * Issue #175: Include the packet the stub resolver sent to  the
+    upstream the call_reporting dict. Thanks Tom Pusateri
+  * Issue #169: Build eventloop support libraries if event libraries
+    are available. Thanks Tom Pusateri
+
+* 2019-12-20: Version 1.6.0-beta.1
+  * Migration of build system to cmake. Build now works on Ubuntu,
+    Windows 10 and macOS.
+    Some notes on minor differences in the new cmake build:
+      * OpenSSL 1.0.2 or higher is now required
+      * libunbound 1.5.9 is now required
+      * Only libidn2 2.0.0 and later is supported (not libidn)
+      * Windows uses ENABLE_STUB_ONLY=ON as the default
+      * Unit and regression tests work on Linux/macOS
+        (but not Windows yet)
+
+* 2019-04-03: Version 1.5.2
+  * PR #424: Two small trust anchor fetcher fixes
+    Thanks Maciej S. Szmigiero
+  * Issue #422: Enable server side and update client side TCP Fast
+    Open implementation. Thanks Craig Andrews
+  * Issue #423: Fix insecure delegation detection while scheduling.
+    Thanks Charles Milette
+  * Issue #419: Escape backslashed when printing in JSON format.
+    Thanks boB Rudis
+  * Use GnuTLS instead of OpenSSL for TLS with the --with-gnutls
+    option to configure.  libcrypto (from OpenSSL) still needed
+    for Zero configuration DNSSEC.
+  * DOA rr-type
+  * AMTRELAY rr-type
+
+* 2019-01-11: Version 1.5.1
+  * Introduce proof of concept GnuTLS implementation. Incomplete support
+    for Trust Anchor validation. Requires GnuTLS DANE library. Currently
+    untested with GnuTLS prior to 3.5.19, so configure demands a minumum
+    version of 3.5.0.
+  * Be consistent and always fail connection setup if setting ciphers/curves/
+    TLS version/cipher suites fails.
+  * Refactor OpenSSL usage into modules under src/openssl.
+    Drop support for LibreSSL and versions of OpenSSL prior to 1.0.2.
+  * PR #414: remove TLS13 ciphers from cipher_list, but
+    only when SSL_CTX_set_ciphersuites is available.
+    Thanks Bruno Pagani
+  * Issue #415: Filter out #defines etc. when creating
+    symbols file.  Thanks Zero King
+
+* 2018-12-21: Version 1.5.0
+  * RFE getdnsapi/stubby#121 log re-instantiating TLS
+    upstreams (because they reached tls_backoff_time) at
+    log level 4 (WARNING)
+  * GETDNS_RESPSTATUS_NO_NAME for NODATA answers too
+  * ZONEMD rr-type
+  * getdns_query queries for addresses when a query name
+    without a type is given.
+  * RFE #408: Fetching of trust anchors will be retried
+    after failure, after a certain backoff time. The time
+    can be configured with
+    getdns_context_set_trust_anchors_backoff_time().
+  * RFE #408: A "dnssec" extension that requires DNSSEC
+    verification.  When this extension is set, Indeterminate
+    DNSSEC status will not be returned.
+  * Issue #410: Unspecified ownership of get_api_information()
+  * Fix for DNSSEC bug in finding most specific key when
+    trust anchor proves non-existance of one of the labels
+    along the authentication chain other than the non-
+    existance of a DS record on a zonecut.
+  * Enhancement getdnsapi/stubby#56 & getdnsapi/stubby#130:
+    Configurable minimum and maximum TLS versions with
+    getdns_context_set_tls_min_version() and
+    getdns_context_set_tls_max_version() functions and
+    tls_min_version and tls_max_version configuration parameters
+    for upstreams.
+  * Configurable TLS1.3 ciphersuites with the
+    getdns_context_set_tls_ciphersuites() function and
+    tls_ciphersuites config parameter for upstreams.
+  * Bugfix in upstream string configurations: tls_cipher_list and
+    tls_curve_list
+  * Bugfix finding signer for validating NSEC and NSEC3s, which
+    caused trouble with the partly tracing DNSSEC from the root
+    up, introduced in 1.4.2.  Thanks Philip Homburg
+
+* 2018-05-11: Version 1.4.2
+  * Bugfix getdnsapi/stubby#87: Detect and ignore duplicate certs
+    in the Windows root CA store.
+  * PR #397: No TCP sendto without TCP_FASTOPEN
+    Thanks Emery Hemingway
+  * Bugfix getdnsapi/stubby#106: Core dump when printing certain
+    configuration. Thanks Han Vinke
+  * Bugfix getdnsapi/stubby#99: Partly trace DNSSEC from the root
+    up (for tld and sld), to find insecure delegations quicker.
+    Thanks UniverseXXX
+  * Bugfix: Allow NSEC spans starting from (unexpanded) wildcards
+    Bug was introduced when dealing with CVE-2017-15105
+  * Bugfix getdnsapi/stubby#46: Don't assume trailing zero with
+    string bindata's.  Thanks Lonnie Abelbeck
+  * Bugfix #394: Update src/compat/getentropy_linux.c in order to
+    handle ENOSYS (not implemented) fallback.
+    Thanks Brent Blood
+  * Bugfix #395: Clarify that libidn2 dependency is for version 2.0.0
+    or higher. Thanks mire3212
+
+* 2018-03-12: Version 1.4.1
+  * Bugfix #388: Prevent fallback to an earlier tries upstream within a
+    single query.  Thanks Robert Groenenberg
+  * PR #387: Compile with OpenSSL with deprecated APIs disabled.
+    Thanks Rosen Penev
+  * PR #386: UDP failover improvements:
+    - When all UDP upstreams fail, retry them (more or less) equally
+    - Limit maximum UDP backoff (default to 1000)
+      This is configurable with the --with-max-udp-backoff configure
+      option.
+    Thanks Robert Groenenberg
+  * Bugfix: Find zonecut with DS queries (instead of SOA queries).
+    Thanks Elmer Lastdrager
+  * Bugfix #385: Verifying insecure NODATA answers (broken since 1.2.1).
+    Thanks hanvinke
+  * PR #384: Fix minor spelling and formatting.  Thanks dkg.
+  * Bugfix #382: Parallel install of getdns_query and getdns_server_mon
+
+* 2018-02-21: Version 1.4.0
+  * .so revision bump to please fedora packaging system.
+    Thanks Paul Wouters
+  * Specify the supported curves with getdns_context_set_tls_curves_list()
+    An upstream specific list of supported curves may also be given
+    with the tls_curves_list setting in the upstream dict with
+    getdns_context_set_upstream_recursive_servers()
+  * New tool getdns_server_mon for checking upstream recursive
+    resolver's capabilities.
+  * Improved handling of opportunistic back-off.  If other transports
+    are working, don’t forcibly promote failed upstreams just wait for
+    the re-try timer.
+  * Hostname authentication with libressl
+    Thanks Norbert Copones
+  * Security bugfix in response to CVE-2017-15105.  Although getdns was
+    not vulnerable for this specific issue, as a precaution code has been
+    adapted so that signatures of DNSKEYs, DSs, NSECs and NSEC3s can not
+    be wildcard expansions when used with DNSSEC proofs.  Only direct
+    queries for those types are allowed to be wildcard expansions.
+  * Bugfix PR#379: Miscelleneous double free or corruption, and corrupted
+    memory double linked list detected issue, with serving functionality.
+    Thanks maddie and Bruno Pagani
+  * Security Bugfix PR#293: Check sha256 pinset's
+    with OpenSSL native DANE functions for OpenSSL >= 1.1.0
+    with Viktor Dukhovni's danessl library for OpenSSL >= 1.0.0
+    don't allow for authentication exceptions (like self-signed
+    certificates) otherwise.  Thanks Viktor Dukhovni
+  * libidn2 support.  Thanks Paul Wouters
+
+* 2017-12-21: Version 1.3.0
+  * Bugfix #300: Detect dnsmasq and skip unit test that fails with it.
+    Thanks Tim Rühsen and Konomi Kitten
+  * Specify default available cipher suites for authenticated TLS
+    upstreams with getdns_context_set_tls_ciphers_list()
+    An upstream specific available cipher suite may also be given
+    with the tls_cipher_list setting in the upstream dict with
+    getdns_context_set_upstream_recursive_servers()
+  * PR #366: Add support for TLS 1.3 and Chacha20-Poly1305
+    Thanks Pascal Ernster
+  * Bugfix #356: Do Zero configuration DNSSEC meta queries over on the
+    context configured upstreams.  Thanks Andreas Schulze
+  * Report default extension settings with
+    getdns_context_get_api_information()
+  * Specify locations at which CA certificates for verification purposes
+    are located: getdns_context_set_tls_ca_path()
+    getdns_context_set_tls_ca_file()
+  * getdns_context_set_resolvconf() function to initialize a context 
+    upstreams and suffices with a resolv.conf file.
+    getdns_context_get_resolvconf() to get the file used to initialize
+    the context's upstreams and suffixes.
+    getdns_context_set_hosts() function to initialize a context's
+    LOCALNAMES namespace.
+    getdns_context_get_hosts() function to get the file used to initialize
+    the context's LOCALNAMES namespace.
+  * get which version of OpenSSL was used at build time and at run time
+    when available with getdns_context_get_api_information()
+  * GETDNS_RETURN_IO_ERROR return error code
+  * Bugfix #359: edns_client_subnet_private should set family
+    Thanks Daniel Areiza & Andreas Schulze
+  * Bugfix getdnsapi/stubby#34: Segfault issue with native DNSSEC
+    validation.  Thanks Bruno Pagani
+
+* 2017-11-11: Version 1.2.1
+  * Handle more I/O error cases.  Also, when an I/O error does occur,
+    never stop listening (with servers), and
+    never exit (when running the built-in event loop).
+  * Bugfix: Tolerate unsigned and unused RRsets in the authority section.
+            Fixes DNSSEC with BIND upstream.
+  * Bugfix: DNSSEC validation without support records
+  * Bugfix: Validation of full recursive DNSKEY lookups
+  * Bugfix: Retry to validate full recursion BOGUS replies with zero
+    configuration DNSSEC only when DNSSEC was actually requested
+  * Bugfix #348: Fix a linking issue in stubby when libbsd is present
+    Thanks Remi Gacogne
+  * More robust scheduling; Eliminating a segfault with long running
+    applications.
+  * Miscellaneous Windows portability fixes from Jim Hague.
+  * Fix Makefile dependencies for parallel install.
+    Thanks ilovezfs
+
+* 2017-09-29: Version 1.2.0
+  * Bugfix of rc1: authentication of first query with TLS
+    Thanks Travis Burtrum
+  * A function to set the location for library specific data,
+    like trust-anchors: getdns_context_set_appdata().
+  * Zero configuration DNSSEC - build upon the scheme
+    described in RFC7958.  The URL from which to fetch
+    the trust anchor, the verification CA and email
+    can be set with the new getdns_context_set_trust_anchor_url(),
+    getdns_context_set_trust_anchor_verify_CA() and
+    getdns_context_set_trust_anchor_verify_email() functions.
+    The default values are to fetch from IANA and to validate
+    with the ICANN CA.
+  * Update of Stubby with yaml configuration file and
+    logging from a certain severity support.
+  * Fix tpkg exit status on test failure. Thanks Jim Hague.
+  * Refined logging levels for upstream statistics
+  * Reuse (best behaving) backed-off TLS upstreams when non are usable.
+  * Let TLS upstreams back-off a incremental amount of time.
+    Back-off time starts with 1 second and is doubled each failure, but
+    will not exceed the time given by getdns_context_set_tls_backoff_time()
+  * Make TLS upstream management more resilient to temporary outages
+    (like laptop sleeps)
+
+* 2017-09-04: Version 1.1.3
+  * Small bugfixes that came out of static analysis
   * No annotations with the output of getdns_query anymore,
     unless -V option is given to increase verbosity
     Thanks Ollivier Robert
@@ -130,7 +417,7 @@
     Allow misshing "address_type" in address dicts.
   * TLS session resumption
   * -C <config file> option to getdns_query to configure context 
-    from a json like formated file.  The output of -i (print API
+    from a json like formatted file.  The output of -i (print API
     information) can be used as config file directly.
     Settings may also be given in this format as arguments of
     the getdns_query command directly.
@@ -279,7 +566,7 @@
 * 2015-09-04: Version 0.3.2
   * Fix returned upstreams list by getdns_context_get_api_information()
   * Fix some autoconf issues when srcdir != builddir
-  * Fix remove build date from manpage version for reproducable builds
+  * Fix remove build date from manpage version for reproducible builds
   * Fix transport fallback issues plus transport fallback unit test script
   * Fix string bindata's need not contain trailing zero byte
   * --enable-stub-only configure option for stub only operation.
@@ -432,7 +719,7 @@
   * Build from separate build directory
   * Anticipate libunbound not returning the answer packet
   * Pretty print bindata's representing IP addresses
-  * Anticipate absense of implicit DSO linking
+  * Anticipate absence of implicit DSO linking
   * Mention getdns specific options to configure in INSTALL
     Thanks Paul Hoffman
   * Mac OSX package built instructions for generic user in README.md

INSTALL

@@ -1,401 +0,0 @@
-Installation Instructions
-*************************
-
-Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
-Inc.
-
-   Copying and distribution of this file, with or without modification,
-are permitted in any medium without royalty provided the copyright
-notice and this notice are preserved.  This file is offered as-is,
-without warranty of any kind.
-
-(Options specific to getdns are listed at the end of this document.)
-
-Basic Installation
-==================
-
-   Briefly, the shell commands `./configure; make; make install' should
-configure, build, and install this package.  The following
-more-detailed instructions are generic; see the `README' file for
-instructions specific to this package.  Some packages provide this
-`INSTALL' file but do not implement all of the features documented
-below.  The lack of an optional feature in a given package is not
-necessarily a bug.  More recommendations for GNU packages can be found
-in *note Makefile Conventions: (standards)Makefile Conventions.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You need `configure.ac' if
-you want to change it or regenerate `configure' using a newer version
-of `autoconf'.
-
-   The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.
-
-     Running `configure' might take a while.  While running, it prints
-     some messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package, generally using the just-built uninstalled binaries.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.  When installing into a prefix owned by root, it is
-     recommended that the package be configured and built as a regular
-     user, and only the `make install' phase executed with root
-     privileges.
-
-  5. Optionally, type `make installcheck' to repeat any self-tests, but
-     this time using the binaries in their final installed location.
-     This target does not install anything.  Running this target as a
-     regular user, particularly if the prior `make install' required
-     root privileges, verifies that the installation completed
-     correctly.
-
-  6. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-  7. Often, you can also type `make uninstall' to remove the installed
-     files again.  In practice, not all packages have tested that
-     uninstallation works correctly, even though it is required by the
-     GNU Coding Standards.
-
-  8. Some packages, particularly those that use Automake, provide `make
-     distcheck', which can by used by developers to test that all other
-     targets like `make install' and `make uninstall' work correctly.
-     This target is generally not run by end users.
-
-Compilers and Options
-=====================
-
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  Run `./configure --help'
-for details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c99 CFLAGS=-g LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-   You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you can use GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.  This
-is known as a "VPATH" build.
-
-   With a non-GNU `make', it is safer to compile the package for one
-architecture at a time in the source code directory.  After you have
-installed the package for one architecture, use `make distclean' before
-reconfiguring for another architecture.
-
-   On MacOS X 10.5 and later systems, you can create libraries and
-executables that work on multiple system types--known as "fat" or
-"universal" binaries--by specifying multiple `-arch' options to the
-compiler but only a single `-arch' option to the preprocessor.  Like
-this:
-
-     ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
-                 CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
-                 CPP="gcc -E" CXXCPP="g++ -E"
-
-   This is not guaranteed to produce working output in all cases, you
-may have to build one architecture at a time and combine the results
-using the `lipo' tool if you have problems.
-
-Installation Names
-==================
-
-   By default, `make install' installs the package's commands under
-`/usr/local/bin', include files under `/usr/local/include', etc.  You
-can specify an installation prefix other than `/usr/local' by giving
-`configure' the option `--prefix=PREFIX', where PREFIX must be an
-absolute file name.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-pass the option `--exec-prefix=PREFIX' to `configure', the package uses
-PREFIX as the prefix for installing programs and libraries.
-Documentation and other data files still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=DIR' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.  In general, the
-default for these options is expressed in terms of `${prefix}', so that
-specifying just `--prefix' will affect all of the other directory
-specifications that were not explicitly provided.
-
-   The most portable way to affect installation locations is to pass the
-correct locations to `configure'; however, many packages provide one or
-both of the following shortcuts of passing variable assignments to the
-`make install' command line to change installation locations without
-having to reconfigure or recompile.
-
-   The first method involves providing an override variable for each
-affected directory.  For example, `make install
-prefix=/alternate/directory' will choose an alternate location for all
-directory configuration variables that were expressed in terms of
-`${prefix}'.  Any directories that were specified during `configure',
-but not in terms of `${prefix}', must each be overridden at install
-time for the entire installation to be relocated.  The approach of
-makefile variable overrides for each directory variable is required by
-the GNU Coding Standards, and ideally causes no recompilation.
-However, some platforms have known limitations with the semantics of
-shared libraries that end up requiring recompilation when using this
-method, particularly noticeable in packages that use GNU Libtool.
-
-   The second method involves providing the `DESTDIR' variable.  For
-example, `make install DESTDIR=/alternate/directory' will prepend
-`/alternate/directory' before all installation names.  The approach of
-`DESTDIR' overrides is not required by the GNU Coding Standards, and
-does not work on platforms that have drive letters.  On the other hand,
-it does better at avoiding recompilation issues, and works well even
-when some directory options were not specified in terms of `${prefix}'
-at `configure' time.
-
-Optional Features
-=================
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-   Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-   Some packages offer the ability to configure how verbose the
-execution of `make' will be.  For these packages, running `./configure
---enable-silent-rules' sets the default to minimal output, which can be
-overridden with `make V=1'; while running `./configure
---disable-silent-rules' sets the default to verbose, which can be
-overridden with `make V=0'.
-
-Particular systems
-==================
-
-   On HP-UX, the default C compiler is not ANSI C compatible.  If GNU
-CC is not installed, it is recommended to use the following options in
-order to use an ANSI C compiler:
-
-     ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
-
-and if that doesn't work, install pre-built binaries of GCC for HP-UX.
-
-   HP-UX `make' updates targets which have the same time stamps as
-their prerequisites, which makes it generally unusable when shipped
-generated files such as `configure' are involved.  Use GNU `make'
-instead.
-
-   On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
-parse its `<wchar.h>' header file.  The option `-nodtk' can be used as
-a workaround.  If GNU CC is not installed, it is therefore recommended
-to try
-
-     ./configure CC="cc"
-
-and if that doesn't work, try
-
-     ./configure CC="cc -nodtk"
-
-   On Solaris, don't put `/usr/ucb' early in your `PATH'.  This
-directory contains several dysfunctional programs; working variants of
-these programs are available in `/usr/bin'.  So, if you need `/usr/ucb'
-in your `PATH', put it _after_ `/usr/bin'.
-
-   On Haiku, software installed for all users goes in `/boot/common',
-not `/usr/local'.  It is recommended to use the following options:
-
-     ./configure --prefix=/boot/common
-
-   On Mac OSX getdns will not build against the version of OpenSSL shipped with
-OSX. If you link against a self-complied version of OpenSSL then manual 
-configuration of certificates into the default OpenSSL directory 
-/usr/local/etc/openssl/certs is currently required for TLS authentication to work.
-However if linking against the version of OpenSSL installed via Homebrew TLS 
-authentication will work out of the box.
-
-Specifying the System Type
-==========================
-
-   There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on.  Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS
-     KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the option `--target=TYPE' to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-   Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-causes the specified `gcc' to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf limitation.  Until the limitation is lifted, you can use
-this workaround:
-
-     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
-
-`configure' Invocation
-======================
-
-   `configure' recognizes the following options to control how it
-operates.
-
-`--help'
-`-h'
-     Print a summary of all of the options to `configure', and exit.
-
-`--help=short'
-`--help=recursive'
-     Print a summary of the options unique to this package's
-     `configure', and exit.  The `short' variant lists options used
-     only in the top level, while the `recursive' variant lists options
-     also present in any nested packages.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`--prefix=DIR'
-     Use DIR as the installation prefix.  *note Installation Names::
-     for more details, including other options available for fine-tuning
-     the installation locations.
-
-`--no-create'
-`-n'
-     Run the configure checks, but stop before creating any output
-     files.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
-
-getdns-specific Options
-=======================
-
-`--with-libidn=pathname'
-	path to libidn (default: search /usr/local ..)
-
-`--with-libunbound=pathname'
-	path to libunbound (default: search /usr/local ..)
-
-`--with-libevent'
-	path to libevent (default: search /usr/local ..)
-
-`--with-libuv'
-	path to libuv (default: search /usr/local ..)
-
-`--with-libev'
-	path to libev (default: search /usr/local ..)
-
-`--with-trust-anchor=KEYFILE'
-	Default location of the trust anchor file.
-	[default=SYSCONFDIR/unbound/getdns-root.key]

Makefile.in

@@ -1,287 +0,0 @@
-#
-# @configure_input@
-#
-#
-# Copyright (c) 2013, Verisign, Inc., NLnet Labs
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the names of the copyright holders nor the
-#   names of its contributors may be used to endorse or promote products
-#   derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package = @PACKAGE_NAME@
-version = @PACKAGE_VERSION@@RELEASE_CANDIDATE@
-tarname	= @PACKAGE_TARNAME@
-PACKAGE_TARNAME	= @PACKAGE_TARNAME@
-distdir	= $(tarname)-$(version)
-bintar  = $(distdir)-bin.tar.gz
-
-prefix = @prefix@
-datarootdir=@datarootdir@
-exec_prefix = @exec_prefix@
-bindir = @bindir@
-docdir = @docdir@
-libdir = @libdir@
-
-srcdir = @srcdir@
-INSTALL = @INSTALL@
-
-all : default @GETDNS_QUERY@
-
-everything: default
-	cd src/test && $(MAKE)
-
-default:
-	cd src && $(MAKE) $@
-
-install-lib:
-	cd src && $(MAKE) install
-
-install: getdns.pc getdns_ext_event.pc install-lib @INSTALL_GETDNS_QUERY@
-	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/COPYING $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/INSTALL $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/LICENSE $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/NEWS $(DESTDIR)$(docdir)
-	$(INSTALL) -m 644 $(srcdir)/README.md $(DESTDIR)$(docdir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)/pkgconfig
-	$(INSTALL) -m 644 getdns.pc $(DESTDIR)$(libdir)/pkgconfig
-	$(INSTALL) -m 644 getdns_ext_event.pc $(DESTDIR)$(libdir)/pkgconfig
-	$(INSTALL) -m 755 -d $(DESTDIR)$(docdir)/spec
-	$(INSTALL) -m 644 $(srcdir)/spec/index.html $(DESTDIR)$(docdir)/spec
-	cd doc && $(MAKE) install
-	@echo "***"
-	@echo "***  !!! IMPORTANT !!!!  libgetdns needs a DNSSEC trust anchor!"
-	@echo "***"
-	@echo "***  For the library to be able to perform DNSSEC, the root"
-	@echo "***  trust anchor needs to be present in presentation format"
-	@echo "***  in the file: "
-	@echo "***        @TRUST_ANCHOR_FILE@"
-	@echo "***"
-	@echo "***  We recomend using unbound-anchor to retrieve and install"
-	@echo "***  the root trust anchor like this: "
-	@echo "***        mkdir -p `dirname @TRUST_ANCHOR_FILE@`"
-	@echo "***        unbound-anchor -a \"@TRUST_ANCHOR_FILE@\""
-	@echo "***"
-	@echo "***  We strongly recommend package maintainers to provide the"
-	@echo "***  root trust anchor by installing it with unbound-anchor"
-	@echo "***  at package installation time from the post-install script."
-	@echo "***"
-
-uninstall: @UNINSTALL_GETDNS_QUERY@
-	rm -rf $(DESTDIR)$(docdir)
-	cd doc && $(MAKE) $@
-	cd src && $(MAKE) $@
-
-doc:	FORCE
-	cd doc && $(MAKE) $@
-
-example:
-	cd spec/example && $(MAKE) $@
-
-test: default
-	cd src/test && $(MAKE) $@
-
-getdns_query: default
-	cd src/tools && $(MAKE) $@
-
-stubby:
-	cd src && $(MAKE) $@
-
-scratchpad: default
-	cd src/test && $(MAKE) $@
-
-pad: scratchpad
-	src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
-
-install-getdns_query: install-lib
-	cd src/tools && $(MAKE) $@
-
-uninstall-getdns_query:
-	cd src/tools && $(MAKE) $@
-
-install-stubby:
-	cd src && $(MAKE) $@
-
-uninstall-stubby:
-	cd src && $(MAKE) $@
-
-clean:
-	cd src && $(MAKE) $@
-	cd doc && $(MAKE) $@
-	cd spec/example && $(MAKE) $@
-	rm -f *.o *.pc
-
-depend:
-	cd src && $(MAKE) $@
-	cd spec/example && $(MAKE) $@
-
-distclean:
-	cd src && $(MAKE) $@
-	rmdir src 2>/dev/null || true
-	cd doc && $(MAKE) $@
-	rmdir doc 2>/dev/null || true
-	cd spec/example && $(MAKE) $@
-	rmdir spec/example 2>/dev/null || true
-	rmdir spec 2>/dev/null || true
-	rm -f config.log config.status Makefile libtool getdns.pc getdns_ext_event.pc
-	rm -fR autom4te.cache
-	rm -f m4/libtool.m4
-	rm -f m4/lt~obsolete.m4
-	rm -f m4/ltoptions.m4
-	rm -f m4/ltsugar.m4
-	rm -f m4/ltversion.m4
-	rm -f $(distdir).tar.gz $(distdir).tar.gz.sha256
-	rm -f $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
-
-megaclean:
-	cd $(srcdir) && rm -fr * .dir-locals.el .gitignore .indent.pro .travis.yml && git reset --hard && git submodule update --init
-
-autoclean: megaclean
-	libtoolize -ci
-	autoreconf -fi
-
-dist: $(distdir).tar.gz
-
-pub: $(distdir).tar.gz.sha256 $(distdir).tar.gz.md5 $(distdir).tar.gz.asc
-
-$(distdir).tar.gz.sha256: $(distdir).tar.gz
-	openssl sha256 $(distdir).tar.gz >$@
-
-$(distdir).tar.gz.md5: $(distdir).tar.gz
-	openssl md5 $(distdir).tar.gz >$@
-
-$(distdir).tar.gz.asc: $(distdir).tar.gz
-	gpg --armor --detach-sig $(distdir).tar.gz
-
-bindist: $(bintar)
-
-$(bintar): $(distdir)
-	chown -R 0:0 $(distdir) 2>/dev/null || true
-	cd $(distdir); ./configure; make
-	tar chof - $(distdir) | gzip -9 -c > $@
-	rm -rf $(distdir)
-
-$(distdir).tar.gz: $(distdir)
-	chown -R 0:0 $(distdir) 2>/dev/null || true
-	tar chof - $(distdir) | gzip -9 -c > $@
-	rm -rf $(distdir)
-
-$(distdir):
-	mkdir -p $(distdir)/m4
-	mkdir -p $(distdir)/src
-	mkdir -p $(distdir)/src/getdns
-	mkdir -p $(distdir)/src/test
-	mkdir -p $(distdir)/src/extension
-	mkdir -p $(distdir)/src/compat
-	mkdir -p $(distdir)/src/util
-	mkdir -p $(distdir)/src/gldns
-	mkdir -p $(distdir)/src/tools
-	mkdir -p $(distdir)/src/jsmn
-	mkdir -p $(distdir)/doc
-	mkdir -p $(distdir)/spec
-	mkdir -p $(distdir)/spec/example
-	mkdir -p $(distdir)/stubby
-	mkdir -p $(distdir)/stubby/src
-	cp $(srcdir)/configure.ac $(distdir)
-	cp $(srcdir)/configure $(distdir)
-	cp $(srcdir)/AUTHORS $(distdir)
-	cp $(srcdir)/ChangeLog $(distdir)
-	cp $(srcdir)/COPYING $(distdir)
-	cp $(srcdir)/INSTALL $(distdir)
-	cp $(srcdir)/LICENSE $(distdir)
-	cp $(srcdir)/NEWS $(distdir)
-	cp $(srcdir)/README.md $(distdir)
-	cp $(srcdir)/Makefile.in $(distdir)
-	cp $(srcdir)/install-sh $(distdir)
-	cp $(srcdir)/config.sub $(distdir)
-	cp $(srcdir)/config.guess $(distdir)
-	cp $(srcdir)/getdns.pc.in $(distdir)
-	cp $(srcdir)/getdns_ext_event.pc.in $(distdir)
-	cp libtool $(distdir)
-	cp $(srcdir)/ltmain.sh $(distdir)
-	cp $(srcdir)/m4/*.m4 $(distdir)/m4
-	cp $(srcdir)/src/*.in $(distdir)/src
-	cp $(srcdir)/src/*.[ch] $(distdir)/src
-	cp $(srcdir)/src/*.symbols $(distdir)/src
-	cp $(srcdir)/src/extension/*.[ch] $(distdir)/src/extension
-	cp $(srcdir)/src/extension/*.symbols $(distdir)/src/extension
-	cp $(srcdir)/src/getdns/*.in $(distdir)/src/getdns
-	cp $(srcdir)/src/getdns/getdns_*.h $(distdir)/src/getdns
-	cp $(srcdir)/src/test/Makefile.in $(distdir)/src/test
-	cp $(srcdir)/src/test/*.[ch] $(distdir)/src/test
-	cp $(srcdir)/src/test/*.sh $(distdir)/src/test
-	cp $(srcdir)/src/test/*.good $(distdir)/src/test
-	cp $(srcdir)/src/compat/*.[ch] $(distdir)/src/compat
-	cp $(srcdir)/src/util/*.[ch] $(distdir)/src/util
-	cp -r $(srcdir)/src/util/orig-headers $(distdir)/src/util
-	cp -r $(srcdir)/src/util/auxiliary $(distdir)/src/util
-	cp $(srcdir)/src/gldns/*.[ch] $(distdir)/src/gldns
-	cp $(srcdir)/doc/Makefile.in $(distdir)/doc
-	cp $(srcdir)/doc/*.in $(distdir)/doc
-	cp $(srcdir)/doc/manpgaltnames $(distdir)/doc
-	cp $(srcdir)/spec/*.html $(distdir)/spec
-	cp $(srcdir)/spec/example/Makefile.in $(distdir)/spec/example
-	cp $(srcdir)/spec/example/*.[ch] $(distdir)/spec/example
-	cp $(srcdir)/src/tools/Makefile.in $(distdir)/src/tools
-	cp $(srcdir)/src/tools/*.[ch] $(distdir)/src/tools
-	cp $(srcdir)/stubby/stubby.conf.example $(distdir)/stubby
-	cp $(srcdir)/stubby/stubby-setdns-macos.sh $(distdir)/stubby
-	cp $(srcdir)/stubby/src/stubby.c $(distdir)/stubby/src
-	cp $(srcdir)/stubby/COPYING $(distdir)/stubby
-	cp $(srcdir)/stubby/README.md $(distdir)/stubby
-	cp $(srcdir)/src/jsmn/*.[ch] $(distdir)/src/jsmn
-	cp $(srcdir)/src/jsmn/LICENSE $(distdir)/src/jsmn
-	cp $(srcdir)/src/jsmn/README.md $(distdir)/src/jsmn
-	rm -f $(distdir)/Makefile $(distdir)/src/Makefile $(distdir)/src/getdns/getdns.h $(distdir)/spec/example/Makefile $(distdir)/src/test/Makefile $(distdir)/doc/Makefile $(distdir)/src/config.h
-
-distcheck: $(distdir).tar.gz
-	gzip -cd $(distdir).tar.gz | tar xvf -
-	cd $(distdir) && ./configure
-	cd $(distdir) && $(MAKE) all
-	cd $(distdir) && $(MAKE) check
-	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
-	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
-	@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
-	if test "$${remaining}" -ne	0; then
-	echo "@@@	$${remaining} file(s) remaining	in stage directory!"; \
-	exit 1; \
-	fi
-	cd $(distdir) && $(MAKE) clean
-	rm -rf $(distdir)
-	@echo "*** Package $(distdir).tar.gz is ready for distribution"
-
-getdns.pc: $(srcdir)/getdns.pc.in
-	./config.status $@
-
-getdns_ext_event.pc: $(srcdir)/getdns_ext_event.pc.in
-	./config.status $@
-
-Makefile: $(srcdir)/Makefile.in config.status
-	./config.status $@
-
-configure.status: configure
-	./config.status --recheck
-
-.PHONY: all distclean clean default doc test
-FORCE:

README.md

@@ -40,7 +40,7 @@ The project home page at [getdnsapi.net](https://getdnsapi.net) provides documen
 If you are just getting started with the library take a look at the section below that describes building and handling external dependencies for the library.
 
 ### Examples
-Once it is built you should take a look at src/examples to see how the library is used.
+Once it is built you should take a look at `spec/example` to see how the library is used.
 
 
 # Download
@@ -48,9 +48,9 @@ Once it is built you should take a look at src/examples to see how the library i
 Download the sources from our [github repo](https://github.com/getdnsapi/getdns) 
 or from [getdnsapi.net](https://getdnsapi.net) and verify the download using
 the checksums (SHA1 or MD5) or using gpg to verify the signature.  Our keys are
-available from the [pgp keyservers](https://keyserver.pgp.com)
+available from the [openpgp keyserver](https://keys.openpgp.org/)
 
-* willem@nlnetlabs.nl, key id E5F8F8212F77A498
+* `willem@nlnetlabs.nl`, key id E5F8F8212F77A498
 
 # Releases
 
@@ -59,69 +59,96 @@ approach.  The code is currently under active development.
 
 The following requirements were met as conditions for the present release:
 
-* code compiles cleanly on at least the primary target platforms: OSX, RHEL/CentOS Linux, FreeBSD
+* code compiles cleanly on at least the primary target platforms: OSX, Linux (RHEL/CentOS, Ubuntu), FreeBSD
 * examples must compile and run cleanly
 * there must be clear documentation of supported and unsupported elements of the API
 
-# Building and External Dependencies
+# External Dependencies
 
 If you are installing from packages, you have to install the library and also the library-devel (or -dev) for your package management system to get the the necessary compile time files.
 
-External dependencies are linked outside the getdns API build tree (we rely on configure to find them).  We would like to keep the dependency tree short.  Please refer to section for building on Windows for separate dependency and build instructions for that platform.
+External dependencies are linked outside the getdns API build tree (we rely on CMake to find them).  We would like to keep the dependency tree short, see [Minimising Dependancies](#minimizing-dependancies) for more details.
 
-* [libunbound from NLnet Labs](https://unbound.net/) version 1.4.16 or later.
-* [libidn from the FSF](https://www.gnu.org/software/libidn/) version 1.  (Note that the libidn version means the conversions between A-labels and U-labels may permit conversion of formally invalid labels under IDNA2008.)
-* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 0.9.7 or later. (Note: version 1.0.1 or later is required for TLS support, version 1.0.2 or later is required for TLS hostname authentication)
-* Doxygen is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
+Required for all builds:
 
-For example, to build on a recent version of Ubuntu, you would need the following packages:
+* [libssl and libcrypto from the OpenSSL Project](https://www.openssl.org/) version 1.0.2 or later. Using OpenSSL 1.1 is recommended due to TSL 1.3 support.
 
-    # apt install build-essential libunbound-dev libidn11-dev libssl-dev libtool m4 autoconf
+Required for all builds that include recursive functionality:
+
+* [libunbound from NLnet Labs](https://unbound.net/) version 1.5.9 or later. (Note: linking to libunbound is not yet supported on Windows, see [Windows 10](#microsoft-windows-10))
+
+Required for all builds that include IDN functionality:
+
+* [libidn2 from the FSF](https://www.gnu.org/software/libidn/) version 2.0.0 and higher.
+
+Required to build the documentation:
+
+* [Doxygen](http://www.doxygen.nl) is used to generate documentation; while this is not technically necessary for the build it makes things a lot more pleasant.
+
+For example, to build on Ubuntu 18.04 or later, you would need the following packages for a full build:
+
+    # apt install build-essential libunbound-dev libidn2-dev libssl-dev cmake
+
+# Building
 
 If you are building from git, you need to do the following before building:
 
-
     # git submodule update --init
 
-    # libtoolize -ci # (use glibtoolize for OS X, libtool is installed as glibtool to avoid name conflict on OS X)
-    # autoreconf -fi
+From release 1.6.0 getdns uses CMake (previous versions used autoconf/libtool). To build from this release and later use:
 
+    # cmake .
+    # make
 
-As well as building the getdns library 2 other tools are installed by default by the above process:
+If you are unfamiliar with CMake, see our [CMake Quick Start](https://getdnsapi.net/quick-start/cmake-quick-start/) for how to use CMake options to customise the getdns build.
 
-* getdns_query: a command line test script wrapper for getdns
-* stubby: an experimental DNS Privacy enabled client
+As well as building the getdns library two other tools are installed by default:
 
-Note: If you only want to build stubby, then use the `--with-stubby` option when running 'configure'.
+* getdns_query: a command line test script wrapper for getdns. This can be used to quickly check the functionality of the library, see (#using-getdnsquery)
+* getdns_server_mon: test DNS server function and capabilities
+
+Additionally `Stubby` a DNS Privacy enabled client can also be built and installed by using the `BUILD_STUBBY` option when running `cmake`, see [Stubby](#stubby).
 
 
 ## Minimizing dependencies
 
-* getdns can be configured for stub resolution mode only with the `--enable-stub-only` option to configure.  This removes the dependency on `libunbound`.
-* Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them with the `--without-libidn` option to configure.
-* When both `--enable-stub-only` and `--without-libidn` options are used, getdns has only one dependency left, which is OpenSSL.
+* getdns can be configured for stub resolution mode only with the `ENABLE_STUB_ONLY` option to `cmake`.  This removes the dependency on `libunbound`.
+* Currently getdns only offers two helper functions to deal with IDN: `getdns_convert_ulabel_to_alabel` and `getdns_convert_alabel_to_ulabel`.  If you do not need these functions, getdns can be configured to compile without them by setting the`USE_LIBIDN2` option to `cmake` to OFF.
+* When `ENABLE_STUB_ONLY` is ON, and `USE_LIBIDN2` is OFF, getdns has only one dependency left, which is OpenSSL.
 
 ## Extensions and Event loop dependencies
 
 The implementation works with a variety of event loops, each built as a separate shared library.  See [this Doxygen page](https://getdnsapi.net/doxygen/group__eventloops.html) and [this man page](https://getdnsapi.net/documentation/manpages/#ASYNCHRONOUS USE) for more details.
 
-* [libevent](http://libevent.org).  Note: the examples *require* this and should work with either libevent 1.x or 2.x.  2.x is preferred.
-* [libuv](https://github.com/joyent/libuv)
+* [libevent](http://libevent.org).  Note: the examples *require* this. libevent 2.x is required.
+* [libuv](https://libuv.org/)
 * [libev](http://software.schmorp.de/pkg/libev.html)
 
+## Using getdns_query
+
+Example test queries using `getdns_query` (pointed at Google Public DNS) and requesting the `call_reporting` extension which provides information on the transport and query time:
+
+   getdns_query -s example.com A @8.8.8.8     +return_call_reporting (UDP)
+   getdns_query -s example.com A @8.8.8.8 -T  +return_call_reporting (TCP)
+   getdns_query -s example.com A @8.8.8.8 -L  +return_call_reporting (TLS without authentication)
+   getdns_query -s getdnsapi.net A +dnssec_return_status +return_call_reporting (DNSSEC)
+
 ## Stubby
 
-* Stubby is an experimental implementation of a DNS Privacy enabled stub resolver than encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome! 
-* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://getdnsapi.net/blog/dns-privacy-daemon-stubby).
+* Stubby is an implementation of a DNS Privacy enabled stub resolver that encrypts DNS queries using TLS. It is currently suitable for advanced/technical users - all feedback is welcome!
+* Details on how to use Stubby can be found in the [Stubby Reference Guide](https://dnsprivacy.org/wiki/x/JYAT).
 * Also see [dnsprivacy.org](https://dnsprivacy.org) for more information on DNS Privacy.
 
+## Experimental support for GnuTLS
+
+A project to allow user selection of either OpenSSL or GnuTLS is currently a work in progress. At present a user may select to use GnuTLS for the majority of the supported functionality, however, OpenSSL is still required for some cryptographic functions.
+
 ## Regression Tests
 
 A suite of regression tests are included with the library, if you make changes or just
 want to sanity check things on your system take a look at src/test.  You will need
 to install [libcheck](https://libcheck.github.io/check/).  The check library is also available from many of the package repositories for the more popular operating systems.
-
-The regression tests do not work with --enable-stub-only.
+Note: The tests currently do not run on Windows because of a dependancy on bash.
 
 ## DNSSEC dependencies
 
@@ -131,22 +158,23 @@ The library will try to load the root trust anchor from
 or more `DS` or `DNSKEY` resource records in presentation (i.e. zone file)
 format.  Note that this is different than the format of BIND.keys.
 
-The best way to setup or update the root trust anchor is by using
-[`unbound-anchor`](https://www.unbound.net/documentation/unbound-anchor.html).
-To setup the library with the root trust anchor at the default location,
-execute the following steps as root:
+## Zero configuration DNSSEC
 
-    # mkdir -p /etc/unbound
-    # unbound-anchor -a /etc/unbound/getdns-root.key
+When the root trust anchor is not installed in the default location and a DNSSEC query is done, getdns will try to use the trust anchors published here: http://data.iana.org/root-anchors/root-anchors.xml .
+It will validate these anchors with the ICANN Certificate Authority certificate following the procedure described in [RFC7958].
+The `root-anchors.xml` and `root-anchors.p7s` S/MIME signature will be cached in the `$HOME/.getdns` directory on Unixes, and the `%appdata%\getdns` directory on Windows.
+
+When using trust-anchors from the `root-anchors.xml` file, getdns will track the keys in the root DNSKEY rrset and store a copy in `$HOME/.getdns/root.key` on Unixes, and `%appdata%\getdns\root.key` on Windows.
+Only when the KSK DNSKEY's change, a new version of `root-anchors.xml` is tried to be retrieved from [data.iana.org](https://data.iana.org/root-anchors/).
+
+A installed trust-anchor from the default location (`/etc/unbound/getdns-root.key`) that fails to validate the root DNSKEY RRset, will also trigger the "Zero configuration DNSSEC" procedure described above.
 
 Support
 =======
 
 ## Mailing lists
 
-We have a [getdns users list](https://getdnsapi.net/mailman/listinfo/users) for this implementation.
-
-The [getdns-api mailing list](https://getdnsapi.net/mailman/listinfo/spec) is a good place to engage in discussions regarding the design of the API.
+We have a [getdns users list](https://lists.getdnsapi.net/mailman/listinfo/users) for this implementation.
 
 ## Tickets and Bug Reports
 
@@ -160,8 +188,8 @@ Features of this release
 The goals of this implementation of the getdns API are:
 
 * Provide an open source implementation, in C, of the formally described getdns API by getdns API team at <https://getdnsapi.net/spec.html>
-* Support FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu) via functional "configure" script
-* Support Windows 8.1 
+* Support FreeBSD, OSX, Linux (CentOS/RHEL, Ubuntu)
+* Support Windows 10
 * Include examples and tests as part of the build
 * Document code using doxygen
 * Leverage github as much as possible for project coordination
@@ -202,69 +230,37 @@ Stub mode does not support:
 
 # Supported Platforms
 
-The primary platforms targeted are Linux and FreeBSD, other platform are supported as we get time.  The names listed here are intended to help ensure that we catch platform specific breakage, not to limit the work that folks are doing.
+The platforms listed here are intended to help ensure that we catch platform specific breakage prior to release.
 
-* RHEL/CentOS 6.4
-* OSX 10.8
-* Ubuntu 14.04
-* Microsoft Windows 8.1
-
-We intend to add Android and other platforms to future releases as we have time to port it.
+* Ubuntu 18.04 LTS and newer LTS releases
+* Microsoft Windows 10
+* FreeBSD 11.3 and newer
+* RHEL/CentOS 8
+* OSX 10.14 and 10.15
 
 
-##  Platform Specific Build Reports
+###  Platform Specific Build Notes
 
 [![Build Status](https://travis-ci.org/getdnsapi/getdns.png?branch=master)](https://travis-ci.org/getdnsapi/getdns)
 
-### FreeBSD
+## FreeBSD
 
 If you're using [FreeBSD](https://www.freebsd.org/), you may install getdns via the [ports tree](https://www.freshports.org/dns/getdns/) by running: `cd /usr/ports/dns/getdns && make install clean`
 
 If you are using FreeBSD 10 getdns can be intalled via 'pkg install getdns'.
 
-### CentOS and RHEL 6.5
+## Ubuntu
 
-We rely on the most excellent package manager fpm to build the linux packages, which
-means that the packaging platform requires ruby 2.1.0.  There are other ways to
-build the packages; this is simply the one we chose to use.
+getdns should also work on Ubuntu 16.04, however if you require IDN functionality you will have to install a recent version of libidn2 via a ppa e.g. from https://launchpad.net/~ondrej/+archive/ubuntu/php
 
-    # cat /etc/redhat-release
-    CentOS release 6.5 (Final)
-    # uname -a
-    Linux host-10-1-1-6 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
-    # cd getdns-0.2.0rc1
-    # ./configure --prefix=/home/deploy/build
-    # make; make install
-    # cd /home/deploy/build
-    # mv lib lib64
-    # . /usr/local/rvm/config/alias
-    # fpm -x "*.la" -a native -s dir -t rpm -n getdns -v 0.2.0rc1 -d "unbound" -d "libevent" -d "libidn" --prefix /usr --vendor "Verisign Inc., NLnet Labs" --license "BSD New" --url "https://getdnsapi.net" --description "Modern asynchronous API to the DNS" .
+You will also have to build Unbound from source code to provide libunbound at version >= 1.5.9.
 
-### OSX
+## OSX
 
-    # sw_vers
-    ProductName:	Mac OS X
-    ProductVersion:	10.8.5
-    BuildVersion:	12F45
+A self-compiled version of OpenSSL or the version installed via Homebrew is required and the options OPENSSL_ROOT_DIR, OPENSSL_CRYPTO_LIBRARY and OPENSSL_SSL_LIBRARY can be used to specify the location of the libraries.
+Note: If using a self-compiled version, manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
 
-    Built using PackageMaker, libevent2.
-
-    # ./configure --with-libevent --prefix=$HOME/getdnsosx/export
-    # make
-    # make install
-
-    edit/fix hardcoded paths in lib/*.la to reference /usr/local
-
-    update getdns.pmdoc to match release info
-
-    build package using PackageMaker
-
-    create dmg
-
-    A self-compiled version of OpenSSL or the version installed via Homebrew is required.
-    Note: If using a self-compiled version, manual configuration of certificates into /usr/local/etc/openssl/certs is required for TLS authentication to work.
-
-#### Homebrew
+### Homebrew
 
 If you're using [Homebrew](http://brew.sh/), you may run `brew install getdns`.  By default, this will only build the core library without any 3rd party event loop support.
 
@@ -272,48 +268,37 @@ To install the [event loop integration libraries](https://getdnsapi.net/doxygen/
 
 Note that in order to compile the examples, the `--with-libevent` switch is required.
 
-As of the 0.2.0 release, when installing via Homebrew, the trust anchor is expected to be located at `$(brew --prefix)/etc/getdns-root.key`.  Additionally, the OpenSSL library installed by Homebrew is linked against. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
+Additionally, getdns is linked against the the OpenSSL library installed by Homebrew. Note that the Homebrew OpenSSL installation clones the Keychain certificates to the default OpenSSL location so TLS certificate authentication should work out of the box.
 
-### Microsoft Windows 8.1
+## Microsoft Windows 10
 
-The build has been tested using the following:
-32 bit only Mingw: [Mingw(3.21.0) and Msys 1.0](http://www.mingw.org/) on Windows 8.1
-32 bit build on a 64 bit Mingw [Download latest from: http://mingw-w64.org/doku.php/download/mingw-builds and http://msys2.github.io/]. IMPORTANT: Install tested ONLY on the  "x86_64" for 64-bit installer of msys2.
+You will need CMake for Windows. Installers can be downloaded from https://cmake.org/download/.
 
-#### Dependencies
-The following dependencies are 
-* openssl-1.0.2j
-* libidn
+Windows versions of the following libraries are available using [the vcpkg package manager](https://docs.microsoft.com/en-us/cpp/build/vcpkg).
 
-Instructions to build openssl-1.0.2j:
-Open the mingw32_shell.bat from msys2 in order to build:
+* OpenSSL
+* libevent
+* libiconv (required for libidn2)
+* libidn2
+* libyaml
+* libuv
 
-If necessary, install the following using pacman:
+Once these are installed, set CMake variables CMAKE_INCLUDE_PATH and CMAKE_LIBRARY_PATH to the vcpkg include and library directories e.g. `../vcpkg/installed/x64-windows/include` and `../vcpkg/installed/x64-windows/lib`.
 
-    pacman -S pkg-config  libtool automake
-    pacman -S autoconf automake-wrapper
+To generate a project suitable for use in Visual Studio, select the appropriate Visual Studio generator in CMake. Once generated, the cmake-gui Open Project button can be used to load the project into Visual Studio.
 
-    tar -xvf openssl-1.0.2j.tar 
-    cd openssl-1.0.2j/
-    ./Configure --prefix=${LOCALDESTDIR} --openssldir=${LOCALDESTDIR}/etc/ssl --libdir=lib shared zlib-dynamic mingw
-    make
-    make install
+### Limitations on Windows
 
-To configure:
+Full support for Windows is a work in progress. The following limitations will  be addresses in future:
 
-    ./configure --enable-stub-only --with-trust-anchor="c:\\\MinGW\\\msys\\\1.0\\\etc\\\unbound\\\getdns-root.key" --with-ssl=<location of openssl from above> --with-getdns_query
+* At present, no native Windows DLL version of libunbound exists; support for linking against libunbound is not currently available. The default build option for ENABLE_STUB_ONLY_ is ON for Windows.
 
- The trust anchor is also installed by unbound on `c:\program Files (X86)\unbound\root.key` and can be referenced from there
- or anywhere else that the user chooses to configure it.
+* The getdns unit tests (built with `make test`) require libcheck which is not currently available for Windows and so cannot be built.
 
- After configuring, do a `make` and `make install` to build getdns for Windows.
+* The getdns tpkg test suite is not currently supported on Windows.
 
- Example test queries:
+* The detection of the location of the `/etc/hosts` file should be optimised - it currently assumes Windows is installed in the default directory on the C: drive
 
-    ./getdns_query.exe -s gmadkat.com A @64.6.64.6  +return_call_reporting (UDP)
-    ./getdns_query.exe -s gmadkat.com A @64.6.64.6 -T  +return_call_reporting (TCP)
-    ./getdns_query.exe -s gmadkat.com A -l L @185.49.141.37  +return_call_reporting (TLS without authentication)
-    ./getdns_query.exe -s www.huque.com A +dnssec_return_status +return_call_reporting (DNSSEC)
 
 Contributors
 ============
@@ -366,4 +351,4 @@ Contributors
 
 Acknowledgements
 ================
-The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the [mailing list](https://getdnsapi.net/mailman/listinfo/spec) for their contributions.
+The development team explicitly acknowledges Paul Hoffman for his initiative and efforts to develop a consensus based DNS API. We would like to thank the participants of the getdns-api mailing list (discontinued) for their contributions.

cmake/include/cmakeconfig.h.in

@@ -0,0 +1,540 @@
+#ifndef CONFIG_H
+#define CONFIG_H
+
+#cmakedefine PACKAGE            "@PACKAGE@"
+#cmakedefine PACKAGE_NAME       "@PACKAGE_NAME@"
+#cmakedefine PACKAGE_VERSION    "@PACKAGE_VERSION@"
+#cmakedefine PACKAGE_URL        "@PACKAGE_URL@"
+#cmakedefine PACKAGE_BUGREPORT  "@PACKAGE_BUGREPORT@"
+
+#cmakedefine PACKAGE_STRING     "@PACKAGE_STRING@"
+#cmakedefine PACKAGE_TARNAME    "@PACKAGE_TARNAME@"
+
+#cmakedefine HAVE_ASSERT_H      1
+#cmakedefine HAVE_INTTYPES_H    1
+#cmakedefine HAVE_LIMITS_H      1
+#cmakedefine HAVE_SYS_LIMITS_H  1
+#cmakedefine HAVE_STDARG_H      1
+#cmakedefine HAVE_STDDEF_H      1
+#cmakedefine HAVE_STDINT_H      1
+#cmakedefine HAVE_STDIO_H       1
+#cmakedefine HAVE_STDLIB_H      1
+#cmakedefine HAVE_STRING_H      1
+#cmakedefine HAVE_TIME_H        1
+#cmakedefine HAVE_UNISTD_H	1
+
+#cmakedefine HAVE_FCNTL_H	1
+
+#cmakedefine HAVE_SIGNAL_H      1
+#cmakedefine HAVE_SYS_POLL_H    1
+#cmakedefine HAVE_POLL_H        1
+#cmakedefine HAVE_RESOURCE_H    1
+#cmakedefine HAVE_SYS_TYPES_H   1
+#cmakedefine HAVE_SYS_STAT_H    1
+
+#cmakedefine HAVE_ENDIAN_H      1
+#cmakedefine HAVE_NETDB_H       1
+#cmakedefine HAVE_ARPA_INET_H   1
+#cmakedefine HAVE_NETINET_IN_H  1
+#cmakedefine HAVE_NETINET_TCP_H 1
+#cmakedefine HAVE_SYS_SELECT_H  1
+#cmakedefine HAVE_SYS_SOCKET_H  1
+#cmakedefine HAVE_SYS_SYSCTL_H  1
+#cmakedefine HAVE_SYS_TIME_H    1
+#cmakedefine HAVE_SYS_WAIT_H    1
+
+#cmakedefine HAVE_WINDOWS_H     1
+#cmakedefine HAVE_WINSOCK_H     1
+#cmakedefine HAVE_WINSOCK2_H    1
+#cmakedefine HAVE_WS2TCPIP_H    1
+#cmakedefine GETDNS_ON_WINDOWS  1
+#cmakedefine USE_WINSOCK	1
+
+#cmakedefine HAVE_SSL           1
+#cmakedefine USE_DANESSL	1
+
+#cmakedefine HAVE_OPENSSL_SSL_H         1
+#cmakedefine HAVE_OPENSSL_EVP_H         1
+#cmakedefine HAVE_OPENSSL_ERR_H         1
+#cmakedefine HAVE_OPENSSL_RAND_H        1
+#cmakedefine HAVE_OPENSSL_CONF_H        1
+#cmakedefine HAVE_OPENSSL_ENGINE_H      1
+#cmakedefine HAVE_OPENSSL_BN_H          1
+#cmakedefine HAVE_OPENSSL_DSA_H         1
+#cmakedefine HAVE_OPENSSL_RSA_H         1
+#cmakedefine HAVE_OPENSSL_PARAM_BUILD_H 1
+
+#cmakedefine HAVE_DSA_SIG_SET0		1
+#cmakedefine HAVE_DSA_SET0_PQG		1
+#cmakedefine HAVE_DSA_SET0_KEY		1
+
+#cmakedefine HAVE_RSA_SET0_KEY		1
+
+#cmakedefine HAVE_EVP_MD5		1
+#cmakedefine HAVE_EVP_SHA1		1
+#cmakedefine HAVE_EVP_SHA224		1
+#cmakedefine HAVE_EVP_SHA256		1
+#cmakedefine HAVE_EVP_SHA384		1
+#cmakedefine HAVE_EVP_SHA512		1
+
+#cmakedefine HAVE_EVP_DSS1		1
+#cmakedefine HAVE_EVP_DIGESTVERIFY	1
+
+#cmakedefine HAVE_EVP_MD_CTX_NEW	1
+
+#cmakedefine HAVE_HMAC_CTX_NEW		1
+
+#cmakedefine HAVE_NETTLE_GET_SECP_256R1	1
+#cmakedefine HAVE_NETTLE_GET_SECP_384R1	1
+
+#cmakedefine HAVE_TLS_CLIENT_METHOD	1
+
+#cmakedefine HAVE_OPENSSL_VERSION_NUM	1
+#cmakedefine HAVE_OPENSSL_VERSION	1
+
+#cmakedefine HAVE_SSL_CTX_DANE_ENABLE	1
+#cmakedefine HAVE_SSL_CTX_SET_CIPHERSUITES	1
+#cmakedefine HAVE_SSL_SET_CIPHERSUITES	1
+
+#cmakedefine HAVE_OPENSSL_INIT_CRYPTO	1
+
+#cmakedefine HAVE_OSSL_PARAM_BLD_NEW	1
+
+#cmakedefine HAVE_SSL_DANE_ENABLE			1
+#cmakedefine HAVE_DECL_SSL_CTX_SET1_CURVES_LIST		1
+#cmakedefine HAVE_DECL_SSL_SET1_CURVES_LIST		1
+#cmakedefine HAVE_DECL_SSL_SET_MIN_PROTO_VERSION	1
+#cmakedefine HAVE_X509_GET_NOTAFTER			1
+#cmakedefine HAVE_X509_GET0_NOTAFTER			1
+
+#cmakedefine HAVE_PTHREAD               1
+#cmakedefine HAVE_WINDOWS_THREADS       1
+
+#cmakedefine RUNSTATEDIR                "@RUNSTATEDIR@"
+#cmakedefine TRUST_ANCHOR_FILE          "@PATH_TRUST_ANCHOR_FILE@"
+#cmakedefine GETDNS_FN_RESOLVCONF       "@PATH_RESOLVCONF@"
+#cmakedefine GETDNS_FN_HOSTS            "@PATH_HOSTS@"
+
+#cmakedefine DNSSEC_ROADBLOCK_AVOIDANCE         1
+#cmakedefine HAVE_MDNS_SUPPORT			1
+#cmakedefine STUB_NATIVE_DNSSEC                 1
+#cmakedefine MAXIMUM_UPSTREAM_OPTION_SPACE      @MAXIMUM_UPSTREAM_OPTION_SPACE@
+#cmakedefine EDNS_PADDING_OPCODE                @EDNS_PADDING_OPCODE@
+#cmakedefine MAX_CNAME_REFERRALS                @MAX_CNAME_REFERRALS@
+#cmakedefine DRAFT_RRTYPES                      @DRAFT_RRTYPES@
+#cmakedefine EDNS_COOKIES			1
+#cmakedefine EDNS_COOKIE_OPCODE                 @EDNS_COOKIE_OPCODE@
+#cmakedefine EDNS_COOKIE_ROLLOVER_TIME          @EDNS_COOKIE_ROLLOVER_TIME@
+#cmakedefine UDP_MAX_BACKOFF			@MAX_UDP_BACKOFF@
+
+#cmakedefine HAVE_DECL_GETENTROPY       1
+#cmakedefine HAVE_DECL_INET_PTON        1
+#cmakedefine HAVE_DECL_INET_NTOP        1
+#cmakedefine HAVE_WIN_DECL_INET_PTON    1
+#cmakedefine HAVE_WIN_DECL_INET_NTOP    1
+#cmakedefine HAVE_DECL_MKSTEMP          1
+#cmakedefine HAVE_DECL_SIGEMPTYSET      1
+#cmakedefine HAVE_DECL_SIGFILLSET       1
+#cmakedefine HAVE_DECL_SIGADDSET        1
+#cmakedefine HAVE_DECL_STRPTIME         1
+
+#cmakedefine HAVE_DECL_TCP_FASTOPEN		1
+#cmakedefine HAVE_DECL_TCP_FASTOPEN_CONNECT	1
+#cmakedefine HAVE_DECL_MSG_FASTOPEN		1
+
+#if defined(HAVE_DECL_INET_PTON) || defined(HAVE_WIN_DECL_INET_PTON)
+#undef HAVE_DECL_INET_PTON
+#define HAVE_DECL_INET_PTON 1
+#endif
+#if defined(HAVE_DECL_INET_NTOP) || defined(HAVE_WIN_DECL_INET_NTOP)
+#undef HAVE_DECL_INET_NTOP
+#define HAVE_DECL_INET_NTOP 1
+#endif
+
+#cmakedefine HAVE_FCNTL		        1
+#cmakedefine HAVE_GETTIMEOFDAY		1
+#cmakedefine HAVE_IOCTLSOCKET		1
+#cmakedefine HAVE_SIGEMPTYSET           1
+#cmakedefine HAVE_SIGFILLSET            1
+#cmakedefine HAVE_SIGADDSET             1
+#cmakedefine HAVE_STRPTIME              1
+
+#cmakedefine HAVE_SIGSET_T              1
+#cmakedefine HAVE__SIGSET_T             1
+
+#cmakedefine HAVE_BSD_STDLIB_H		1
+#cmakedefine HAVE_BSD_STRING_H		1
+
+#cmakedefine HAVE_DECL_STRLCPY                  1
+#cmakedefine HAVE_DECL_ARC4RANDOM               1
+#cmakedefine HAVE_DECL_ARC4RANDOM_UNIFORM       1
+#cmakedefine HAVE_BSD_DECL_STRLCPY              1
+#cmakedefine HAVE_BSD_DECL_ARC4RANDOM           1
+#cmakedefine HAVE_BSD_DECL_ARC4RANDOM_UNIFORM   1
+
+#cmakedefine HAVE_STRLCPY               1
+#cmakedefine HAVE_ARC4RANDOM            1
+#cmakedefine HAVE_ARC4RANDOM_UNIFORM    1
+
+#cmakedefine HAVE_LIBUNBOUND		1
+#cmakedefine HAVE_UNBOUND_EVENT_H	1
+#cmakedefine HAVE_UNBOUND_EVENT_API	1
+#cmakedefine HAVE_UB_CTX_SET_STUB	1
+
+#cmakedefine HAVE_LIBIDN		1
+#cmakedefine HAVE_LIBIDN2		1
+
+#cmakedefine HAVE_NETTLE		1
+#cmakedefine HAVE_NETTLE_DSA_COMPAT_H	1
+#cmakedefine HAVE_NETTLE_EDDSA_H	1
+
+#cmakedefine HAVE_EVENT2_EVENT_H	1
+#cmakedefine HAVE_EVENT_BASE_NEW	1
+#cmakedefine HAVE_EVENT_BASE_FREE	1
+
+#cmakedefine DEFAULT_EVENTLOOP          "@DEFAULT_EVENTLOOP@"
+#cmakedefine USE_POLL_DEFAULT_EVENTLOOP 1
+
+#cmakedefine STRPTIME_WORKS		1
+
+#cmakedefine FD_SETSIZE			@FD_SETSIZE@
+
+#cmakedefine REQ_DEBUG			1
+#cmakedefine SCHED_DEBUG		1
+#cmakedefine STUB_DEBUG			1
+#cmakedefine DAEMON_DEBUG		1
+#cmakedefine SEC_DEBUG			1
+#cmakedefine SERVER_DEBUG		1
+#cmakedefine ANCHOR_DEBUG		1
+#cmakedefine KEEP_CONNECTIONS_OPEN_DEBUG  1
+
+#cmakedefine USE_SHA1			1
+#cmakedefine USE_SHA2			1
+#cmakedefine USE_GOST			1
+#cmakedefine USE_ECDSA			1
+#cmakedefine USE_DSA			1
+#cmakedefine USE_ED25519		1
+#cmakedefine USE_ED448			1
+
+#cmakedefine USE_OSX_TCP_FASTOPEN	1
+
+#cmakedefine HAVE_DECL_TCP_USER_TIMEOUT	1
+
+#cmakedefine HAVE_NEW_UV_TIMER_CB	1
+
+#cmakedefine HAVE_TARGET_ENDIANNESS
+#cmakedefine TARGET_IS_BIG_ENDIAN
+
+#cmakedefine HAVE___FUNC__		1
+
+#ifdef HAVE___FUNC__
+#define __FUNC__ __func__
+#else
+#define __FUNC__ __FUNCTION__
+#endif
+
+#ifdef GETDNS_ON_WINDOWS
+ /* On windows it is allowed to increase the FD_SETSIZE
+  * (and nescessary to make our custom eventloop work)
+  * See: https://support.microsoft.com/en-us/kb/111855
+  */
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE 1024
+# endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* the version of the windows API enabled */
+# ifndef WINVER
+#  define WINVER 0x0600 // 0x0502
+# endif
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0600 // 0x0502
+# endif
+# ifdef HAVE_WS2TCPIP_H
+#  include <ws2tcpip.h>
+# endif
+
+# ifdef _MSC_VER
+#  if _MSC_VER >= 1800
+#   define PRIsz "zu"
+#  else
+#   define PRIsz "Iu"
+#  endif
+#  include <BaseTsd.h>
+   typedef SSIZE_T ssize_t;
+# else
+#  define PRIsz "Iu"
+# endif
+
+# ifdef HAVE_WINSOCK2_H
+#  include <winsock2.h>
+# endif
+
+/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */
+# ifdef HAVE_WINSOCK2_H
+#  define FD_SET_T (u_int)
+# else
+#  define FD_SET_T
+# endif
+
+ /* Windows wants us to use _strdup instead of strdup */
+# ifndef strdup
+#  define strdup _strdup
+# endif
+
+/* Windows doesn't have strcasecmp and strncasecmp. */
+# define strcasecmp _stricmp
+# define strncasecmp _strnicmp
+#else
+# define PRIsz "zu"
+#endif
+
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+#ifdef HAVE_STDIO_H
+#include <stdio.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef HAVE_ASSERT_H
+#include <assert.h>
+#endif
+
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+
+#ifdef HAVE_STDLIB_H
+#include <stdlib.h>
+#endif
+
+#ifdef HAVE_STDDEF_H
+#include <stddef.h>
+#endif
+
+#ifdef HAVE_BSD_STDLIB_H
+#include <bsd/stdlib.h>
+#endif
+
+#ifdef HAVE_BSD_STRING_H
+#include <bsd/string.h>
+#endif
+
+#if !defined(HAVE_STRLCPY) || !HAVE_DECL_STRLCPY || !defined(strlcpy)
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#else
+#ifndef __BSD_VISIBLE
+#define __BSD_VISIBLE 1
+#endif
+#endif
+#if !defined(HAVE_ARC4RANDOM) || !HAVE_DECL_ARC4RANDOM
+uint32_t arc4random(void);
+#endif
+#if !defined(HAVE_ARC4RANDOM_UNIFORM) || !HAVE_DECL_ARC4RANDOM_UNIFORM
+uint32_t arc4random_uniform(uint32_t upper_bound);
+#endif
+#ifndef HAVE_ARC4RANDOM
+void explicit_bzero(void* buf, size_t len);
+int getentropy(void* buf, size_t len);
+void arc4random_buf(void* buf, size_t n);
+void _ARC4_LOCK(void);
+void _ARC4_UNLOCK(void);
+#endif
+#ifdef COMPAT_SHA512
+#ifndef SHA512_DIGEST_LENGTH
+#define SHA512_BLOCK_LENGTH             128
+#define SHA512_DIGEST_LENGTH            64
+#define SHA512_DIGEST_STRING_LENGTH     (SHA512_DIGEST_LENGTH * 2 + 1)
+typedef struct _SHA512_CTX {
+        uint64_t        state[8];
+        uint64_t        bitcount[2];
+        uint8_t buffer[SHA512_BLOCK_LENGTH];
+} SHA512_CTX;
+#endif /* SHA512_DIGEST_LENGTH */
+void SHA512_Init(SHA512_CTX*);
+void SHA512_Update(SHA512_CTX*, void*, size_t);
+void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
+unsigned char *SHA512(void* data, unsigned int data_len, unsigned char *digest);
+#endif /* COMPAT_SHA512 */
+
+#ifdef USE_WINSOCK
+# ifndef  _CUSTOM_VSNPRINTF
+#  define _CUSTOM_VSNPRINTF
+static inline int _gldns_custom_vsnprintf(char *str, size_t size, const char *format, va_list ap)
+{ int r = vsnprintf(str, size, format, ap); return r == -1 ? _vscprintf(format, ap) : r; }
+#  define vsnprintf _gldns_custom_vsnprintf
+# endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+/** Use on-board gldns */
+#define USE_GLDNS 1
+#ifdef HAVE_SSL
+#  define GLDNS_BUILD_CONFIG_HAVE_SSL 1
+#endif
+
+#ifdef HAVE_STDARG_H
+#include <stdarg.h>
+#endif
+
+#include <errno.h>
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef HAVE_SYS_SELECT_H
+#include <sys/select.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#ifdef HAVE_SIGNAL_H
+#include <signal.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef HAVE_INTTYPES_H
+#include <inttypes.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifdef HAVE_SYS_LIMITS_H
+#include <sys/limits.h>
+#endif
+
+#ifdef PATH_MAX
+#define _GETDNS_PATH_MAX PATH_MAX
+#else
+#define _GETDNS_PATH_MAX 2048
+#endif
+
+#ifndef PRIu64
+#define PRIu64 "llu"
+#endif
+
+#ifdef HAVE_ATTR_FORMAT
+#  define ATTR_FORMAT(archetype, string_index, first_to_check) \
+    __attribute__ ((format (archetype, string_index, first_to_check)))
+#else /* !HAVE_ATTR_FORMAT */
+#  define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */
+#endif /* !HAVE_ATTR_FORMAT */
+
+#if defined(DOXYGEN)
+#  define ATTR_UNUSED(x)  x
+#elif defined(__cplusplus)
+#  define ATTR_UNUSED(x)
+#elif defined(__GNUC__)
+#  define ATTR_UNUSED(x)  x __attribute__((unused))
+#else /* !HAVE_ATTR_UNUSED */
+#  define ATTR_UNUSED(x)  x
+#endif /* !HAVE_ATTR_UNUSED */
+
+#ifdef TIME_WITH_SYS_TIME
+# include <sys/time.h>
+# include <time.h>
+#else
+# ifdef HAVE_SYS_TIME_H
+#  include <sys/time.h>
+# else
+#  include <time.h>
+# endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if !defined(HAVE_STRPTIME) || !defined(STRPTIME_WORKS)
+#define strptime unbound_strptime
+struct tm;
+char *strptime(const char *s, const char *format, struct tm *tm);
+#endif
+
+#if !defined(HAVE_SIGSET_T) && defined(HAVE__SIGSET_T)
+typedef _sigset_t sigset_t;
+#endif
+#if !defined(HAVE_SIGEMPTYSET)
+#  define sigemptyset(pset)    (*(pset) = 0)
+#endif
+#if !defined(HAVE_SIGFILLSET)
+#  define sigfillset(pset)     (*(pset) = (sigset_t)-1)
+#endif
+#if !defined(HAVE_SIGADDSET)
+#  define sigaddset(pset, num) (*(pset) |= (1L<<(num)))
+#endif
+
+#ifdef HAVE_LIBUNBOUND
+# include <unbound.h>
+# ifdef HAVE_UNBOUND_EVENT_H
+#  include <unbound-event.h>
+# else
+#  ifdef HAVE_UNBOUND_EVENT_API
+#   ifndef _UB_EVENT_PRIMITIVES
+#    define _UB_EVENT_PRIMITIVES
+struct ub_event_base;
+struct ub_ctx* ub_ctx_create_ub_event(struct ub_event_base* base);
+typedef void (*ub_event_callback_t)(void*, int, void*, int, int, char*);
+int ub_resolve_event(struct ub_ctx* ctx, const char* name, int rrtype,
+        int rrclass, void* mydata, ub_event_callback_t callback, int* async_id);
+#   endif
+#  endif
+# endif
+#endif
+
+#ifndef HAVE_DECL_INET_PTON
+int inet_pton(int af, const char* src, void* dst);
+#endif
+
+#ifndef HAVE_DECL_INET_NTOP
+const char *inet_ntop(int af, const void *src, char *dst, size_t size);
+#endif
+
+#ifndef HAVE_DECL_MKSTEMP
+int mkstemp(char *template);
+#endif
+
+#ifndef HAVE_GETTIMEOFDAY
+int gettimeofday(struct timeval* tv, void* tz);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CONFIG_H */

cmake/include/getdns_shared_version.rc.in

@@ -0,0 +1,19 @@
+1 VERSIONINFO
+    FILEVERSION @version_current@,@version_revision@,@version_age@,0
+    PRODUCTVERSION @version_current@,@version_revision@,0,0
+    FILEOS 4
+    FILETYPE 2
+    FILESUBTYPE 0
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+        BLOCK "040904e4"
+        BEGIN
+            VALUE "CompanyName", "getdns project\0"
+            VALUE "ProductName", "getdns\0"
+            VALUE "FileVersion", "@version_current@.@version_revision@\0"
+            VALUE "ProductVersion", "@version_current@.@version_revision@\0"
+            VALUE "LegalCopyright", "NLnet Labs, Sinodun, No Mountain Software. New BSD licence.\0"
+        END
+    END
+END

cmake/modules/FindCheck.cmake

@@ -0,0 +1,114 @@
+#[=======================================================================[.rst:
+FindCheck
+--------
+
+Find the Check (Unit Testing Framework for C) library
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Check::Check``
+  The Check library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Check_FOUND``
+  If false, do not try to use Check.
+``CHECK_INCLUDE_DIR``
+  where to find check.h, etc.
+``CHECK_LIBRARIES``
+  the libraries needed to use Check.
+``CHECK_VERSION``
+  the version of the Check library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+    pkg_check_modules(PkgCheck IMPORTED_TARGET GLOBAL check)
+endif ()
+
+if (PkgCheck_FOUND)
+  set(CHECK_INCLUDE_DIR ${PkgCheck_INCLUDE_DIRS} CACHE FILEPATH "check include path")
+  set(CHECK_LIBRARIES ${PkgCheck_LIBRARIES} CACHE STRING "check libraries")
+  set(CHECK_VERSION ${PkgCheck_VERSION})
+  add_library(Check::Check ALIAS PkgConfig::PkgCheck)
+  set(Check_FOUND ON)
+else ()
+  find_path(CHECK_INCLUDE_DIR check.h
+    HINTS
+    "${CHECK_DIR}"
+    "${CHECK_DIR}/include"
+    )
+
+  # Check for PIC and non-PIC libraries. If PIC present, use that
+  # in preference (as per Debian check.pc).
+  find_library(CHECK_LIBRARY NAMES check_pic libcheck_pic
+    HINTS
+    "${CHECK_DIR}"
+    "${CHECK_DIR}/lib"
+    )
+
+  if (NOT CHECK_LIBRARY)
+    find_library(CHECK_LIBRARY NAMES check libcheck
+      HINTS
+      "${CHECK_DIR}"
+      "${CHECK_DIR}/lib"
+      )
+  endif ()
+
+  set(_CHECK_LIBARIES "")
+
+  # Check may need the math, subunit and rt libraries on Unix
+  if (UNIX)
+    find_library(CHECK_MATH_LIBRARY m)
+    find_library(CHECK_RT_LIBRARY rt)
+    find_library(CHECK_SUBUNIT_LIBRARY subunit)
+
+    if (CHECK_MATH_LIBRARY)
+      list(APPEND _CHECK_LIBARIES "${CHECK_MATH_LIBRARY}")
+    endif ()
+    if (CHECK_RT_LIBRARY)
+      list(APPEND _CHECK_LIBARIES "${CHECK_RT_LIBRARY}")
+    endif ()
+    if (CHECK_SUBUNIT_LIBRARY)
+      list(APPEND _CHECK_LIBARIES "${CHECK_SUBUNIT_LIBRARY}")
+    endif ()
+  endif()
+
+  set(CHECK_LIBRARIES ${_CHECK_LIBARIES} ${CHECK_LIBRARY} CACHE STRING "check libraries")
+
+  if (CHECK_INCLUDE_DIR AND CHECK_LIBRARY)
+    if (NOT TARGET Check::Check)
+      add_library(Check::Check UNKNOWN IMPORTED)
+      set_target_properties(Check::Check PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${CHECK_INCLUDE_DIR}"
+        INTERFACE_LINK_LIBRARIES "${CHECK_LIBRARIES}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${CHECK_LIBRARY}"
+        )
+    endif ()
+
+    if (NOT CHECK_VERSION AND CHECK_INCLUDE_DIR AND EXISTS "${CHECK_INCLUDE_DIR}/check.h")
+      file(STRINGS "${CHECK_INCLUDE_DIR}/check.h" CHECK_H REGEX "^#define CHECK_M[A-Z]+_VERSION")
+      string(REGEX REPLACE "^.*\(([0-9]+)\).*\(([0-9]+)\).*\(([0-9]+)\).*$" "\\1.\\2.\\3" CHECK_VERSION "${CHECK_H}")
+    endif ()
+  endif()
+
+  list(APPEND CHECK_LIBRARIES "${CHECK_LIBRARY}")
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Check
+    REQUIRED_VARS CHECK_LIBRARIES CHECK_INCLUDE_DIR
+    VERSION_VAR CHECK_VERSION
+    )
+
+endif()
+
+mark_as_advanced(CHECK_INCLUDE_DIR CHECK_LIBRARIES CHECK_LIBRARY
+  CHECK_MATH_LIBRARY CHECK_RT_LIBRARY CHECK_SUBUNIT_LIBRARY)

cmake/modules/FindGnuTLS.cmake

@@ -0,0 +1,101 @@
+#[=======================================================================[.rst:
+FindGnuTLS
+----------
+
+Find the GnuTLS library.
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``GnuTLS::GnuTLS``
+  The GnuTLS library, if found.
+``GnuTLS::Dane``
+  The GnuTLS DANE library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``GnuTLS_FOUND``
+  If false, do not try to use GnuTLS.
+``GNUTLS_INCLUDE_DIR``
+  where to find GnuTLS headers.
+``GNUTLS_LIBRARIES``
+  the libraries needed to use GnuTLS.
+``GNUTLS_VERSION``
+  the version of the GnuTLS library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+  pkg_check_modules(PkgGnuTLS IMPORTED_TARGET GLOBAL QUIET gnutls)
+  pkg_check_modules(PkgGnuTLSDane IMPORTED_TARGET GLOBAL QUIET gnutls-dane)
+endif ()
+
+if (PkgGnuTLS_FOUND AND PkgGnuTLSDane_FOUND)
+  set(GNUTLS_INCLUDE_DIR ${PkgGnuTLS_INCLUDE_DIRS} $PkgGnuTLSDane_INCLUDE_DIRS} CACHE FILEPATH "GnuTLS include path")
+  set(NETTLE_LIBRARIES ${PkgGnuTLS_LIBRARIES} ${PkgGnuTLSDane_LIBRARIES} CACHE STRING "GnuTLS libraries")
+  set(NETTLE_VERSION ${PkgGnuTLS_VERSION})
+  add_library(GnuTLS::GnuTLS ALIAS PkgConfig::PkgGnuTLS)
+  add_library(GnuTLS::Dane ALIAS PkgConfig::PkgGnuTLSDane)
+  set(GnuTLS_FOUND ON)
+else ()
+  find_path(GNUTLS_INCLUDE_DIR gnutls/gnutls.h
+    HINTS
+    "${GNUTLS_DIR}"
+    "${GNUTLS_DIR}/include"
+  )
+  
+  find_library(GNUTLS_LIBRARY NAMES gnutls libgnutls
+    HINTS
+    "${GNUTLS_DIR}"
+    "${GNUTLS_DIR}/lib"
+  )
+  
+  find_library(GNUTLS_DANE_LIBRARY NAMES gnutls-dane libgnutls-dane
+    HINTS
+    "${GNUTLS_DIR}"
+    "${GNUTLS_DIR}/lib"
+  )
+  
+  set(_GNUTLS_LIBRARIES "")
+  
+  if (GNUTLS_INCLUDE_DIR AND GNUTLS_LIBRARY AND GNUTLS_DANE_LIBRARY)
+    if (NOT TARGET GnuTLS::GnuTLS)
+      add_library(GnuTLS::GnuTLS UNKNOWN IMPORTED)
+      set_target_properties(GnuTLS::GnuTLS PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${GNUTLS_LIBRARY}"
+        )
+    endif ()
+    if (NOT TARGET GnuTLS::Dane)
+      add_library(GnuTLS::Dane UNKNOWN IMPORTED)
+      set_target_properties(GnuTLS::Dane PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${GNUTLS_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${GNUTLS_DANE_LIBRARY}"
+        )
+    endif ()
+  
+    if (NOT GNUTLS_VERSION AND GNUTLS_INCLUDE_DIR)
+      file(STRINGS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" GNUTLS_VER_H REGEX "^#define GNUTLS_VERSION_(MAJOR|MINOR|PATCH) ")
+      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3c" GNUTLS_VERSION "${GNUTLS_VER_H}")
+    endif ()
+  endif ()
+  
+  list(APPEND _GNUTLS_LIBRARIES "${GNUTLS_LIBRARY}" "${GNUTLS_DANE_LIBRARY}")
+  set(GNUTLS_LIBRARIES ${_GNUTLS_LIBRARIES} CACHE STRING "GnuTLS libraries")
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(GnuTLS
+    REQUIRED_VARS GNUTLS_LIBRARIES GNUTLS_INCLUDE_DIR
+    VERSION_VAR GNUTLS_VERSION
+    )
+endif ()
+
+mark_as_advanced(GNUTLS_INCLUDE_DIR GNUTLS_LIBRARIES GNUTLS_LIBRARY GNUTLS_DANE_LIBRARY)

cmake/modules/FindLibev.cmake

@@ -0,0 +1,63 @@
+#[=======================================================================[.rst:
+FindLibev
+---------
+
+Find the Libev library.
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Libev::Libev``
+  The Libev library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Libev_FOUND``
+  If false, do not try to use Libev.
+``LIBEV_INCLUDE_DIR``
+  where to find libev headers.
+``LIBEV_LIBRARIES``
+  the libraries needed to use Libev.
+``LIBEV_VERSION``
+  the version of the Libev library found
+
+#]=======================================================================]
+
+find_path(LIBEV_INCLUDE_DIR ev.h
+  HINTS
+  "${LIBEV_DIR}"
+  "${LIBEV_DIR}/include"
+)
+
+find_library(LIBEV_LIBRARY NAMES ev libev
+  HINTS
+  "${LIBEV_DIR}"
+  "${LIBEV_DIR}/lib"
+)
+
+set(LIBEV_LIBRARIES "")
+
+if (LIBEV_INCLUDE_DIR AND LIBEV_LIBRARY)
+  if (NOT TARGET Libev::Libev)
+    add_library(Libev::Libev UNKNOWN IMPORTED)
+    set_target_properties(Libev::Libev PROPERTIES
+      INTERFACE_INCLUDE_DIRECTORIES "${LIBEV_INCLUDE_DIR}"
+      IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+      IMPORTED_LOCATION "${LIBEV_LIBRARY}"
+      )
+  endif ()
+endif()
+
+list(APPEND LIBEV_LIBRARIES "${LIBEV_LIBRARY}")
+
+include(FindPackageHandleStandardArgs)
+find_package_handle_standard_args(Libev
+  REQUIRED_VARS LIBEV_LIBRARIES LIBEV_INCLUDE_DIR
+  )
+
+mark_as_advanced(LIBEV_INCLUDE_DIR LIBEV_LIBRARIES LIBEV_LIBRARY)

cmake/modules/FindLibevent2.cmake

@@ -0,0 +1,78 @@
+#[=======================================================================[.rst:
+FindLibevent2
+-------------
+
+Find the Libevent2 library. For now this finds the core library only.
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Libevent2::Libevent_core``
+  The Libevent2 library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Libevent2_FOUND``
+  If false, do not try to use Libevent2.
+``LIBEVENT2_INCLUDE_DIR``
+  where to find libevent headers.
+``LIBEVENT2_LIBRARIES``
+  the libraries needed to use Libevent2.
+``LIBEVENT2_VERSION``
+  the version of the Libevent2 library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+    pkg_check_modules(PkgLibevent IMPORTED_TARGET GLOBAL QUIET libevent>=2)
+endif ()
+
+if (PkgLibevent_FOUND)
+  set(LIBEVENT2_INCLUDE_DIR ${PkgLibevent_INCLUDE_DIRS} CACHE FILEPATH "libevent2 include path")
+  set(LIBEVENT2_LIBRARIES ${PkgLibevent_LIBRARIES} CACHE STRING "libevent2 libraries")
+  set(LIBEVENT2_VERSION ${PkgLibevent_VERSION})
+  add_library(Libevent2::Libevent_core ALIAS PkgConfig::PkgLibevent)
+  set(Libevent2_FOUND ON)
+else ()
+  find_path(LIBEVENT2_INCLUDE_DIR event2/event.h
+    HINTS
+    "${LIBEVENT2_DIR}"
+    "${LIBEVENT2_DIR}/include"
+  )
+  
+  find_library(LIBEVENT2_LIBRARIES NAMES event_core libevent_core
+    HINTS
+    "${LIBEVENT2_DIR}"
+    "${LIBEVENT2_DIR}/lib"
+  )
+  
+  if (LIBEVENT2_INCLUDE_DIR AND LIBEVENT2_LIBRARIES)
+    if (NOT TARGET Libevent2::Libevent_core)
+      add_library(Libevent2::Libevent_core UNKNOWN IMPORTED)
+      set_target_properties(Libevent2::Libevent_core PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${LIBEVENT2_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${LIBEVENT2_LIBRARIES}"
+        )
+    endif ()
+  
+    if (NOT LIBEVENT2_VERSION AND LIBEVENT2_INCLUDE_DIR AND EXISTS "${LIBEVENT2_INCLUDE_DIR}/event2/event.h")
+      file(STRINGS "${LIBEVENT2_INCLUDE_DIR}/event2/event-config.h" LIBEVENT2_H REGEX "^#define _?EVENT_+VERSION ")
+      string(REGEX REPLACE "^.*EVENT_+VERSION \"([^\"]+)\".*$" "\\1" LIBEVENT2_VERSION "${LIBEVENT2_H}")
+    endif ()
+  endif ()
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Libevent2
+    REQUIRED_VARS LIBEVENT2_LIBRARIES LIBEVENT2_INCLUDE_DIR
+    VERSION_VAR LIBEVENT2_VERSION
+  )
+endif ()
+
+mark_as_advanced(LIBEVENT2_INCLUDE_DIR LIBEVENT2_LIBRARIES)

cmake/modules/FindLibidn2.cmake

@@ -0,0 +1,77 @@
+#[=======================================================================[.rst:
+FindLibidn2
+-----------
+
+Find the Libidn2 library
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Libidn2::Libidn2``
+  The Libidn2 library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Libidn2_FOUND``
+  If false, do not try to use Libidn2.
+``LIBIDN2_INCLUDE_DIR``
+  where to find libidn2 headers.
+``LIBIDN2_LIBRARIES``
+  the libraries needed to use Libidn2.
+``LIBIDN2_VERSION``
+  the version of the Libidn2 library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+    pkg_check_modules(PkgLibIdn2 IMPORTED_TARGET GLOBAL libidn2)
+endif ()
+
+if (PkgLibIdn2_FOUND)
+  set(LIBIDN2_INCLUDE_DIR ${PkgLibIdn2_INCLUDE_DIRS} CACHE FILEPATH "libidn2 include path")
+  set(LIBIDN2_LIBRARIES ${PkgLibIdn2_LIBRARIES} CACHE STRING "libidn2 libraries")
+  set(LIBIDN2_VERSION ${PkgLibIdn2_VERSION})
+  add_library(Libidn2::Libidn2 ALIAS PkgConfig::PkgLibIdn2)
+  set(Libidn2_FOUND ON)
+else ()
+  find_path(LIBIDN2_INCLUDE_DIR idn2.h
+    HINTS
+      "${LIBIDN2_DIR}"
+      "${LIBIDN2_DIR}/include"
+  )
+
+  find_library(LIBIDN2_LIBRARIES NAMES idn2 libidn2
+    HINTS
+      "${LIBIDN2_DIR}"
+      "${LIBIDN2_DIR}/lib"
+  )
+
+  if (LIBIDN2_INCLUDE_DIR AND LIBIDN2_LIBRARIES)
+    if (NOT TARGET Libidn2::Libidn2)
+      add_library(Libidn2::Libidn2 UNKNOWN IMPORTED)
+      set_target_properties(Libidn2::Libidn2 PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${LIBIDN2_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${LIBIDN2_LIBRARIES}"
+      )
+    endif ()
+
+    if (NOT LIBIDN2_VERSION AND LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/idn2.h")
+      file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" LIBIDN2_H REGEX "^[ \t]*#[ \t]*define[ \t]+IDN2_VERSION[ \t]")
+      string(REGEX REPLACE "^.*IDN2_VERSION[ \t]+\"([0-9.]+)\".*$" "\\1" LIBIDN2_VERSION "${LIBIDN2_H}")
+    endif ()
+  endif ()
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Libidn2
+    REQUIRED_VARS LIBIDN2_LIBRARIES LIBIDN2_INCLUDE_DIR
+    VERSION_VAR LIBIDN2_VERSION
+  )
+endif ()
+
+mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARIES)

cmake/modules/FindLibunbound.cmake

@@ -0,0 +1,104 @@
+#[=======================================================================[.rst:
+FindLibunbound
+--------------
+
+Find the Libunbound library
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Libunbound::Libunbound``
+  The Libunbound library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Libunbound_FOUND``
+  If false, do not try to use Libunbound.
+``LIBUNBOUND_INCLUDE_DIR``
+  where to find libunbound headers.
+``LIBUNBOUND_LIBRARIES``
+  the libraries needed to use Libunbound.
+``LIBUNBOUND_VERSION``
+  the version of the Libunbound library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+  pkg_check_modules(PkgLibunbound IMPORTED_TARGET GLOBAL QUIET libunbound)
+endif ()
+
+if (PkgLibunbound_FOUND)
+  set(LIBUNBOUND_INCLUDE_DIR ${PkgLibunbound_INCLUDE_DIRS} CACHE FILEPATH "libunbound include path")
+  set(LIBUNBOUND_LIBRARIES ${PkgLibunbound_LIBRARIES} CACHE STRING "libunbound libraries")
+  set(LIBUNBOUND_VERSION ${PkgLibunbound_VERSION})
+  add_library(Libunbound::Libunbound ALIAS PkgConfig::PkgLibunbound)
+  set(Libunbound_FOUND ON)
+else ()
+  find_path(LIBUNBOUND_INCLUDE_DIR unbound.h
+    HINTS
+    "${LIBUNBOUND_DIR}"
+    "${LIBUNBOUND_DIR}/include"
+  )
+  
+  find_library(LIBUNBOUND_LIBRARY NAMES unbound
+    HINTS
+    "${LIBUNBOUND_DIR}"
+    "${LIBUNBOUND_DIR}/lib"
+  )
+  
+  set(_LIBUNBOUND_LIBRARIES "")
+  
+  if (UNIX)
+    find_package(Threads REQUIRED)
+    find_package(OpenSSL REQUIRED)
+  
+    list(APPEND _LIBUNBOUND_LIBRARIES "${CMAKE_THREAD_LIBS_INIT}")
+    list(APPEND _LIBUNBOUND_LIBRARIES "${OPENSSL_LIBRARIES}")
+  endif()
+  
+  if (LIBUNBOUND_INCLUDE_DIR AND LIBUNBOUND_LIBRARY)
+    if (NOT TARGET Libunbound::Libunbound)
+      add_library(Libunbound::Libunbound UNKNOWN IMPORTED)
+      set_target_properties(Libunbound::Libunbound PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${LIBUNBOUND_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${LIBUNBOUND_LIBRARY}"
+        )
+  
+      if(UNIX AND TARGET Threads::Threads)
+        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
+          INTERFACE_LINK_LIBRARIES Threads::Threads)
+      endif ()
+      if(UNIX AND TARGET OpenSSL::SSL)
+        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
+          INTERFACE_LINK_LIBRARIES OpenSSL::SSL)
+      endif ()
+      if(UNIX AND TARGET OpenSSL::Crypto)
+        set_property(TARGET Libunbound::Libunbound APPEND PROPERTY
+          INTERFACE_LINK_LIBRARIES OpenSSL::Crypto)
+      endif ()
+    endif ()
+  
+    if (NOT LIBUNBOUND_VERSION AND LIBUNBOUND_INCLUDE_DIR AND EXISTS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h")
+      file(STRINGS "${LIBUNBOUND_INCLUDE_DIR}/unbound.h" LIBUNBOUND_H REGEX "^#define UNBOUND_VERSION_M[A-Z]+")
+      string(REGEX REPLACE "^.*MAJOR ([0-9]+).*MINOR ([0-9]+).*MICRO ([0-9]+).*$" "\\1.\\2.\\3" LIBUNBOUND_VERSION "${LIBUNBOUND_H}")
+    endif ()
+  endif ()
+  
+  list(APPEND _LIBUNBOUND_LIBRARIES "${LIBUNBOUND_LIBRARY}")
+  set(LIBUNBOUND_LIBRARIES ${_LIBUNBOUND_LIBRARIES} CACHE STRING "libunbound libraries")
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Libunbound
+    REQUIRED_VARS LIBUNBOUND_LIBRARIES LIBUNBOUND_INCLUDE_DIR
+    VERSION_VAR LIBUNBOUND_VERSION
+    )
+endif ()
+
+mark_as_advanced(LIBUNBOUND_INCLUDE_DIR LIBUNBOUND_LIBRARIES LIBUNBOUND_LIBRARY)

cmake/modules/FindLibuv.cmake

@@ -0,0 +1,82 @@
+#[=======================================================================[.rst:
+FindLibuv
+---------
+
+Find the Libuv library.
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Libuv::Libuv``
+  The Libuv library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Libuv_FOUND``
+  If false, do not try to use Libuv.
+``LIBUV_INCLUDE_DIR``
+  where to find libuv headers.
+``LIBUV_LIBRARIES``
+  the libraries needed to use Libuv.
+``LIBUV_VERSION``
+  the version of the Libuv library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if (PKG_CONFIG_FOUND)
+  pkg_check_modules(PkgLibuv IMPORTED_TARGET GLOBAL libuv)
+endif ()
+
+if (PkgLibuv_FOUND)
+  set(LIBUV_INCLUDE_DIR ${PkgLibuv_INCLUDE_DIRS} CACHE FILEPATH "libuv include path")
+  set(LIBUV_LIBRARIES ${PkgLibuv_LIBRARIES} CACHE STRING "libuv libraries")
+  set(LIBUV_VERSION ${PkgLibuv_VERSION})
+  add_library(Libuv::Libuv ALIAS PkgConfig::PkgLibuv)
+  set(Libuv_FOUND ON)
+else ()
+  find_path(LIBUV_INCLUDE_DIR uv.h
+    HINTS
+    "${LIBUV_DIR}"
+    "${LIBUV_DIR}/include"
+  )
+  
+  find_library(LIBUV_LIBRARIES NAMES uv libuv
+    HINTS
+    "${LIBUV_DIR}"
+    "${LIBUV_DIR}/lib"
+  )
+  
+  if (LIBUV_INCLUDE_DIR AND LIBUV_LIBRARIES)
+    if (NOT TARGET Libuv::Libuv)
+      add_library(Libuv::Libuv UNKNOWN IMPORTED)
+      set_target_properties(Libuv::Libuv PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${LIBUV_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${LIBUV_LIBRARIES}"
+        )
+    endif ()
+  
+    if (NOT LIBUV_VERSION AND LIBUV_INCLUDE_DIR)
+      if (EXISTS "${LIBUV_INCLUDE_DIR}/uv-version.h")
+        file(STRINGS "${LIBUV_INCLUDE_DIR}/uv-version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
+      elseif (EXISTS "${LIBUV_INCLUDE_DIR}/uv/version.h")
+        file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" LIBUV_VER_H REGEX "^#define UV_VERSION_(MAJOR|MINOR|PATCH) ")
+      endif ()
+      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*_PATCH ([0-9]+).*$" "\\1.\\2.\\3" LIBUV_VERSION "${LIBUV_VER_H}")
+    endif ()
+  endif ()
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Libuv
+    REQUIRED_VARS LIBUV_LIBRARIES LIBUV_INCLUDE_DIR
+    VERSION_VAR LIBUV_VERSION
+  )
+endif ()
+
+mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARIES)

cmake/modules/FindNettle.cmake

@@ -0,0 +1,111 @@
+#[=======================================================================[.rst:
+FindNettle
+----------
+
+Find the Nettle library.
+
+Imported targets
+^^^^^^^^^^^^^^^^
+
+This module defines the following :prop_tgt:`IMPORTED` targets:
+
+``Nettle::Nettle``
+  The Nettle library, if found.
+``Nettle::Hogweed``
+  The Hogweed library, if found.
+
+Result variables
+^^^^^^^^^^^^^^^^
+
+This module will set the following variables in your project:
+
+``Nettle_FOUND``
+  If false, do not try to use Nettle.
+``NETTLE_INCLUDE_DIR``
+  where to find Nettle headers.
+``NETTLE_LIBRARIES``
+  the libraries needed to use Nettle.
+``NETTLE_VERSION``
+  the version of the Nettle library found
+
+#]=======================================================================]
+
+find_package(PkgConfig QUIET)
+if(PKG_CONFIG_FOUND)
+  pkg_check_modules(PkgNettle IMPORTED_TARGET GLOBAL nettle)
+  pkg_check_modules(PkgHogweed IMPORTED_TARGET GLOBAL QUIET hogweed)
+endif()
+
+if(PkgNettle_FOUND AND PkHogweed_FOUND)
+  set(NETTLE_INCLUDE_DIR ${PkgNettle_INCLUDE_DIRS} ${PkgHogweed_INCLUDE_DIRS} CACHE FILEPATH "Nettle include path")
+  set(NETTLE_LIBRARIES ${PkgNettle_LIBRARIES} ${PkgHogweed_LIBRARIES} CACHE STRING "Nettle libraries")
+  set(NETTLE_VERSION ${PkgNettle_VERSION})
+  add_library(Nettle::Nettle ALIAS PkgConfig::PkgNettle)
+  add_library(Nettle::Hogweed ALIAS PkgConfig::PkgHogweed)
+  set(Nettle_FOUND ON)
+else()
+  find_path(NETTLE_INCLUDE_DIR nettle/version.h
+    HINTS
+    "${NETTLE_DIR}"
+    "${NETTLE_DIR}/include"
+  )
+  
+  find_library(NETTLE_LIBRARY NAMES nettle libnettle
+    HINTS
+    "${NETTLE_DIR}"
+    "${NETTLE_DIR}/lib"
+  )
+  
+  find_library(HOGWEED_LIBRARY NAMES hogweed libhogweed
+    HINTS
+    "${NETTLE_DIR}"
+    "${NETTLE_DIR}/lib"
+  )
+
+  set(_NETTLE_LIBRARIES ${NETTLE_LIBRARY} ${HOGWEED_LIBRARY})
+  
+  # May need gmp library on Unix.
+  if (UNIX)
+    find_library(NETTLE_GMP_LIBRARY gmp)
+  endif ()
+  if (NETTLE_GMP_LIBRARY)
+    list(APPEND _NETTLE_LIBRARIES "${NETTLE_GMP_LIBRARY}")
+ endif ()
+  set(NETTLE_LIBRARIES ${_NETTLE_LIBRARIES} CACHE STRING "nettle libraries")
+
+  
+  if (NETTLE_INCLUDE_DIR AND NETTLE_LIBRARY AND HOGWEED_LIBRARY)
+    if (NOT TARGET Nettle::Nettle)
+      add_library(Nettle::Nettle UNKNOWN IMPORTED)
+      set_target_properties(Nettle::Nettle PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
+        INTERFACE_LINK_LIBRARIES "${NETTLE_LIBRARIES}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${NETTLE_LIBRARY}"
+        )
+    endif ()
+    if (NOT TARGET Nettle::Hogweed)
+      add_library(Nettle::Hogweed UNKNOWN IMPORTED)
+      set_target_properties(Nettle::Hogweed PROPERTIES
+        INTERFACE_INCLUDE_DIRECTORIES "${NETTLE_INCLUDE_DIR}"
+        IMPORTED_LINK_INTERFACE_LANGUAGES "C"
+        IMPORTED_LOCATION "${HOGWEED_LIBRARY}"
+        )
+    endif ()
+  
+    if (NOT NETTLE_VERSION AND NETTLE_INCLUDE_DIR)
+      file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" NETTLE_VER_H REGEX "^#define NETTLE_VERSION_(MAJOR|MINOR) ")
+      string(REGEX REPLACE "^.*_MAJOR ([0-9]+).*_MINOR ([0-9]+).*$" "\\1.\\2" NETTLE_VERSION "${NETTLE_VER_H}")
+    endif ()
+  endif()
+  
+  list(APPEND NETTLE_LIBRARIES "${NETTLE_LIBRARY}" "${HOGWEED_LIBRARY}")
+
+  include(FindPackageHandleStandardArgs)
+  find_package_handle_standard_args(Nettle
+    REQUIRED_VARS NETTLE_LIBRARIES NETTLE_INCLUDE_DIR
+    VERSION_VAR NETTLE_VERSION
+  )
+endif()
+
+mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARIES NETTLE_LIBRARY HOGWEED_LIBRARY NETTLE_GMP_LIBRARY)

cmake/modules/TargetSharedLibraryExports.cmake

@@ -0,0 +1,27 @@
+# Export only named entry points from shared library.
+function(target_shared_library_exports lib libname symbols)
+  if (WIN32)
+    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" "LIBRARY ${libname}\n  EXPORTS\n")
+    foreach (symbol IN LISTS symbols)
+      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def" "    ${symbol}\n")
+    endforeach ()
+    target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.def")
+  elseif (APPLE)
+    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "")
+    foreach (symbol IN LISTS symbols)
+      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms" "_${symbol}\n")
+    endforeach ()
+    target_sources(${lib} PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.syms")
+    target_link_libraries(${lib} PRIVATE "-exported_symbols_list ${libname}.syms")
+  elseif (UNIX)
+    # Assume GNU ld.
+    file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "{ global:\n")
+    foreach (symbol IN LISTS symbols)
+      file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "  ${symbol};\n")
+    endforeach ()
+    file(APPEND "${CMAKE_CURRENT_BINARY_DIR}/${libname}.ver" "local:\n  *;\n};\n")
+    target_link_libraries(${lib} PRIVATE "-Wl,--version-script=${libname}.ver")
+  else ()
+    message(WARNING "Unknown platform, ${lib} exports not set.")
+  endif ()
+endfunction ()

cmake/modules/TargetSharedLibraryVersion.cmake

@@ -0,0 +1,25 @@
+# Add version to given shared library linkage.
+function(target_shared_library_version lib version_current version_revision version_age)
+  if (APPLE)
+    # Follow libtool. Add one to major version, as version 0 doesn't work.
+    # But tag dynlib name with current-age.
+    math(EXPR major_version "${version_current}+1")
+    math(EXPR dynlib_version "${version_current}-${version_age}")
+    set_target_properties(${lib} PROPERTIES VERSION "${dynlib_version}")
+    target_link_libraries(${lib} PRIVATE "-compatibility_version ${major_version}")
+    target_link_libraries(${lib} PRIVATE "-current_version ${major_version}.${version_revision}")
+  elseif (UNIX OR MINGW OR MSYS OR CYGWIN)
+    # Assume GNU ld, and again follow libtool. Major version is current-age.
+    math(EXPR compat_version "${version_current}-${version_age}")
+    set_target_properties(${lib} PROPERTIES VERSION "${compat_version}.${version_age}.${version_revision}" SOVERSION "${compat_version}")
+  elseif (WIN32)
+    set(rc_template "${CMAKE_CURRENT_SOURCE_DIR}/cmake/include/${lib}_version.rc.in")
+    if (EXISTS ${rc_template})
+      configure_file(${rc_template} ${lib}.rc @ONLY)
+      target_sources(${lib} PRIVATE ${lib}.rc)
+    endif ()
+    target_link_libraries(${lib} PRIVATE "-VERSION:${version_current}.${version_revision}")
+  else ()
+    message(WARNING "Unknown platform, ${lib} will not be versioned.")
+  endif ()
+endfunction ()

cmake/tests/test___func__.c

@@ -0,0 +1,4 @@
+int main (int ac, char *av[])
+{
+	char *s = __func__;
+}

cmake/tests/test_poll.c

@@ -0,0 +1,11 @@
+#ifdef HAVE_SYS_POLL_H
+#include <sys/poll.h>
+#else
+#include <poll.h>
+#endif
+
+int main (int ac, char *av[])
+{
+    int rc;
+    rc = poll((struct pollfd *)(0), 0, 0);
+}

cmake/tests/test_uv_cb.c

@@ -0,0 +1,12 @@
+#include <uv.h>
+
+void test_cb(uv_timer_t *handle)
+{
+    (void) handle;
+}
+
+int main(int ac, char *av[])
+{
+    uv_timer_cb cb = test_cb;
+    (*cb)(0);
+}

doc/Makefile.in

@@ -1,93 +0,0 @@
-#
-# @configure_input@
-#
-#
-# Copyright (c) 2013, Verisign, Inc., NLnet Labs
-# All rights reserved.
-# 
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the names of the copyright holders nor the
-#   names of its contributors may be used to endorse or promote products
-#   derived from this software without specific prior written permission.
-# 
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package = @PACKAGE_NAME@
-version = @PACKAGE_VERSION@
-tarname = @PACKAGE_TARNAME@
-distdir = $(tarname)-$(version)
-
-api_version = @API_VERSION@
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-bindir = @bindir@
-# datarootdir is here to please some checkers
-datarootdir=@datarootdir@
-mandir = @mandir@
-INSTALL = @INSTALL@
-
-srcdir = @srcdir@
-VPATH = @srcdir@
-
-EDITS=-e 's/@''version@/$(version)/g'
-DOXYGEN = @DOXYGEN@
-
-DOCDIRS = html latex man
-MANPAGES3 = libgetdns.3 getdns_address.3 getdns_cancel_callback.3 getdns_context.3 getdns_context_set.3 getdns_context_set_context_update_callback.3 getdns_convert.3 getdns_dict.3 getdns_dict_get.3 getdns_dict_set.3 getdns_display_ip_address.3 getdns_general.3 getdns_hostname.3 getdns_list.3 getdns_list_get.3 getdns_list_set.3 getdns_pretty_print_dict.3 getdns_root_trust_anchor.3 getdns_service.3 getdns_validate_dnssec.3 
-
-default: all
-
-all: doc
-
-doc: 	$(MANPAGES3)
-	if test x_$(DOXYGEN) != x_ ; then cd ../src; doxygen; fi
-
-.SUFFIXES: .3.in .3
-.3.in.3:
-	sed $(EDITS) -e "s/@date@/$(api_version)/g" $< > $@
-
-# we assume that we want a separate file for each "name" specified for each man page
-# and consider these "alternate names" simple copies of the main man page
-install:	$(MANPAGES3)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man3
-	for x in $(MANPAGES3); do echo $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$x $(DESTDIR)$(mandir)/man3; for altpg in $$($(srcdir)/manpgaltnames $$x); do cp $$x $$altpg; echo $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; $(INSTALL) -m 644 $$altpg $(DESTDIR)$(mandir)/man3; done; done
-
-check: $(MANPAGES3)
-	for x in $(MANPAGES3); do LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 -Z $$x 2>&1 >/dev/null | awk "-vpage=$$x" '{printf("%s: ", page);print}'; if ! lexgrog $$x >/dev/null 2>&1 ; then echo $$x: manpage-has-bad-whatis-entry; fi; done
-
-uninstall:
-	for x in $(MANPAGES3); do echo rm -f $(DESTDIR)$(mandir)/man3/$$x; rm -f $(DESTDIR)$(mandir)/man3/$$x; for altpg in $$($(srcdir)/manpgaltnames $$x); do echo rm -f $(DESTDIR)$(mandir)/man3/$$altpg;  rm -f $(DESTDIR)$(mandir)/man3/$$altpg; done; done
-
-clean:
-	for x in $(MANPAGES3); do rm -f $$($(srcdir)/manpgaltnames $$x); done
-	rm -f tagfile
-	rm -rf $(DOCDIRS) $(MANPAGES3)
-
-distclean : clean
-	rm -f Makefile config.status config.log
-	rm -Rf autom4te.cache
-
-Makefile: Makefile.in ../config.status
-	cd .. && ./config.status $@
-
-configure.status: configure
-	cd .. && ./config.status --recheck
-
-.PHONY: clean $(DOC)

doc/getdns_general.3.in

@@ -76,7 +76,7 @@ getdns_dict **response)
 The getdns_general(3) and getdns_general_sync functions provide public entry
 points into the getdns API library to retrieve any valid responses to a query
 from the DNS (note that other namespaces in the context are not used).   Most
-typical use cases for applications are probably satisifed via calls to
+typical use cases for applications are probably satisfied via calls to
 getdns_address(3) which would replace getaddrinfo(3).
 
 .HP 3

getdns.pc.in

@@ -1,7 +1,7 @@
 prefix=@prefix@
 exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
+libdir=@libdir_for_pc_file@
+includedir=@includedir_for_pc_file@
 
 Name: getdns
 Version: @GETDNS_VERSION@

getdns_ext_event.pc.in

@@ -1,7 +1,7 @@
 prefix=@prefix@
 exec_prefix=${prefix}
-libdir=${exec_prefix}/lib
-includedir=${prefix}/include
+libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@CMAKE_INSTALL_INCLUDEDIR@
 
 Name: getdns_ext_event
 Version: @GETDNS_VERSION@

m4/acx_getaddrinfo.m4

@@ -1,81 +0,0 @@
-# Taken from acx_nlnetlabs.m4 - common macros for configure checks
-# Copyright 2009, Wouter Wijngaards, NLnet Labs.   
-# BSD licensed.
-#
-
-dnl Check getaddrinfo.
-dnl Works on linux, solaris, bsd and windows(links winsock).
-dnl defines HAVE_GETADDRINFO, USE_WINSOCK.
-AC_DEFUN([ACX_CHECK_GETADDRINFO_WITH_INCLUDES],
-[AC_REQUIRE([AC_PROG_CC])
-AC_MSG_CHECKING(for getaddrinfo)
-ac_cv_func_getaddrinfo=no
-AC_LINK_IFELSE(
-[AC_LANG_SOURCE([[
-#ifdef __cplusplus
-extern "C"
-{
-#endif
-char* getaddrinfo();
-char* (*f) () = getaddrinfo;
-#ifdef __cplusplus
-}
-#endif
-int main() {
-        ;
-        return 0;
-}
-]])],
-dnl this case on linux, solaris, bsd
-[ac_cv_func_getaddrinfo="yes"
-dnl see if on windows
-if test "$ac_cv_header_windows_h" = "yes"; then
-	AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
-	USE_WINSOCK="1"
-	LIBS="$LIBS -lws2_32 -lcrypt32"
-fi
-],
-dnl no quick getaddrinfo, try mingw32 and winsock2 library.
-ORIGLIBS="$LIBS"
-LIBS="$LIBS -lws2_32 -lcrypt32"
-AC_LINK_IFELSE(
-[AC_LANG_PROGRAM(
-[
-#define _WIN32_WINNT 0x0501
-#ifdef HAVE_WINDOWS_H
-#include <windows.h>
-#endif
-#ifdef HAVE_WINSOCK_H
-#include <winsock.h>
-#endif
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#include <stdio.h>
-#ifdef HAVE_WS2TCPIP_H
-#include <ws2tcpip.h>
-#endif
-],
-[
-        (void)getaddrinfo(NULL, NULL, NULL, NULL);
-]
-)],
-[
-ac_cv_func_getaddrinfo="yes"
-dnl already: LIBS="$LIBS -lws2_32 -lcrypt32"
-AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used])
-USE_WINSOCK="1"
-],
-[
-ac_cv_func_getaddrinfo="no"
-LIBS="$ORIGLIBS"
-])
-)
-
-AC_MSG_RESULT($ac_cv_func_getaddrinfo)
-if test $ac_cv_func_getaddrinfo = yes; then
-  AC_DEFINE(HAVE_GETADDRINFO, 1, [Whether getaddrinfo is available])
-fi
-])dnl Endof AC_CHECK_GETADDRINFO_WITH_INCLUDES
-
-dnl End of file

m4/acx_openssl.m4

@@ -1,164 +0,0 @@
-# Taken from acx_nlnetlabs.m4 - common macros for configure checks
-# Copyright 2009, Wouter Wijngaards, NLnet Labs.   
-# BSD licensed.
-#
-dnl Add a -R to the RUNTIME_PATH.  Only if rpath is enabled and it is
-dnl an absolute path.
-dnl $1: the pathname to add.
-AC_DEFUN([ACX_RUNTIME_PATH_ADD], [
-	if test "x$enable_rpath" = xyes; then
-		if echo "$1" | grep "^/" >/dev/null; then
-			RUNTIME_PATH="$RUNTIME_PATH -R$1"
-		fi
-	fi
-])
-dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL
-dnl Takes one argument; the withval checked in those 2 functions
-dnl sets up the environment for the given openssl path
-AC_DEFUN([ACX_SSL_CHECKS], [
-    withval=$1
-    if test x_$withval != x_no; then
-        AC_MSG_CHECKING(for SSL)
-        if test x_$withval = x_ -o x_$withval = x_yes; then
-            withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr"
-        fi
-        for dir in $withval; do
-            ssldir="$dir"
-            if test -f "$dir/include/openssl/ssl.h"; then
-                found_ssl="yes"
-                AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.])
-                dnl assume /usr/include is already in the include-path.
-                if test "$ssldir" != "/usr"; then
-                        CPPFLAGS="$CPPFLAGS -I$ssldir/include"
-                        LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
-                fi
-                break;
-            fi
-        done
-        if test x_$found_ssl != x_yes; then
-            AC_MSG_ERROR(Cannot find the SSL libraries in $withval)
-        else
-            AC_MSG_RESULT(found in $ssldir)
-            HAVE_SSL=yes
-            dnl assume /usr is already in the lib and dynlib paths.
-            if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
-                LDFLAGS="$LDFLAGS -L$ssldir/lib"
-                LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
-                ACX_RUNTIME_PATH_ADD([$ssldir/lib])
-            fi
-        
-            AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
-            LIBS="-lssl -lcrypto $LIBS"
-            LIBSSL_LIBS="-lssl -lcrypto $LIBSSL_LIBS"
-            AC_TRY_LINK(, [
-                int HMAC_Update(void);
-                (void)HMAC_Update();
-              ], [
-                AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-                          [If you have HMAC_Update])
-                AC_MSG_RESULT(yes)
-              ], [
-                AC_MSG_RESULT(no)
-                # check if -lwsock32 or -lgdi32 are needed.	
-                BAKLIBS="$LIBS"
-                BAKSSLLIBS="$LIBSSL_LIBS"
-                LIBS="$LIBS -lgdi32"
-                LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
-                AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
-                AC_TRY_LINK([], [
-                    int HMAC_Update(void);
-                    (void)HMAC_Update();
-                  ],[
-                    AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-                        [If you have HMAC_Update])
-                    AC_MSG_RESULT(yes) 
-                  ],[
-                    AC_MSG_RESULT(no)
-                    LIBS="$BAKLIBS"
-                    LIBSSL_LIBS="$BAKSSLLIBS"
-                    LIBS="$LIBS -ldl"
-                    LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
-                    AC_MSG_CHECKING([if -lcrypto needs -ldl])
-                    AC_TRY_LINK([], [
-                        int HMAC_Update(void);
-                        (void)HMAC_Update();
-                      ],[
-                        AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-                            [If you have HMAC_Update])
-                        AC_MSG_RESULT(yes) 
-                      ],[
-                        AC_MSG_RESULT(no)
-                    AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required])
-                    ])
-                ])
-            ])
-        fi
-        AC_SUBST(HAVE_SSL)
-        AC_SUBST(RUNTIME_PATH)
-    fi
-AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
-
-dnl TLS v1.2 requires OpenSSL 1.0.1
-AC_CHECK_FUNC(TLSv1_2_client_method,AC_DEFINE([HAVE_TLS_v1_2], [1],
-    [Define if you have libssl with tls 1.2]),[AC_MSG_WARN([Cannot find TLSv1_2_client_method in libssl library. TLS will not be available.])])
-
-dnl Native OpenSSL hostname verification requires OpenSSL 1.0.2
-AC_CHECK_FUNC(SSL_CTX_get0_param,AC_DEFINE([HAVE_SSL_HN_AUTH], [1],
-    [Define if you have libssl with host name verification]),[AC_MSG_WARN([Cannot find SSL_CTX_get0_param in libssl library. TLS hostname verification will not be available.])])
-])
-
-dnl Check for SSL, where SSL is mandatory
-dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
-dnl Setup of CPPFLAGS, CFLAGS.  Adds -lcrypto to LIBS. 
-dnl Checks main header files of SSL.
-dnl
-AC_DEFUN([ACX_WITH_SSL],
-[
-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
-                                    [enable SSL (will check /usr/local/ssl
-                            /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
-        ],[
-            withval="yes"
-        ])
-    if test x_$withval = x_no; then
-	AC_MSG_ERROR([Need SSL library to do digital signature cryptography])
-    fi
-    ACX_SSL_CHECKS($withval)
-])dnl End of ACX_WITH_SSL
-
-dnl Check for SSL, where ssl is optional (--without-ssl is allowed)
-dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found
-dnl Setup of CPPFLAGS, CFLAGS.  Adds -lcrypto to LIBS. 
-dnl Checks main header files of SSL.
-dnl
-AC_DEFUN([ACX_WITH_SSL_OPTIONAL],
-[
-AC_ARG_WITH(ssl, AC_HELP_STRING([--with-ssl=pathname],
-                                [enable SSL (will check /usr/local/ssl
-                                /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr)]),[
-        ],[
-            withval="yes"
-        ])
-    ACX_SSL_CHECKS($withval)
-])dnl End of ACX_WITH_SSL_OPTIONAL
-
-dnl Setup to use -lssl
-dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one).
-AC_DEFUN([ACX_LIB_SSL],
-[
-# check if libssl needs libdl
-BAKLIBS="$LIBS"
-LIBS="-lssl $LIBS"
-AC_MSG_CHECKING([if libssl needs libdl])
-AC_TRY_LINK_FUNC([SSL_CTX_new], [
-	AC_MSG_RESULT([no])
-	LIBS="$BAKLIBS"
-] , [
-	AC_MSG_RESULT([yes])
-	LIBS="$BAKLIBS"
-	AC_SEARCH_LIBS([dlopen], [dl])
-]) ])dnl End of ACX_LIB_SSL
-
-

m4/ax_check_compile_flag.m4

@@ -1,74 +0,0 @@
-# ===========================================================================
-#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
-# ===========================================================================
-#
-# SYNOPSIS
-#
-#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
-#
-# DESCRIPTION
-#
-#   Check whether the given FLAG works with the current language's compiler
-#   or gives an error.  (Warnings, however, are ignored)
-#
-#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
-#   success/failure.
-#
-#   If EXTRA-FLAGS is defined, it is added to the current language's default
-#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
-#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
-#   force the compiler to issue an error when a bad flag is given.
-#
-#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
-#
-#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
-#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
-#
-# LICENSE
-#
-#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
-#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
-#
-#   This program is free software: you can redistribute it and/or modify it
-#   under the terms of the GNU General Public License as published by the
-#   Free Software Foundation, either version 3 of the License, or (at your
-#   option) any later version.
-#
-#   This program is distributed in the hope that it will be useful, but
-#   WITHOUT ANY WARRANTY; without even the implied warranty of
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
-#   Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License along
-#   with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-#   As a special exception, the respective Autoconf Macro's copyright owner
-#   gives unlimited permission to copy, distribute and modify the configure
-#   scripts that are the output of Autoconf when processing the Macro. You
-#   need not follow the terms of the GNU General Public License when using
-#   or distributing such scripts, even though portions of the text of the
-#   Macro appear in them. The GNU General Public License (GPL) does govern
-#   all other use of the material that constitutes the Autoconf Macro.
-#
-#   This special exception to the GPL applies to versions of the Autoconf
-#   Macro released by the Autoconf Archive. When you make and distribute a
-#   modified version of the Autoconf Macro, you may extend this special
-#   exception to the GPL to apply to your modified version as well.
-
-#serial 3
-
-AC_DEFUN([AX_CHECK_COMPILE_FLAG],
-[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
-AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
-AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
-  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
-  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
-  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
-    [AS_VAR_SET(CACHEVAR,[yes])],
-    [AS_VAR_SET(CACHEVAR,[no])])
-  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
-AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
-  [m4_default([$2], :)],
-  [m4_default([$3], :)])
-AS_VAR_POPDEF([CACHEVAR])dnl
-])dnl AX_CHECK_COMPILE_FLAGS

m4/pkg.m4

@@ -1,214 +0,0 @@
-# pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
-# serial 1 (pkg-config-0.24)
-# 
-# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# PKG_PROG_PKG_CONFIG([MIN-VERSION])
-# ----------------------------------
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
-
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=m4_default([$1], [0.9.0])
-	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-		PKG_CONFIG=""
-	fi
-fi[]dnl
-])# PKG_PROG_PKG_CONFIG
-
-# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-#
-# Check to see whether a particular set of modules exists.  Similar
-# to PKG_CHECK_MODULES(), but does not set variables or print errors.
-#
-# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-# only at the first occurence in configure.ac, so if the first place
-# it's called might be skipped (such as if it is within an "if", you
-# have to call PKG_CHECK_EXISTS manually
-# --------------------------------------------------------------
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
-    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_default([$2], [:])
-m4_ifvaln([$3], [else
-  $3])dnl
-fi])
-
-# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-# ---------------------------------------------
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
-    pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
-    PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes ],
-		     [pkg_failed=yes])
- else
-    pkg_failed=untried
-fi[]dnl
-])# _PKG_CONFIG
-
-# _PKG_SHORT_ERRORS_SUPPORTED
-# -----------------------------
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi[]dnl
-])# _PKG_SHORT_ERRORS_SUPPORTED
-
-
-# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-# [ACTION-IF-NOT-FOUND])
-#
-#
-# Note that if there is a possibility the first call to
-# PKG_CHECK_MODULES might not happen, you should be sure to include an
-# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-#
-#
-# --------------------------------------------------------------
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $1])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
-   	AC_MSG_RESULT([no])
-        _PKG_SHORT_ERRORS_SUPPORTED
-        if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else 
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
-	m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
-        ])
-elif test $pkg_failed = untried; then
-     	AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
-        ])
-else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-        AC_MSG_RESULT([yes])
-	$3
-fi[]dnl
-])# PKG_CHECK_MODULES
-
-
-# PKG_INSTALLDIR(DIRECTORY)
-# -------------------------
-# Substitutes the variable pkgconfigdir as the location where a module
-# should install pkg-config .pc files. By default the directory is
-# $libdir/pkgconfig, but the default can be changed by passing
-# DIRECTORY. The user can override through the --with-pkgconfigdir
-# parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
-    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
-    [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-]) dnl PKG_INSTALLDIR
-
-
-# PKG_NOARCH_INSTALLDIR(DIRECTORY)
-# -------------------------
-# Substitutes the variable noarch_pkgconfigdir as the location where a
-# module should install arch-independent pkg-config .pc files. By
-# default the directory is $datadir/pkgconfig, but the default can be
-# changed by passing DIRECTORY. The user can override through the
-# --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
-    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
-    [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-]) dnl PKG_NOARCH_INSTALLDIR
-
-
-# PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-# [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-# -------------------------------------------
-# Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])# PKG_CHECK_VAR

project-doc/cachedesign.txt

@@ -53,9 +53,9 @@ Local configuration via API or local file (e.g. /etc/getdns.conf, ~/.getdnsrc)
     - max TTL/TTL override (separate for pos/neg cache entries)
     - inclusions (use cache for specified domains) (maybe over-eng)
     - exceptions (avoid ache for specified domains) (maybe over-eng)
-    - persistant vs. transitory cache
+    - persistent vs. transitory cache
 
-- cache data store via Berkely db to allow for persistance
+- cache data store via Berkely db to allow for persistence
 
 - negative cache TTL derived from SOA
 

project-doc/freebsd-tests-notes.txt

@@ -0,0 +1,10 @@
+pkg update
+pkg upgrade
+pkg install -y gawk unbound valgrind bash check cmake git libyaml libevent libuv
+git clone git@github.com:getdnsapi/getdns.git
+cd getdns/
+git checkout remotes/origin/release/1.6.0-beta.1
+mkdir test
+cd test/
+../src/test/tpkg/run-all.sh
+

project-doc/makedist.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+[ ! -f git-archive-all.sh ] && wget "https://raw.githubusercontent.com/meitar/git-archive-all.sh/master/git-archive-all.sh"
+[ ! -x git-archive-all.sh ] && chmod +x git-archive-all.sh
+[ ! -f git-archive-all.sh ] && exit 1
+GIT_ARCHIVE="`pwd`/git-archive-all.sh"
+git submodule update --init
+GIT_ROOT=`git rev-parse --show-toplevel`
+version=`awk '/^set\(PACKAGE_VERSION/{V=$2}
+              /^set\(RELEASE_CANDIDATE/{RC=$2}
+              END{print V""RC}' "$GIT_ROOT/CMakeLists.txt" | sed 's/[")]//g'`
+output_file="getdns-${version}.tar.gz"
+( cd "$GIT_ROOT" \
+  && "$GIT_ARCHIVE" --prefix "getdns-$version/" --format tar.gz \
+                    --worktree-attributes -- - ) > "$output_file"
+openssl md5 "$output_file" > "${output_file}.md5"
+openssl sha1 "$output_file" > "${output_file}.sha1"
+openssl sha256 "$output_file" > "${output_file}.sha256"
+gpg --armor --detach-sig "$output_file"
+[ -f "$output_file" -a -f "${output_file}.md5" -a -f "${output_file}.sha1" -a -f "${output_file}.sha256" -a -f "${output_file}.asc" ] \
+&& rm git-archive-all.sh

project-doc/packages.txt

@@ -0,0 +1,20 @@
+Some notes about packages and maintainers.
+
+For Homebrew, created and maintained by ilovezfs
+https://github.com/Homebrew/homebrew-core/Formula/getdns.rb
+https://github.com/Homebrew/homebrew-core/Formula/stubby.rb
+
+For Arch, created and maintained by Bruno Pagani (ArchangeGabriel)
+
+For OpenWRT, created and maintained by David Mora (iamperson347)
+https://github.com/openwrt/packages/tree/master/libs/getdns
+https://github.com/openwrt/packages/tree/master/net/stubby
+
+For AstLinux Project, created and maintained by Lonnie Abelbeck (abelbeck)
+https://github.com/astlinux-project/astlinux/tree/master/package/getdns
+
+For Genode, created and maintained by Emery Hemingway (ehmry)
+https://github.com/genodelabs/genode/blob/master/repos/ports/ports/getdns.port
+
+For Gentoo, created and maintained by CaseOf (Quentin R.?)
+https://packages.gentoo.org/packages/net-dns/getdns

spec/example/Makefile.in

@@ -1,172 +0,0 @@
-#
-# @configure_input@
-#
-# Copyright (c) 2013, Verisign, Inc., NLNet Labs
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the names of the copyright holders nor the
-#   names of its contributors may be used to endorse or promote products
-#   derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package = @PACKAGE_NAME@
-version = @PACKAGE_VERSION@
-tarname = @PACKAGE_TARNAME@
-distdir = $(tarname)-$(version)
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-bindir = @bindir@
-LIBTOOL = ../../libtool
-
-srcdir = @srcdir@
-
-EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
-EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
-EXTENSION_LIBEVENT_LIB=../../src/libgetdns_ext_event.la
-
-CC=@CC@
-CFLAGS=-I$(srcdir) -I$(srcdir)/../../src -I../../src @CFLAGS@
-LDFLAGS=@LDFLAGS@ -L../../src
-LDLIBS=../../src/libgetdns.la @LIBS@
-
-
-OBJS=example-all-functions.lo example-simple-answers.lo example-tree.lo example-synchronous.lo example-reverse.lo
-
-PROGRAMS=example-all-functions example-synchronous example-simple-answers example-tree example-reverse
-
-.SUFFIXES: .c .o .a .lo .h
-
-.c.o:
-	$(CC) $(CFLAGS) -c $< -o $@
-
-.c.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $< -o $@
-
-default: all
-example: all
-
-all: $(PROGRAMS)
-
-$(OBJS):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@
-
-example-all-functions: example-all-functions.lo
-	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-all-functions.lo
-
-example-synchronous: example-synchronous.lo
-	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LDLIBS) -o $@ example-synchronous.lo
-
-$(EXTENSION_LIBEVENT_LIB):
-	@echo "***"
-	@echo "*** Three examples from the specification need libevent."
-	@echo "*** libevent was not found or usable at configure time."
-	@echo "*** To compile and run all examples from the spec, make sure"
-	@echo "*** libevent is available and usable during configuration."
-	@echo "***"
-	@false
-
-example-simple-answers:	example-simple-answers.lo $(EXTENSION_LIBEVENT_LIB)
-	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-simple-answers.lo
-
-example-tree: example-tree.lo $(EXTENSION_LIBEVENT_LIB)
-	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-tree.lo
-
-example-reverse: example-reverse.lo $(EXTENSION_LIBEVENT_LIB)
-	 $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) $(LDLIBS) -o $@ example-reverse.lo
-
-clean:
-	rm -f *.o *.lo $(PROGRAMS)
-	rm -rf .libs
-
-distclean : clean
-	rm -f Makefile config.status config.log
-	rm -Rf autom4te.cache
-
-$(distdir): FORCE
-	mkdir -p $(distdir)/src
-	cp configure.ac $(distdir)
-	cp configure $(distdir)
-	cp Makefile.in $(distdir)
-	cp src/Makefile.in $(distdir)/src
-
-distcheck: $(distdir).tar.gz
-	gzip -cd $(distdir).tar.gz | tar xvf -
-	cd $(distdir) && ./configure
-	cd $(distdir) && $(MAKE) all
-	cd $(distdir) && $(MAKE) check
-	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst install
-	cd $(distdir) && $(MAKE) DESTDIR=$${PWD}/_inst uninstall
-	@remaining="`find $${PWD}/$(distdir)/_inst -type f | wc -l`"; \
-	if test "$${remaining}" -ne 0; then
-	  echo "@@@ $${remaining} file(s) remaining in stage directory!"; \
-	  exit 1; \
-	fi
-	cd $(distdir) && $(MAKE) clean
-	rm -rf $(distdir)
-	@echo "*** Package $(distdir).tar.gz is ready for distribution"
-
-Makefile: $(srcdir)/Makefile.in ../../config.status
-	cd ../.. && ./config.status spec/example/Makefile
-
-configure.status: configure
-	cd ../.. && ./config.status --recheck
-
-.PHONY: clean
-
-depend:
-	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I../../src -I"$$blddir"/../../src *.c | \
-		sed -e "s? $$blddir/? ?g" \
-		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
-		    -e 's? \$$(srcdir)/\.\./\.\./src/config\.h? ../../src/config.h?g' \
-		    -e 's? $$(srcdir)/\.\./\.\./src/getdns/getdns_extra\.h? ../../src/getdns/getdns_extra.h?g' \
-		    -e 's? \.\./\.\./src/getdns/getdns_ext_libevent\.h? $$(srcdir)/../../src/getdns/getdns_ext_libevent.h?g' \
-		    -e 's? \.\./\.\./src/getdns/getdns_ext_libev\.h? $$(srcdir)/../../src/getdns/getdns_ext_libev.h?g' \
-		    -e 's? \.\./\.\./src/getdns/getdns_ext_libuv\.h? $$(srcdir)/../../src/getdns/getdns_ext_libuv.h?g' \
-		    -e 's? \.\./\.\./src/debug\.h? $$(srcdir)/../../src/debug.h?g' \
-		    -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
-	(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
-	                                                 || mv Makefile.in.new Makefile.in )
-
-
-# Dependencies for the examples
-example-all-functions.lo example-all-functions.o: $(srcdir)/example-all-functions.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-reverse.lo example-reverse.o: $(srcdir)/example-reverse.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-simple-answers.lo example-simple-answers.o: $(srcdir)/example-simple-answers.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h
-example-synchronous.lo example-synchronous.o: $(srcdir)/example-synchronous.c $(srcdir)/getdns_core_only.h \
- ../../src/getdns/getdns.h
-example-tree.lo example-tree.o: $(srcdir)/example-tree.c $(srcdir)/getdns_libevent.h \
- ../../src/config.h \
- ../../src/getdns/getdns.h \
- $(srcdir)/../../src/getdns/getdns_ext_libevent.h \
- ../../src/getdns/getdns_extra.h

spec/example/example-reverse.c

@@ -31,7 +31,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 
 	if ((r = getdns_dict_get_list(response, "/replies_tree/0/answer", &answer)))
-		fprintf(stderr, "Could not get \"answer\" section from first reply in the reponse");
+		fprintf(stderr, "Could not get \"answer\" section from first reply in the response");
 
 	else if ((r = getdns_list_get_length(answer, &n_answers)))
 		fprintf(stderr, "Could not get replies_tree\'s length");

spec/example/example-simple-answers.c

@@ -35,7 +35,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 
 	if ((r = getdns_dict_get_int(response, "status", &status)))
-		fprintf(stderr, "Could not get \"status\" from reponse");
+		fprintf(stderr, "Could not get \"status\" from response");
 
 	else if (status != GETDNS_RESPSTATUS_GOOD)
 		fprintf(stderr, "The search had no results, and a return value of %"PRIu32".\n", status);

spec/example/example-tree.c

@@ -31,7 +31,7 @@ void callback(getdns_context        *context,
 	assert( callback_type == GETDNS_CALLBACK_COMPLETE );
 
 	if ((r = getdns_dict_get_list(response, "replies_tree", &replies_tree)))
-		fprintf(stderr, "Could not get \"replies_tree\" from reponse");
+		fprintf(stderr, "Could not get \"replies_tree\" from response");
 
 	else if ((r = getdns_list_get_length(replies_tree, &n_replies)))
 		fprintf(stderr, "Could not get replies_tree\'s length");

spec/index.html

@@ -173,7 +173,7 @@ extensions. See <a href="#Extensions">the section below</a> for information on h
 the extensions used for a request.</p>
 
 <p class=define><code><b>*userarg</b></code></p>
-<p class=descrip>A void* that is passed to the function, which the funciton
+<p class=descrip>A void* that is passed to the function, which the function
 returns to the callback function untouched. <code>userarg</code> can be used by the callback
 function for any user-specific data needed. This can be NULL.</p>
 
@@ -1507,7 +1507,7 @@ function.</p>
     <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
 
     <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_int</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;status&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">status</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">status</span><span class="se">\&quot;</span><span class="s"> from reponse&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">status</span><span class="se">\&quot;</span><span class="s"> from response&quot;</span><span class="p">);</span>
 
     <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">status</span> <span class="o">!=</span> <span class="n">GETDNS_RESPSTATUS_GOOD</span><span class="p">)</span>
         <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;The search had no results, and a return value of %&quot;</span><span class="n">PRIu32</span><span class="s">&quot;.</span><span class="se">\n</span><span class="s">&quot;</span><span class="p">,</span> <span class="n">status</span><span class="p">);</span>
@@ -1622,7 +1622,7 @@ their TTLs.</p>
     <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
 
     <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_list</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;replies_tree&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">replies_tree</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">replies_tree</span><span class="se">\&quot;</span><span class="s"> from reponse&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">replies_tree</span><span class="se">\&quot;</span><span class="s"> from response&quot;</span><span class="p">);</span>
 
     <span class="k">else</span> <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_list_get_length</span><span class="p">(</span><span class="n">replies_tree</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">n_replies</span><span class="p">)))</span>
         <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get replies_tree</span><span class="se">\&#39;</span><span class="s">s length&quot;</span><span class="p">);</span>
@@ -1854,7 +1854,7 @@ as it is for the synchronous example, it is just done in <code>main()</code>.</p
     <span class="n">assert</span><span class="p">(</span> <span class="n">callback_type</span> <span class="o">==</span> <span class="n">GETDNS_CALLBACK_COMPLETE</span> <span class="p">);</span>
 
     <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_dict_get_list</span><span class="p">(</span><span class="n">response</span><span class="p">,</span> <span class="s">&quot;/replies_tree/0/answer&quot;</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">answer</span><span class="p">)))</span>
-        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">answer</span><span class="se">\&quot;</span><span class="s"> section from first reply in the reponse&quot;</span><span class="p">);</span>
+        <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get </span><span class="se">\&quot;</span><span class="s">answer</span><span class="se">\&quot;</span><span class="s"> section from first reply in the response&quot;</span><span class="p">);</span>
 
     <span class="k">else</span> <span class="k">if</span> <span class="p">((</span><span class="n">r</span> <span class="o">=</span> <span class="n">getdns_list_get_length</span><span class="p">(</span><span class="n">answer</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">n_answers</span><span class="p">)))</span>
         <span class="n">fprintf</span><span class="p">(</span><span class="n">stderr</span><span class="p">,</span> <span class="s">&quot;Could not get replies_tree</span><span class="se">\&#39;</span><span class="s">s length&quot;</span><span class="p">);</span>

src/Doxyfile.in

@@ -58,7 +58,7 @@ PROJECT_LOGO           =
 # entered, it will be relative to the location where doxygen was started. If
 # left blank the current directory will be used.
 
-OUTPUT_DIRECTORY       = ../doc
+OUTPUT_DIRECTORY       = doc
 
 # If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
 # directories (in 2 levels) under the output directory of each output format and

src/Makefile.in

@@ -1,537 +0,0 @@
-#
-# @configure_input@
-#
-# Copyright (c) 2013, Verisign, Inc., NLnet Labs
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are met:
-# * Redistributions of source code must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-# * Redistributions in binary form must reproduce the above copyright
-#   notice, this list of conditions and the following disclaimer in the
-#   documentation and/or other materials provided with the distribution.
-# * Neither the names of the copyright holders nor the
-#   names of its contributors may be used to endorse or promote products
-#   derived from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-# DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-package = @PACKAGE_NAME@
-version = @PACKAGE_VERSION@
-tarname = @PACKAGE_TARNAME@
-distdir = $(tarname)-$(version)
-libversion = @GETDNS_LIBVERSION@
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-bindir = @bindir@
-sbindir = @sbindir@
-libdir = @libdir@
-includedir = @includedir@
-sysconfdir = @sysconfdir@
-localstatedir = @localstatedir@
-runstatedir = @runstatedir@
-stubbyconfdir = $(sysconfdir)/stubby
-have_libevent = @have_libevent@
-have_libuv = @have_libuv@
-have_libev = @have_libev@
-# datarootdir is here to please some checkers
-datarootdir=@datarootdir@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-
-srcdir = @srcdir@
-stubbysrcdir = $(srcdir)/../stubby
-LIBTOOL = ../libtool
-
-CC=@CC@
-CFLAGS=-I$(srcdir) -I. -I$(srcdir)/util/auxiliary @CFLAGS@ @CPPFLAGS@ $(XTRA_CFLAGS)
-WPEDANTICFLAG=@WPEDANTICFLAG@
-WNOERRORFLAG=@WNOERRORFLAG@
-LDFLAGS=@LDFLAGS@ @LIBS@
-
-EXTENSION_LIBEVENT_LIB=@EXTENSION_LIBEVENT_LIB@
-EXTENSION_LIBEVENT_EXT_LIBS=@EXTENSION_LIBEVENT_EXT_LIBS@
-EXTENSION_LIBEVENT_LDFLAGS=@EXTENSION_LIBEVENT_LDFLAGS@
-EXTENSION_LIBEV_LIB=@EXTENSION_LIBEV_LIB@
-EXTENSION_LIBEV_EXT_LIBS=@EXTENSION_LIBEV_EXT_LIBS@
-EXTENSION_LIBEV_LDFLAGS=@EXTENSION_LIBEV_LDFLAGS@
-EXTENSION_LIBUV_LIB=@EXTENSION_LIBUV_LIB@
-EXTENSION_LIBUV_EXT_LIBS=@EXTENSION_LIBUV_EXT_LIBS@
-EXTENSION_LIBUV_LDFLAGS=@EXTENSION_LIBUV_LDFLAGS@
-
-C99COMPATFLAGS=@C99COMPATFLAGS@
-
-DEFAULT_EVENTLOOP_OBJ=@DEFAULT_EVENTLOOP@.lo
-
-GETDNS_OBJ=const-info.lo convert.lo dict.lo dnssec.lo general.lo \
-	list.lo request-internal.lo pubkey-pinning.lo rr-dict.lo \
-	rr-iter.lo server.lo stub.lo sync.lo ub_loop.lo util-internal.lo \
-	mdns.lo
-
-GLDNS_OBJ=keyraw.lo gbuffer.lo wire2str.lo parse.lo parseutil.lo rrdef.lo \
-	str2wire.lo
-
-PROGRAMS=@STUBBY@
-
-LIBOBJDIR=
-LIBOBJS=@LIBOBJS@
-COMPAT_OBJ=$(LIBOBJS:.o=.lo)
-
-UTIL_OBJ=rbtree.lo val_secalgo.lo lruhash.lo lookup3.lo locks.lo
-
-JSMN_OBJ=jsmn.lo
-
-EXTENSION_OBJ=$(DEFAULT_EVENTLOOP_OBJ) libevent.lo libev.lo
-
-NON_C99_OBJS=context.lo libuv.lo
-
-.SUFFIXES: .c .o .a .lo .h
-
-.c.o:
-	$(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
-
-.c.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $< -o $@
-
-default: all
-
-all: libgetdns.la $(EXTENSION_LIBEVENT_LIB) $(EXTENSION_LIBUV_LIB) $(EXTENSION_LIBEV_LIB) $(PROGRAMS)
-
-$(GETDNS_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/$(@:.lo=.c) -o $@
-
-$(GLDNS_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/gldns/$(@:.lo=.c) -o $@
-
-$(COMPAT_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -c $(srcdir)/compat/$(@:.lo=.c) -o $@
-
-$(UTIL_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WNOERRORFLAG) -c $(srcdir)/util/$(@:.lo=.c) -o $@
-
-$(JSMN_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) -DJSMN_GETDNS -c $(srcdir)/jsmn/$(@:.lo=.c) -o $@
-
-$(EXTENSION_OBJ):
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -c $(srcdir)/extension/$(@:.lo=.c) -o $@
-
-context.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/context.c -o context.lo
-
-libuv.lo:
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) $(C99COMPATFLAGS) -c $(srcdir)/extension/libuv.c -o libuv.lo
-
-install-headers: getdns/getdns.h getdns/getdns_extra.h
-	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/getdns
-	$(INSTALL) -m 644 getdns/getdns.h $(DESTDIR)$(includedir)/getdns/getdns.h
-	$(INSTALL) -m 644 getdns/getdns_extra.h $(DESTDIR)$(includedir)/getdns/getdns_extra.h
-	if test $(have_libevent) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libevent.h $(DESTDIR)$(includedir)/getdns/ ; fi
-	if test $(have_libuv) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libuv.h $(DESTDIR)$(includedir)/getdns/ ; fi
-	if test $(have_libev) = 1 ; then $(INSTALL) -m 644 $(srcdir)/getdns/getdns_ext_libev.h $(DESTDIR)$(includedir)/getdns/ ; fi
-
-uninstall-headers:
-	rm -rf $(DESTDIR)$(includedir)/getdns
-
-install-libs: libgetdns.la
-	$(INSTALL) -m 755 -d $(DESTDIR)$(libdir)
-	$(LIBTOOL) --mode=install cp libgetdns.la $(DESTDIR)$(libdir)
-	if test $(have_libevent) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEVENT_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libuv) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBUV_LIB) $(DESTDIR)$(libdir) ; fi
-	if test $(have_libev) = 1 ; then $(LIBTOOL) --mode=install cp $(EXTENSION_LIBEV_LIB) $(DESTDIR)$(libdir) ; fi
-	$(LIBTOOL) --mode=finish $(DESTDIR)$(libdir)
-
-uninstall-libs:
-	if test $(have_libevent) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEVENT_LIB) ; fi
-	if test $(have_libuv) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBUV_LIB) ; fi
-	if test $(have_libev) = 1; then $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/$(EXTENSION_LIBEV_LIB) ; fi
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libgetdns.la
-
-install: install-libs install-headers @INSTALL_STUBBY@
-
-uninstall: @UNINSTALL_STUBBY@ uninstall-headers uninstall-libs
-
-libgetdns_ext_event.la: libgetdns.la libevent.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libevent.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEVENT_LDFLAGS) $(EXTENSION_LIBEVENT_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libevent.symbols
-
-libgetdns_ext_uv.la: libgetdns.la libuv.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libuv.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBUV_LDFLAGS) $(EXTENSION_LIBUV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libuv.symbols
-
-
-libgetdns_ext_ev.la: libgetdns.la libev.lo
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ libev.lo libgetdns.la $(LDFLAGS) $(EXTENSION_LIBEV_LDFLAGS) $(EXTENSION_LIBEV_EXT_LIBS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/extension/libev.symbols
-
-
-libgetdns.la: $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ)
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ $(GETDNS_OBJ) version.lo context.lo $(DEFAULT_EVENTLOOP_OBJ) $(GLDNS_OBJ) $(COMPAT_OBJ) $(UTIL_OBJ) $(JSMN_OBJ) $(LDFLAGS) -rpath $(libdir) -version-info $(libversion) -no-undefined -export-symbols $(srcdir)/libgetdns.symbols
-
-test: default
-	cd test && $(MAKE) $@
-
-getdns_query: default
-	cd tools && $(MAKE) $@
-
-stubby.lo: $(stubbysrcdir)/src/stubby.c
-	$(LIBTOOL) --quiet --tag=CC --mode=compile $(CC) $(CFLAGS) $(WPEDANTICFLAG) -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\" -c $< -o $@
-
-stubby: stubby.lo libgetdns.la 
-	$(LIBTOOL) --tag=CC --mode=link $(CC) -o $@ stubby.lo $(LDFLAGS) libgetdns.la
-
-install-stubby: stubby $(stubbysrcdir)/stubby.conf.example $(stubbysrcdir)/stubby-setdns-macos.sh
-	$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
-	$(LIBTOOL) --mode=install cp stubby $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755  $(stubbysrcdir)/stubby-setdns-macos.sh $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755 -d $(DESTDIR)$(stubbyconfdir)
-	test -f $(DESTDIR)$(stubbyconfdir)/stubby.conf || \
-		$(INSTALL_DATA) $(stubbysrcdir)/stubby.conf.example $(DESTDIR)$(stubbyconfdir)/stubby.conf
-
-uninstall-stubby:
-	$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
-	rm -f $(DESTDIR)$(sbindir)/stubby-setdns-macos.sh
-
-scratchpad: default
-	cd test && $(MAKE) $@
-
-pad: scratchpad
-
-clean:
-	cd tools && $(MAKE) $@
-	cd test && $(MAKE) $@
-	rm -f *.o *.lo extension/*.lo extension/*.o $(PROGRAMS) libgetdns.la libgetdns_ext_*.la
-	rm -rf .libs extension/.libs
-
-distclean : clean
-	cd tools && $(MAKE) $@
-	cd test && $(MAKE) $@
-	rmdir test 2>/dev/null || true
-	rm -f Makefile config.status config.log Doxyfile config.h version.c getdns/Makefile getdns/getdns.h getdns/getdns_extra.h
-	rmdir getdns 2>/dev/null || true
-	rmdir extension 2>/dev/null || true
-	rm -Rf autom4te.cache
-
-Makefile: $(srcdir)/Makefile.in ../config.status
-	cd .. && ./config.status src/Makefile
-
-depend:
-	(cd $(srcdir) ; awk 'BEGIN{P=1}{if(P)print}/^# Dependencies/{P=0}' Makefile.in > Makefile.in.new )
-	(blddir=`pwd`; cd $(srcdir) ; gcc -MM -I. -I"$$blddir" -Iutil/auxiliary *.c gldns/*.c compat/*.c util/*.c jsmn/*.c extension/*.c| \
-		sed -e "s? $$blddir/? ?g" \
-		    -e 's? gldns/? $$(srcdir)/gldns/?g' \
-		    -e 's? compat/? $$(srcdir)/compat/?g' \
-		    -e 's? util/auxiliary/util/? $$(srcdir)/util/auxiliary/util/?g' \
-		    -e 's? util/? $$(srcdir)/util/?g' \
-		    -e 's? jsmn/? $$(srcdir)/jsmn/?g' \
-		    -e 's? extension/? $$(srcdir)/extension/?g' \
-		    -e 's? \([a-z_-]*\)\.\([ch]\)? $$(srcdir)/\1.\2?g' \
-		    -e 's? \$$(srcdir)/config\.h? config.h?g' \
-		    -e 's? \$$(srcdir)/getdns/getdns_extra\.h? getdns/getdns_extra.h?g' \
-		    -e 's? \$$(srcdir)/version\.c? version.c?g' \
-		    -e 's? getdns/getdns_ext_libevent\.h? $$(srcdir)/getdns/getdns_ext_libevent.h?g' \
-		    -e 's? getdns/getdns_ext_libev\.h? $$(srcdir)/getdns/getdns_ext_libev.h?g' \
-		    -e 's? getdns/getdns_ext_libuv\.h? $$(srcdir)/getdns/getdns_ext_libuv.h?g' \
-		    -e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' >> Makefile.in.new )
-	(cd $(srcdir) ; diff Makefile.in.new Makefile.in && rm Makefile.in.new \
-	                                                 || mv Makefile.in.new Makefile.in )
-	cd tools && $(MAKE) $@
-	cd test && $(MAKE) $@
-
-.PHONY: clean test
-FORCE:
-
-# Dependencies for gldns, utils, the extensions and compat functions
-const-info.lo const-info.o: $(srcdir)/const-info.c \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/const-info.h
-context.lo context.o: $(srcdir)/context.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/list.h \
- $(srcdir)/dict.h $(srcdir)/pubkey-pinning.h
-convert.lo convert.o: $(srcdir)/convert.c \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h \
- $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h $(srcdir)/const-info.h $(srcdir)/dict.h \
- $(srcdir)/list.h $(srcdir)/jsmn/jsmn.h $(srcdir)/convert.h
-dict.lo dict.o: $(srcdir)/dict.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/const-info.h $(srcdir)/gldns/wire2str.h \
- $(srcdir)/gldns/parseutil.h
-dnssec.lo dnssec.o: $(srcdir)/dnssec.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/parseutil.h \
- $(srcdir)/general.h $(srcdir)/dict.h $(srcdir)/list.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h
-general.lo general.o: $(srcdir)/general.c \
- config.h \
- $(srcdir)/general.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/ub_loop.h $(srcdir)/debug.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h $(srcdir)/dict.h \
- $(srcdir)/mdns.h
-list.lo list.o: $(srcdir)/list.c $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h \
- config.h \
- $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/list.h $(srcdir)/dict.h
-mdns.lo mdns.o: $(srcdir)/mdns.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/context.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/mdns.h \
- $(srcdir)/util/auxiliary/util/fptr_wlist.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-pubkey-pinning.lo pubkey-pinning.o: $(srcdir)/pubkey-pinning.c \
- config.h \
- $(srcdir)/debug.h \
- getdns/getdns.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h
-request-internal.lo request-internal.o: $(srcdir)/request-internal.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/dict.h \
- $(srcdir)/convert.h $(srcdir)/general.h
-rr-dict.lo rr-dict.o: $(srcdir)/rr-dict.c $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/util-internal.h $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dict.h
-rr-iter.lo rr-iter.o: $(srcdir)/rr-iter.c $(srcdir)/rr-iter.h $(srcdir)/rr-dict.h \
- config.h \
- getdns/getdns.h \
- $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/rrdef.h
-server.lo server.o: $(srcdir)/server.c \
- config.h \
- getdns/getdns_extra.h \
- getdns/getdns.h \
- $(srcdir)/context.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
-stub.lo stub.o: $(srcdir)/stub.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/stub.h \
- getdns/getdns.h \
- $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util-internal.h $(srcdir)/general.h $(srcdir)/pubkey-pinning.h
-sync.lo sync.o: $(srcdir)/sync.c \
- getdns/getdns.h \
- config.h \
- $(srcdir)/context.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h \
- $(srcdir)/extension/default_eventloop.h $(srcdir)/extension/poll_eventloop.h \
- $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/general.h $(srcdir)/util-internal.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h $(srcdir)/stub.h \
- $(srcdir)/gldns/wire2str.h
-ub_loop.lo ub_loop.o: $(srcdir)/ub_loop.c $(srcdir)/ub_loop.h \
- config.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-util-internal.lo util-internal.o: $(srcdir)/util-internal.c \
- config.h \
- getdns/getdns.h \
- $(srcdir)/dict.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/types-internal.h \
- getdns/getdns_extra.h \
- $(srcdir)/list.h $(srcdir)/util-internal.h $(srcdir)/context.h $(srcdir)/extension/default_eventloop.h \
- $(srcdir)/extension/poll_eventloop.h $(srcdir)/types-internal.h $(srcdir)/ub_loop.h $(srcdir)/debug.h $(srcdir)/server.h \
- $(srcdir)/util/lruhash.h $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h \
- $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/rr-iter.h \
- $(srcdir)/rr-dict.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/pkthdr.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h \
- $(srcdir)/dnssec.h $(srcdir)/gldns/rrdef.h
-gbuffer.lo gbuffer.o: $(srcdir)/gldns/gbuffer.c \
- config.h \
- $(srcdir)/gldns/gbuffer.h
-keyraw.lo keyraw.o: $(srcdir)/gldns/keyraw.c \
- config.h \
- $(srcdir)/gldns/keyraw.h $(srcdir)/gldns/rrdef.h
-parse.lo parse.o: $(srcdir)/gldns/parse.c \
- config.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h
-parseutil.lo parseutil.o: $(srcdir)/gldns/parseutil.c \
- config.h \
- $(srcdir)/gldns/parseutil.h
-rrdef.lo rrdef.o: $(srcdir)/gldns/rrdef.c \
- config.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/parseutil.h
-str2wire.lo str2wire.o: $(srcdir)/gldns/str2wire.c \
- config.h \
- $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/gbuffer.h \
- $(srcdir)/gldns/parse.h $(srcdir)/gldns/parseutil.h
-wire2str.lo wire2str.o: $(srcdir)/gldns/wire2str.c \
- config.h \
- $(srcdir)/gldns/wire2str.h $(srcdir)/gldns/str2wire.h $(srcdir)/gldns/rrdef.h $(srcdir)/gldns/pkthdr.h \
- $(srcdir)/gldns/parseutil.h $(srcdir)/gldns/gbuffer.h $(srcdir)/gldns/keyraw.h
-arc4_lock.lo arc4_lock.o: $(srcdir)/compat/arc4_lock.c \
- config.h
-arc4random.lo arc4random.o: $(srcdir)/compat/arc4random.c \
- config.h \
- $(srcdir)/compat/chacha_private.h
-arc4random_uniform.lo arc4random_uniform.o: $(srcdir)/compat/arc4random_uniform.c \
- config.h
-explicit_bzero.lo explicit_bzero.o: $(srcdir)/compat/explicit_bzero.c \
- config.h
-getentropy_linux.lo getentropy_linux.o: $(srcdir)/compat/getentropy_linux.c \
- config.h
-getentropy_osx.lo getentropy_osx.o: $(srcdir)/compat/getentropy_osx.c \
- config.h
-getentropy_solaris.lo getentropy_solaris.o: $(srcdir)/compat/getentropy_solaris.c \
- config.h
-getentropy_win.lo getentropy_win.o: $(srcdir)/compat/getentropy_win.c
-gettimeofday.lo gettimeofday.o: $(srcdir)/compat/gettimeofday.c \
- config.h
-inet_ntop.lo inet_ntop.o: $(srcdir)/compat/inet_ntop.c \
- config.h
-inet_pton.lo inet_pton.o: $(srcdir)/compat/inet_pton.c \
- config.h
-sha512.lo sha512.o: $(srcdir)/compat/sha512.c \
- config.h
-strlcpy.lo strlcpy.o: $(srcdir)/compat/strlcpy.c \
- config.h
-locks.lo locks.o: $(srcdir)/util/locks.c \
- config.h \
- $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h
-lookup3.lo lookup3.o: $(srcdir)/util/lookup3.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lookup3.h $(srcdir)/util/lookup3.h \
- $(srcdir)/util/orig-headers/lookup3.h
-lruhash.lo lruhash.o: $(srcdir)/util/lruhash.c \
- config.h \
- $(srcdir)/util/auxiliary/util/storage/lruhash.h $(srcdir)/util/lruhash.h \
- $(srcdir)/util/orig-headers/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/orig-headers/locks.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/util/fptr_wlist.h
-rbtree.lo rbtree.o: $(srcdir)/util/rbtree.c \
- config.h \
- $(srcdir)/util/auxiliary/log.h $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h \
- $(srcdir)/util/auxiliary/fptr_wlist.h $(srcdir)/util/auxiliary/util/fptr_wlist.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/util/val_secalgo.c \
- config.h \
- $(srcdir)/util/auxiliary/util/data/packed_rrset.h \
- $(srcdir)/util/auxiliary/validator/val_secalgo.h $(srcdir)/util/val_secalgo.h \
- $(srcdir)/util/orig-headers/val_secalgo.h $(srcdir)/util/auxiliary/validator/val_nsec3.h \
- $(srcdir)/util/auxiliary/util/log.h $(srcdir)/debug.h $(srcdir)/util/auxiliary/sldns/rrdef.h \
- $(srcdir)/gldns/rrdef.h $(srcdir)/util/auxiliary/sldns/keyraw.h $(srcdir)/gldns/keyraw.h \
- $(srcdir)/util/auxiliary/sldns/sbuffer.h $(srcdir)/gldns/gbuffer.h
-jsmn.lo jsmn.o: $(srcdir)/jsmn/jsmn.c $(srcdir)/jsmn/jsmn.h
-libev.lo libev.o: $(srcdir)/extension/libev.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libev.h
-libevent.lo libevent.o: $(srcdir)/extension/libevent.c \
- config.h \
- $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libevent.h
-libuv.lo libuv.o: $(srcdir)/extension/libuv.c \
- config.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/getdns/getdns_ext_libuv.h
-poll_eventloop.lo poll_eventloop.o: $(srcdir)/extension/poll_eventloop.c \
- config.h \
- $(srcdir)/extension/poll_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h $(srcdir)/debug.h
-select_eventloop.lo select_eventloop.o: $(srcdir)/extension/select_eventloop.c \
- config.h \
- $(srcdir)/extension/select_eventloop.h \
- getdns/getdns.h \
- getdns/getdns_extra.h \
- $(srcdir)/debug.h $(srcdir)/types-internal.h $(srcdir)/util/rbtree.h $(srcdir)/util/orig-headers/rbtree.h

src/anchor.h

@@ -0,0 +1,83 @@
+/**
+ *
+ * /brief functions for DNSSEC trust anchor management
+ *
+ */
+
+/*
+ * Copyright (c) 2017, NLnet Labs
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef ANCHOR_H_
+#define ANCHOR_H_
+
+#include "getdns/getdns.h"
+#include "getdns/getdns_extra.h"
+#include <time.h>
+#include "rr-iter.h"
+
+#include "types-internal.h"
+
+/**
+ ** Internal functions, implemented in anchor-internal.c.
+ **/
+void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
+
+uint8_t *_getdns_tas_validate(struct mem_funcs *mf,
+    const getdns_bindata *xml_bd, const getdns_bindata *p7s_bd,
+    const getdns_bindata *crt_bd, const char *p7signer,
+                      uint64_t *now_ms, uint8_t *tas, size_t *tas_len);
+
+
+/**
+ ** anchor.c functions used by anchor-internal.c.
+ **/
+time_t _getdns_xml_convertdate(const char* str);
+
+uint16_t _getdns_parse_xml_trust_anchors_buf(gldns_buffer *gbuf, uint64_t *now_ms, char *xml_data, size_t xml_len);
+
+/**
+ ** Public interface.
+ **/
+void _getdns_context_equip_with_anchor(getdns_context *context, uint64_t *now_ms);
+
+void _getdns_start_fetching_ta(
+    getdns_context *context, getdns_eventloop *loop, uint64_t *now_ms);
+
+#define MAX_KSKS        16
+#define RRSIG_RDATA_LEN 16
+typedef struct _getdns_ksks {
+	size_t   n;
+	uint16_t ids[MAX_KSKS];
+	size_t   n_rrsigs;
+	uint8_t  rrsigs[MAX_KSKS][RRSIG_RDATA_LEN];
+} _getdns_ksks;
+
+void _getdns_context_update_root_ksk(
+    getdns_context *context, _getdns_rrset *dnskey_set);
+
+#endif
+/* anchor.h */

src/compat/arc4random.c

@@ -31,11 +31,11 @@
 #endif
 #include <stdlib.h>
 #include <string.h>
+#ifndef GETDNS_ON_WINDOWS
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/time.h>
-#ifndef GETDNS_ON_WINDOWS
 #include <sys/mman.h>
 #endif
 #if defined(GETDNS_ON_WINDOWS) && !defined(MAP_INHERIT_ZERO)
@@ -51,6 +51,9 @@
 #else				/* !__GNUC__ */
 #define inline
 #endif				/* !__GNUC__ */
+#ifndef MAP_ANON
+#define MAP_ANON MAP_ANONYMOUS
+#endif
 
 #define KEYSZ	32
 #define IVSZ	8
@@ -71,6 +74,72 @@ static struct {
 
 static inline void _rs_rekey(u_char *dat, size_t datlen);
 
+/*
+ * Basic sanity checking; wish we could do better.
+ */
+static int
+fallback_gotdata(char *buf, size_t len)
+{
+	char	any_set = 0;
+	size_t	i;
+
+	for (i = 0; i < len; ++i)
+		any_set |= buf[i];
+	if (any_set == 0)
+		return -1;
+	return 0;
+}
+
+/* fallback for getentropy in case libc returns failure */
+static int
+fallback_getentropy_urandom(void *buf, size_t len)
+{
+	size_t i;
+	int fd, flags;
+	int save_errno = errno;
+
+start:
+
+	flags = O_RDONLY;
+#ifdef O_NOFOLLOW
+	flags |= O_NOFOLLOW;
+#endif
+#ifdef O_CLOEXEC
+	flags |= O_CLOEXEC;
+#endif
+	fd = open("/dev/urandom", flags, 0);
+	if (fd == -1) {
+		if (errno == EINTR)
+			goto start;
+		goto nodevrandom;
+	}
+#ifndef O_CLOEXEC
+#  ifdef HAVE_FCNTL
+	fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
+#  endif
+#endif
+	for (i = 0; i < len; ) {
+		size_t wanted = len - i;
+		ssize_t ret = read(fd, (char*)buf + i, wanted);
+
+		if (ret == -1) {
+			if (errno == EAGAIN || errno == EINTR)
+				continue;
+			close(fd);
+			goto nodevrandom;
+		}
+		i += ret;
+	}
+	close(fd);
+	if (fallback_gotdata(buf, len) == 0) {
+		errno = save_errno;
+		return 0;		/* satisfied */
+	}
+nodevrandom:
+	errno = EIO;
+	return -1;
+}
+
 static inline void
 _rs_init(u_char *buf, size_t n)
 {
@@ -102,6 +171,9 @@ _rs_init(u_char *buf, size_t n)
 		if(!rsx)
 			abort();
 #endif
+		/* Pleast older clang scan-build */
+		if (!buf)
+			buf = rsx->rs_buf;
 	}
 
 	chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0);
@@ -114,15 +186,15 @@ _rs_stir(void)
 	u_char rnd[KEYSZ + IVSZ];
 
 	if (getentropy(rnd, sizeof rnd) == -1) {
+		if(errno != ENOSYS ||
+			fallback_getentropy_urandom(rnd, sizeof rnd) == -1) {
 #ifdef SIGKILL
 			raise(SIGKILL);
 #else
-#ifdef GETDNS_ON_WINDOWS
-		DebugBreak();
-#endif
 			exit(9); /* windows */
 #endif
 		}
+	}
 
 	if (!rs)
 		_rs_init(rnd, sizeof(rnd));
@@ -131,9 +203,6 @@ _rs_stir(void)
 	explicit_bzero(rnd, sizeof(rnd));	/* discard source seed */
 
 	/* invalidate rs_buf */
-#ifdef GETDNS_ON_WINDOWS
-	_Analysis_assume_(rs != NULL);
-#endif
 	rs->rs_have = 0;
 	memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf));
 
@@ -143,17 +212,9 @@ _rs_stir(void)
 static inline void
 _rs_stir_if_needed(size_t len)
 {
-#ifndef MAP_INHERIT_ZERO
+#if !defined(GETDNS_ON_WINDOWS)	&& !defined(MAP_INHERIT_ZERO)
 	static pid_t _rs_pid = 0;
-#ifdef GETDNS_ON_WINDOWS
-	/* 
-	 * TODO: if compiling for the Windows Runtime, use GetCurrentProcessId(),
-	 * but this requires linking with kernel32.lib
-	 */
-	pid_t pid = _getpid();
-#else
 	pid_t pid = getpid();
-#endif
 
 	/* If a system lacks MAP_INHERIT_ZERO, resort to getpid() */
 	if (_rs_pid == 0 || _rs_pid != pid) {
@@ -164,9 +225,6 @@ _rs_stir_if_needed(size_t len)
 #endif
 	if (!rs || rs->rs_count <= len)
 		_rs_stir();
-#ifdef GETDNS_ON_WINDOWS
-	_Analysis_assume_(rs != NULL);
-#endif
 	if (rs->rs_count <= len)
 		rs->rs_count = 0;
 	else

src/compat/arc4random_uniform.c

@@ -39,7 +39,7 @@ arc4random_uniform(uint32_t upper_bound)
 		return 0;
 
 	/* 2**32 % x == (2**32 - x) % x */
-	min = ((uint32_t)(-(int32_t)upper_bound)) % upper_bound;
+	min = -upper_bound % upper_bound;
 
 	/*
 	 * This could theoretically loop forever but each retry has

src/compat/explicit_bzero.c

@@ -6,17 +6,12 @@
 #include "config.h"
 #include <string.h>
 
-__attribute__((weak)) void
-__explicit_bzero_hook(void *ATTR_UNUSED(buf), size_t ATTR_UNUSED(len))
-{
-}
-
 void
 explicit_bzero(void *buf, size_t len)
 {
-#ifdef UB_ON_WINDOWS
+#ifdef GETDNS_ON_WINDOWS
 	SecureZeroMemory(buf, len);
-#endif
+#else
 	memset(buf, 0, len);
-	__explicit_bzero_hook(buf, len);
+#endif
 }

src/compat/getentropy_linux.c

@@ -60,6 +60,9 @@
 #include <sys/auxv.h>
 #endif
 #include <sys/vfs.h>
+#ifndef MAP_ANON
+#define MAP_ANON MAP_ANONYMOUS
+#endif
 
 #define REPEAT 5
 #define min(a, b) (((a) < (b)) ? (a) : (b))
@@ -94,7 +97,7 @@ int	getentropy(void *buf, size_t len);
 extern int main(int, char *argv[]);
 #endif
 static int gotdata(char *buf, size_t len);
-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(__NR_getrandom)
 static int getentropy_getrandom(void *buf, size_t len);
 #endif
 static int getentropy_urandom(void *buf, size_t len);
@@ -113,7 +116,7 @@ getentropy(void *buf, size_t len)
 		return -1;
 	}
 
-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(__NR_getrandom)
 	/*
 	 * Try descriptor-less getrandom()
 	 */
@@ -209,7 +212,7 @@ gotdata(char *buf, size_t len)
 	return 0;
 }
 
-#ifdef SYS_getrandom
+#if defined(SYS_getrandom) && defined(__NR_getrandom)
 static int
 getentropy_getrandom(void *buf, size_t len)
 {

src/compat/gettimeofday.c

@@ -21,8 +21,9 @@
   */
 #include "config.h"
 
-#ifdef GETDNS_ON_WINDOWS
-int gettimeofday(struct timeval* tv, struct timezone* tz)
+#ifndef HAVE_GETTIMEOFDAY
+
+int gettimeofday(struct timeval* tv, void* tz)
 {
 	FILETIME ft;
 	uint64_t now = 0;
@@ -70,4 +71,4 @@ int gettimeofday(struct timeval* tv, struct timezone* tz)
 
 	return 0;
 }
-#endif /* GETDNS_ON_WINDOWS */
+#endif /* HAVE_GETTIMEOFDAY */

src/compat/inet_ntop.c

@@ -19,8 +19,6 @@
 
 #include <config.h>
 
-#ifndef HAVE_INET_NTOP
-
 #include <sys/param.h>
 #include <sys/types.h>
 #ifdef HAVE_SYS_SOCKET_H
@@ -214,5 +212,3 @@ inet_ntop6(const u_char *src, char *dst, size_t size)
 	strlcpy(dst, tmp, size);
 	return (dst);
 }
-
-#endif /* !HAVE_INET_NTOP */

src/compat/inet_pton.c

@@ -17,7 +17,6 @@
  */
 
 #include <config.h>
-
 #include <string.h>
 #include <stdio.h>
 #include <errno.h>

src/compat/mkstemp.c

@@ -0,0 +1,43 @@
+/**
+ * \file mkstemp.c
+ * @brief Implementation of mkstemp for Windows.
+ */
+
+/*
+ * Copyright (c) 2019 Sinodun
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+
+int mkstemp(char *template)
+{
+		if (_mktemp_s(template, strlen(template) + 1) != 0)
+				return -1;
+		return open(template, _O_CREAT | _O_EXCL | _O_RDWR, _S_IWRITE | _S_IREAD);
+}

src/compat/strlcpy.c

@@ -18,7 +18,6 @@
 /* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
 
 #include <config.h>
-#ifndef HAVE_STRLCPY
 
 #include <sys/types.h>
 #include <string.h>
@@ -53,5 +52,3 @@ strlcpy(char *dst, const char *src, size_t siz)
 
 	return(s - src - 1);	/* count does not include NUL */
 }
-
-#endif /* !HAVE_STRLCPY */

src/compat/strptime.c

@@ -0,0 +1,345 @@
+/** strptime workaround (for oa macos leopard)
+  * This strptime follows the man strptime (2001-11-12)
+  *		conforming to SUSv2, POSIX.1-2001
+  *
+  * This very simple version of strptime has no:
+  * - E alternatives
+  * - O alternatives
+  * - Glibc additions
+  * - Does not process week numbers
+  * - Does not properly processes year day
+  *
+  * LICENSE
+  * Copyright (c) 2008, NLnet Labs, Matthijs Mekking
+  * All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions are met:
+  * * Redistributions of source code must retain the above copyright notice,
+  *     this list of conditions and the following disclaimer.
+  * * Redistributions in binary form must reproduce the above copyright
+  *   notice, this list of conditions and the following disclaimer in the
+  *   documentation and/or other materials provided with the distribution.
+  * * Neither the name of NLnetLabs nor the names of its
+  *   contributors may be used to endorse or promote products derived from this
+  *   software without specific prior written permission.
+  *
+  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+  * POSSIBILITY OF SUCH DAMAGE.
+ **/
+
+#include "config.h"
+
+#ifndef HAVE_CONFIG_H
+#include <time.h>
+#endif
+
+#ifndef STRPTIME_WORKS
+
+#define TM_YEAR_BASE 1900
+
+#include <ctype.h>
+#include <string.h>
+
+static const char *abb_weekdays[] = {
+	"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", NULL
+};
+static const char *full_weekdays[] = {
+	"Sunday", "Monday", "Tuesday", "Wednesday",
+	"Thursday", "Friday", "Saturday", NULL
+};
+static const char *abb_months[] = {
+	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
+	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec", NULL
+};
+static const char *full_months[] = {
+	"January", "February", "March", "April", "May", "June",
+	"July", "August", "September", "October", "November", "December", NULL
+};
+static const char *ampm[] = {
+    "am", "pm", NULL
+};
+
+static int
+match_string(const char **buf, const char **strs)
+{
+	int i = 0;
+
+	for (i = 0; strs[i] != NULL; i++) {
+		int len = strlen(strs[i]);
+		if (strncasecmp (*buf, strs[i], len) == 0) {
+			*buf += len;
+			return i;
+		}
+	}
+	return -1;
+}
+
+static int
+str2int(const char **buf, int max)
+{
+	int ret=0, count=0;
+
+	while (*buf[0] != '\0' && isdigit((unsigned char)*buf[0]) && count<max) {
+		ret = ret*10 + (*buf[0] - '0');
+		(*buf)++;
+		count++;
+	}
+
+	if (!count)
+		return -1;
+	return ret;
+}
+
+/** Converts the character string s to values which are stored in tm
+  * using the format specified by format
+ **/
+char *
+unbound_strptime(const char *s, const char *format, struct tm *tm)
+{
+	int c, ret;
+	int split_year = 0;
+
+	while ((c = *format) != '\0') {
+		/* whitespace, literal or format */
+		if (isspace((unsigned char)c)) { /* whitespace */
+			/** whitespace matches zero or more whitespace characters in the
+			  * input string.
+			 **/
+			while (isspace((unsigned char)*s))
+				s++;
+		}
+		else if (c == '%') { /* format */
+			format++;
+			c = *format;
+			switch (c) {
+				case '%': /* %% is converted to % */
+					if (*s != c) {
+						return NULL;
+					}
+					s++;
+					break;
+				case 'a': /* weekday name, abbreviated or full */
+				case 'A':
+					ret = match_string(&s, full_weekdays);
+					if (ret < 0)
+						ret = match_string(&s, abb_weekdays);
+					if (ret < 0) {
+						return NULL;
+					}
+					tm->tm_wday = ret;
+					break;
+				case 'b': /* month name, abbreviated or full */
+				case 'B':
+				case 'h':
+					ret = match_string(&s, full_months);
+					if (ret < 0)
+						ret = match_string(&s, abb_months);
+					if (ret < 0) {
+						return NULL;
+					}
+					tm->tm_mon = ret;
+					break;
+				case 'c': /* date and time representation */
+					if (!(s = unbound_strptime(s, "%x %X", tm))) {
+						return NULL;
+					}
+					break;
+				case 'C': /* century number */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 99) { /* must be in [00,99] */
+						return NULL;
+					}
+
+					if (split_year)	{
+						tm->tm_year = ret*100 + (tm->tm_year%100);
+					}
+					else {
+						tm->tm_year = ret*100 - TM_YEAR_BASE;
+						split_year = 1;
+					}
+					break;
+				case 'd': /* day of month */
+				case 'e':
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 31) { /* must be in [01,31] */
+						return NULL;
+					}
+					tm->tm_mday = ret;
+					break;
+				case 'D': /* equivalent to %m/%d/%y */
+					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
+						return NULL;
+					}
+					break;
+				case 'H': /* hour */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 23) { /* must be in [00,23] */
+						return NULL;
+					}
+					tm->tm_hour = ret;
+					break;
+				case 'I': /* 12hr clock hour */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 12) { /* must be in [01,12] */
+						return NULL;
+					}
+					if (ret == 12) /* actually [0,11] */
+						ret = 0;
+					tm->tm_hour = ret;
+					break;
+				case 'j': /* day of year */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 366) { /* must be in [001,366] */
+						return NULL;
+					}
+					tm->tm_yday = ret;
+					break;
+				case 'm': /* month */
+					ret = str2int(&s, 2);
+					if (ret < 1 || ret > 12) { /* must be in [01,12] */
+						return NULL;
+					}
+					/* months go from 0-11 */
+					tm->tm_mon = (ret-1);
+					break;
+				case 'M': /* minute */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 59) { /* must be in [00,59] */
+						return NULL;
+					}
+					tm->tm_min = ret;
+					break;
+				case 'n': /* arbitrary whitespace */
+				case 't':
+					while (isspace((unsigned char)*s))
+						s++;
+					break;
+				case 'p': /* am pm */
+					ret = match_string(&s, ampm);
+					if (ret < 0) {
+						return NULL;
+					}
+					if (tm->tm_hour < 0 || tm->tm_hour > 11) { /* %I */
+						return NULL;
+					}
+
+					if (ret == 1) /* pm */
+						tm->tm_hour += 12;
+					break;
+				case 'r': /* equivalent of %I:%M:%S %p */
+					if (!(s = unbound_strptime(s, "%I:%M:%S %p", tm))) {
+						return NULL;
+					}
+					break;
+				case 'R': /* equivalent of %H:%M */
+					if (!(s = unbound_strptime(s, "%H:%M", tm))) {
+						return NULL;
+					}
+					break;
+				case 'S': /* seconds */
+					ret = str2int(&s, 2);
+					/* 60 may occur for leap seconds */
+					/* earlier 61 was also allowed */
+					if (ret < 0 || ret > 60) { /* must be in [00,60] */
+						return NULL;
+					}
+					tm->tm_sec = ret;
+					break;
+				case 'T': /* equivalent of %H:%M:%S */
+					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
+						return NULL;
+					}
+					break;
+				case 'U': /* week number, with the first Sun of Jan being w1 */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 53) { /* must be in [00,53] */
+						return NULL;
+					}
+					/** it is hard (and not necessary for nsd) to determine time
+					  * data from week number.
+					 **/
+					break;
+				case 'w': /* day of week */
+					ret = str2int(&s, 1);
+					if (ret < 0 || ret > 6) { /* must be in [0,6] */
+						return NULL;
+					}
+					tm->tm_wday = ret;
+					break;
+				case 'W': /* week number, with the first Mon of Jan being w1 */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 53) { /* must be in [00,53] */
+						return NULL;
+					}
+					/** it is hard (and not necessary for nsd) to determine time
+					  * data from week number.
+					 **/
+					break;
+				case 'x': /* date format */
+					if (!(s = unbound_strptime(s, "%m/%d/%y", tm))) {
+						return NULL;
+					}
+					break;
+				case 'X': /* time format */
+					if (!(s = unbound_strptime(s, "%H:%M:%S", tm))) {
+						return NULL;
+					}
+					break;
+				case 'y': /* last two digits of a year */
+					ret = str2int(&s, 2);
+					if (ret < 0 || ret > 99) { /* must be in [00,99] */
+						return NULL;
+					}
+					if (split_year) {
+						tm->tm_year = ((tm->tm_year/100) * 100) + ret;
+					}
+					else {
+						split_year = 1;
+
+						/** currently:
+						  * if in [0,68] we are in 21th century,
+						  * if in [69,99] we are in 20th century.
+						 **/
+						if (ret < 69) /* 2000 */
+							ret += 100;
+						tm->tm_year = ret;
+					}
+					break;
+				case 'Y': /* year */
+					ret = str2int(&s, 4);
+					if (ret < 0 || ret > 9999) {
+						return NULL;
+					}
+					tm->tm_year = ret - TM_YEAR_BASE;
+					break;
+				case '\0':
+				default: /* unsupported, cannot match format */
+					return NULL;
+					break;
+			}
+		}
+		else { /* literal */
+			/* if input cannot match format, return NULL */
+			if (*s != c)
+				return NULL;
+			s++;
+		}
+
+		format++;
+	}
+
+	/* return pointer to remainder of s */
+	return (char*) s;
+}
+
+#endif /* STRPTIME_WORKS */

src/const-info.c

@@ -30,6 +30,7 @@ static struct const_info consts_info[] = {
 	{     310, "GETDNS_RETURN_MEMORY_ERROR", GETDNS_RETURN_MEMORY_ERROR_TEXT },
 	{     311, "GETDNS_RETURN_INVALID_PARAMETER", GETDNS_RETURN_INVALID_PARAMETER_TEXT },
 	{     312, "GETDNS_RETURN_NOT_IMPLEMENTED", GETDNS_RETURN_NOT_IMPLEMENTED_TEXT },
+	{     397, "GETDNS_RETURN_IO_ERROR", GETDNS_RETURN_IO_ERROR_TEXT },
 	{     398, "GETDNS_RETURN_NO_UPSTREAM_AVAILABLE", GETDNS_RETURN_NO_UPSTREAM_AVAILABLE_TEXT },
 	{     399, "GETDNS_RETURN_NEED_MORE_SPACE", GETDNS_RETURN_NEED_MORE_SPACE_TEXT },
 	{     400, "GETDNS_DNSSEC_SECURE", GETDNS_DNSSEC_SECURE_TEXT },
@@ -82,6 +83,21 @@ static struct const_info consts_info[] = {
 	{     622, "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS_TEXT },
 	{     623, "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME_TEXT },
 	{     624, "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES_TEXT },
+	{     625, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL_TEXT },
+	{     626, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA_TEXT },
+	{     627, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL_TEXT },
+	{     628, "GETDNS_CONTEXT_CODE_APPDATA_DIR", GETDNS_CONTEXT_CODE_APPDATA_DIR_TEXT },
+	{     629, "GETDNS_CONTEXT_CODE_RESOLVCONF", GETDNS_CONTEXT_CODE_RESOLVCONF_TEXT },
+	{     630, "GETDNS_CONTEXT_CODE_HOSTS", GETDNS_CONTEXT_CODE_HOSTS_TEXT },
+	{     631, "GETDNS_CONTEXT_CODE_TLS_CA_PATH", GETDNS_CONTEXT_CODE_TLS_CA_PATH_TEXT },
+	{     632, "GETDNS_CONTEXT_CODE_TLS_CA_FILE", GETDNS_CONTEXT_CODE_TLS_CA_FILE_TEXT },
+	{     633, "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST_TEXT },
+	{     634, "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", GETDNS_CONTEXT_CODE_TLS_CURVES_LIST_TEXT },
+	{     635, "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES_TEXT },
+	{     636, "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", GETDNS_CONTEXT_CODE_TLS_MIN_VERSION_TEXT },
+	{     637, "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", GETDNS_CONTEXT_CODE_TLS_MAX_VERSION_TEXT },
+	{     638, "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME_TEXT },
+	{     699, "GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE", GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE_TEXT },
 	{     700, "GETDNS_CALLBACK_COMPLETE", GETDNS_CALLBACK_COMPLETE_TEXT },
 	{     701, "GETDNS_CALLBACK_CANCEL", GETDNS_CALLBACK_CANCEL_TEXT },
 	{     702, "GETDNS_CALLBACK_TIMEOUT", GETDNS_CALLBACK_TIMEOUT_TEXT },
@@ -103,7 +119,16 @@ static struct const_info consts_info[] = {
 	{    1202, "GETDNS_TRANSPORT_TLS", GETDNS_TRANSPORT_TLS_TEXT },
 	{    1300, "GETDNS_AUTHENTICATION_NONE", GETDNS_AUTHENTICATION_NONE_TEXT },
 	{    1301, "GETDNS_AUTHENTICATION_REQUIRED", GETDNS_AUTHENTICATION_REQUIRED_TEXT },
-	{    4096, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
+	{    1400, "GETDNS_SSL3", GETDNS_SSL3_TEXT },
+	{    1401, "GETDNS_TLS1", GETDNS_TLS1_TEXT },
+	{    1402, "GETDNS_TLS1_1", GETDNS_TLS1_1_TEXT },
+	{    1403, "GETDNS_TLS1_2", GETDNS_TLS1_2_TEXT },
+	{    1404, "GETDNS_TLS1_3", GETDNS_TLS1_3_TEXT },
+	{    8192, "GETDNS_LOG_SYS_STUB", GETDNS_LOG_SYS_STUB_TEXT },
+	{   12288, "GETDNS_LOG_UPSTREAM_STATS", GETDNS_LOG_UPSTREAM_STATS_TEXT },
+	{   16384, "GETDNS_LOG_SYS_RECURSING", GETDNS_LOG_SYS_RECURSING_TEXT },
+	{   24576, "GETDNS_LOG_SYS_RESOLVING", GETDNS_LOG_SYS_RESOLVING_TEXT },
+	{   32768, "GETDNS_LOG_SYS_ANCHOR", GETDNS_LOG_SYS_ANCHOR_TEXT },
 };
 
 static int const_info_cmp(const void *a, const void *b)
@@ -150,6 +175,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CALLBACK_COMPLETE", 700 },
 	{ "GETDNS_CALLBACK_ERROR", 703 },
 	{ "GETDNS_CALLBACK_TIMEOUT", 702 },
+	{ "GETDNS_CONTEXT_CODE_APPDATA_DIR", 628 },
 	{ "GETDNS_CONTEXT_CODE_APPEND_NAME", 607 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_ALLOWED_SKEW", 614 },
 	{ "GETDNS_CONTEXT_CODE_DNSSEC_TRUST_ANCHORS", 609 },
@@ -161,19 +187,33 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_CONTEXT_CODE_EDNS_MAXIMUM_UDP_PAYLOAD_SIZE", 610 },
 	{ "GETDNS_CONTEXT_CODE_EDNS_VERSION", 612 },
 	{ "GETDNS_CONTEXT_CODE_FOLLOW_REDIRECTS", 602 },
+	{ "GETDNS_CONTEXT_CODE_HOSTS", 630 },
 	{ "GETDNS_CONTEXT_CODE_IDLE_TIMEOUT", 617 },
 	{ "GETDNS_CONTEXT_CODE_LIMIT_OUTSTANDING_QUERIES", 606 },
+	{ "GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE", 699 },
 	{ "GETDNS_CONTEXT_CODE_MEMORY_FUNCTIONS", 615 },
 	{ "GETDNS_CONTEXT_CODE_NAMESPACES", 600 },
 	{ "GETDNS_CONTEXT_CODE_PUBKEY_PINSET", 621 },
 	{ "GETDNS_CONTEXT_CODE_RESOLUTION_TYPE", 601 },
+	{ "GETDNS_CONTEXT_CODE_RESOLVCONF", 629 },
 	{ "GETDNS_CONTEXT_CODE_ROUND_ROBIN_UPSTREAMS", 622 },
 	{ "GETDNS_CONTEXT_CODE_SUFFIX", 608 },
 	{ "GETDNS_CONTEXT_CODE_TIMEOUT", 616 },
 	{ "GETDNS_CONTEXT_CODE_TLS_AUTHENTICATION", 618 },
 	{ "GETDNS_CONTEXT_CODE_TLS_BACKOFF_TIME", 623 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CA_FILE", 632 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CA_PATH", 631 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CIPHERSUITES", 635 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CIPHER_LIST", 633 },
 	{ "GETDNS_CONTEXT_CODE_TLS_CONNECTION_RETRIES", 624 },
+	{ "GETDNS_CONTEXT_CODE_TLS_CURVES_LIST", 634 },
+	{ "GETDNS_CONTEXT_CODE_TLS_MAX_VERSION", 637 },
+	{ "GETDNS_CONTEXT_CODE_TLS_MIN_VERSION", 636 },
 	{ "GETDNS_CONTEXT_CODE_TLS_QUERY_PADDING_BLOCKSIZE", 620 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_BACKOFF_TIME", 638 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_URL", 625 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_CA", 626 },
+	{ "GETDNS_CONTEXT_CODE_TRUST_ANCHORS_VERIFY_EMAIL", 627 },
 	{ "GETDNS_CONTEXT_CODE_UPSTREAM_RECURSIVE_SERVERS", 603 },
 	{ "GETDNS_DNSSEC_BOGUS", 401 },
 	{ "GETDNS_DNSSEC_INDETERMINATE", 402 },
@@ -189,7 +229,11 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_LOG_ERR", 3 },
 	{ "GETDNS_LOG_INFO", 6 },
 	{ "GETDNS_LOG_NOTICE", 5 },
-	{ "GETDNS_LOG_UPSTREAM_STATS", 4096 },
+	{ "GETDNS_LOG_SYS_ANCHOR", 32768 },
+	{ "GETDNS_LOG_SYS_RECURSING", 16384 },
+	{ "GETDNS_LOG_SYS_RESOLVING", 24576 },
+	{ "GETDNS_LOG_SYS_STUB", 8192 },
+	{ "GETDNS_LOG_UPSTREAM_STATS", 12288 },
 	{ "GETDNS_LOG_WARNING", 4 },
 	{ "GETDNS_NAMESPACE_DNS", 500 },
 	{ "GETDNS_NAMESPACE_LOCALNAMES", 501 },
@@ -204,6 +248,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_OPCODE_STATUS", 2 },
 	{ "GETDNS_OPCODE_UPDATE", 5 },
 	{ "GETDNS_RCODE_BADALG", 21 },
+	{ "GETDNS_RCODE_BADCOOKIE", 23 },
 	{ "GETDNS_RCODE_BADKEY", 17 },
 	{ "GETDNS_RCODE_BADMODE", 19 },
 	{ "GETDNS_RCODE_BADNAME", 20 },
@@ -211,7 +256,6 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RCODE_BADTIME", 18 },
 	{ "GETDNS_RCODE_BADTRUNC", 22 },
 	{ "GETDNS_RCODE_BADVERS", 16 },
-	{ "GETDNS_RCODE_COOKIE", 23 },
 	{ "GETDNS_RCODE_FORMERR", 1 },
 	{ "GETDNS_RCODE_NOERROR", 0 },
 	{ "GETDNS_RCODE_NOTAUTH", 9 },
@@ -240,6 +284,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RETURN_GENERIC_ERROR", 1 },
 	{ "GETDNS_RETURN_GOOD", 0 },
 	{ "GETDNS_RETURN_INVALID_PARAMETER", 311 },
+	{ "GETDNS_RETURN_IO_ERROR", 397 },
 	{ "GETDNS_RETURN_MEMORY_ERROR", 310 },
 	{ "GETDNS_RETURN_NEED_MORE_SPACE", 399 },
 	{ "GETDNS_RETURN_NOT_IMPLEMENTED", 312 },
@@ -255,8 +300,10 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRCLASS_IN", 1 },
 	{ "GETDNS_RRCLASS_NONE", 254 },
 	{ "GETDNS_RRTYPE_A", 1 },
+	{ "GETDNS_RRTYPE_A6", 38 },
 	{ "GETDNS_RRTYPE_AAAA", 28 },
 	{ "GETDNS_RRTYPE_AFSDB", 18 },
+	{ "GETDNS_RRTYPE_AMTRELAY", 260 },
 	{ "GETDNS_RRTYPE_ANY", 255 },
 	{ "GETDNS_RRTYPE_APL", 42 },
 	{ "GETDNS_RRTYPE_ATMA", 34 },
@@ -272,17 +319,23 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_DLV", 32769 },
 	{ "GETDNS_RRTYPE_DNAME", 39 },
 	{ "GETDNS_RRTYPE_DNSKEY", 48 },
+	{ "GETDNS_RRTYPE_DOA", 259 },
 	{ "GETDNS_RRTYPE_DS", 43 },
 	{ "GETDNS_RRTYPE_EID", 31 },
+	{ "GETDNS_RRTYPE_EUI48", 108 },
+	{ "GETDNS_RRTYPE_EUI64", 109 },
 	{ "GETDNS_RRTYPE_GID", 102 },
 	{ "GETDNS_RRTYPE_GPOS", 27 },
 	{ "GETDNS_RRTYPE_HINFO", 13 },
 	{ "GETDNS_RRTYPE_HIP", 55 },
+	{ "GETDNS_RRTYPE_HTTPS", 65 },
 	{ "GETDNS_RRTYPE_IPSECKEY", 45 },
 	{ "GETDNS_RRTYPE_ISDN", 20 },
 	{ "GETDNS_RRTYPE_IXFR", 251 },
 	{ "GETDNS_RRTYPE_KEY", 25 },
 	{ "GETDNS_RRTYPE_KX", 36 },
+	{ "GETDNS_RRTYPE_L32", 105 },
+	{ "GETDNS_RRTYPE_L64", 106 },
 	{ "GETDNS_RRTYPE_LOC", 29 },
 	{ "GETDNS_RRTYPE_LP", 107 },
 	{ "GETDNS_RRTYPE_MAILA", 254 },
@@ -302,6 +355,8 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_NSAP", 22 },
 	{ "GETDNS_RRTYPE_NSAP_PTR", 23 },
 	{ "GETDNS_RRTYPE_NSEC", 47 },
+	{ "GETDNS_RRTYPE_NSEC3", 50 },
+	{ "GETDNS_RRTYPE_NSEC3PARAM", 51 },
 	{ "GETDNS_RRTYPE_NULL", 10 },
 	{ "GETDNS_RRTYPE_NXT", 30 },
 	{ "GETDNS_RRTYPE_OPENPGPKEY", 61 },
@@ -319,6 +374,7 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_SPF", 99 },
 	{ "GETDNS_RRTYPE_SRV", 33 },
 	{ "GETDNS_RRTYPE_SSHFP", 44 },
+	{ "GETDNS_RRTYPE_SVCB", 64 },
 	{ "GETDNS_RRTYPE_TA", 32768 },
 	{ "GETDNS_RRTYPE_TALINK", 58 },
 	{ "GETDNS_RRTYPE_TKEY", 249 },
@@ -330,6 +386,13 @@ static struct const_name_info consts_name_info[] = {
 	{ "GETDNS_RRTYPE_UNSPEC", 103 },
 	{ "GETDNS_RRTYPE_URI", 256 },
 	{ "GETDNS_RRTYPE_WKS", 11 },
+	{ "GETDNS_RRTYPE_X25", 19 },
+	{ "GETDNS_RRTYPE_ZONEMD", 63 },
+	{ "GETDNS_SSL3", 1400 },
+	{ "GETDNS_TLS1", 1401 },
+	{ "GETDNS_TLS1_1", 1402 },
+	{ "GETDNS_TLS1_2", 1403 },
+	{ "GETDNS_TLS1_3", 1404 },
 	{ "GETDNS_TRANSPORT_TCP", 1201 },
 	{ "GETDNS_TRANSPORT_TCP_ONLY", 542 },
 	{ "GETDNS_TRANSPORT_TCP_ONLY_KEEP_CONNECTIONS_OPEN", 543 },

src/const-info.h

@@ -39,6 +39,14 @@
 #ifndef CONST_INFO_H_
 #define CONST_INFO_H_
 
+#include "getdns/getdns.h"
+#include "getdns/getdns_extra.h"
+
+#ifndef GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE
+#define GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE 699
+#define GETDNS_CONTEXT_CODE_MAX_BACKOFF_VALUE_TEXT "Change related to getdns_context_set_max_backoff_value"
+#endif
+
 struct const_info {
 	int code;
 	const char *name;

src/context.h

@@ -48,13 +48,13 @@
 #ifdef HAVE_MDNS_SUPPORT
 #include "util/lruhash.h"
 #endif
+#include "rr-iter.h"
+#include "anchor.h"
+#include "tls.h"
 
 struct getdns_dns_req;
 struct ub_ctx;
 
-#define GETDNS_FN_RESOLVCONF "/etc/resolv.conf"
-#define GETDNS_FN_HOSTS      "/etc/hosts"
-
 enum filechgs { GETDNS_FCHG_ERRORS = -1
  , GETDNS_FCHG_NOERROR   = 0
  , GETDNS_FCHG_NOCHANGES = 0
@@ -70,10 +70,10 @@ typedef void (*getdns_update_callback2) (struct getdns_context *,
 
 /* internal use only for detecting changes to system files */
 struct filechg {
-	char *fn;
+	char fn[_GETDNS_PATH_MAX];
 	int  changes;
 	int  errors;
-	struct stat *prevstat;
+	struct stat prevstat;
 };
 
 typedef enum getdns_tls_hs_state {
@@ -92,6 +92,16 @@ typedef enum getdns_conn_state {
 	GETDNS_CONN_BACKOFF
 } getdns_conn_state_t;
 
+typedef enum getdns_tasrc {
+	GETDNS_TASRC_NONE,
+	GETDNS_TASRC_ZONE,
+	GETDNS_TASRC_APP,
+	GETDNS_TASRC_FETCHING,
+	GETDNS_TASRC_XML,
+	GETDNS_TASRC_XML_UPDATE,
+	GETDNS_TASRC_FAILED
+} getdns_tasrc;
+
 typedef enum getdns_tsig_algo {
 	GETDNS_NO_TSIG     = 0, /* Do not use tsig */
 	GETDNS_HMAC_MD5    = 1, /* 128 bits */
@@ -103,6 +113,7 @@ typedef enum getdns_tsig_algo {
 	GETDNS_HMAC_SHA512 = 7
 } getdns_tsig_algo;
 
+
 typedef struct getdns_tsig_info {
 	getdns_tsig_algo  alg;
 	const char       *name;
@@ -117,7 +128,7 @@ const getdns_tsig_info *_getdns_get_tsig_info(getdns_tsig_algo tsig_alg);
 
 /* for doing public key pinning of TLS-capable upstreams: */
 typedef struct sha256_pin {
-	char pin[SHA256_DIGEST_LENGTH];
+	uint8_t pin[SHA256_DIGEST_LENGTH];
 	struct sha256_pin *next;
 } sha256_pin_t;
 
@@ -170,6 +181,7 @@ typedef struct getdns_upstream {
 	size_t                   conn_shutdowns;
 	size_t                   conn_setup_failed;
 	time_t                   conn_retry_time;
+	uint16_t                 conn_backoff_interval;
 	size_t                   conn_backoffs;
 	size_t                   total_responses;
 	size_t                   total_timeouts;
@@ -182,19 +194,33 @@ typedef struct getdns_upstream {
 	size_t                   responses_timeouts;
 	size_t                   keepalive_shutdown;
 	uint64_t                 keepalive_timeout;
+	int                      server_keepalive_received;
 
 	/* Management of outstanding requests on stateful transports */
 	getdns_network_req      *write_queue;
 	getdns_network_req      *write_queue_last;
 	_getdns_rbtree_t         netreq_by_query_id;
 
+	/* TCP specific connection handling*/
+	unsigned                 tfo_use_sendto  : 1;
 	/* TLS specific connection handling*/
-	SSL*                     tls_obj;
-	SSL_SESSION*             tls_session;
+	unsigned                 tls_fallback_ok : 1;
+	_getdns_tls_connection*  tls_obj;
+	_getdns_tls_session*     tls_session;
 	getdns_tls_hs_state_t    tls_hs_state;
 	getdns_auth_state_t      tls_auth_state;
-	unsigned                 tls_fallback_ok : 1;
-	/* Auth credentials*/
+	uint64_t                 expires; /* Expire time of waiting netreqs.
+	                                   * This is how long a handshake may
+	                                   * take.
+	                                   */
+	/* TLS settings */
+	char                    *tls_cipher_list;
+	char                    *tls_ciphersuites;
+	char                    *tls_curves_list;
+	getdns_tls_version_t     tls_min_version;
+	getdns_tls_version_t     tls_max_version;
+
+	/* Auth credentials */
 	char                     tls_auth_name[256];
 	sha256_pin_t            *tls_pubkey_pinset;
 
@@ -217,15 +243,13 @@ typedef struct getdns_upstream {
 	unsigned is_sync_loop : 1;
 
 	/* EDNS cookies */
-	uint32_t secret;
-	uint8_t  client_cookie[8];
-	uint8_t  prev_client_cookie[8];
-	uint8_t  server_cookie[32];
+	uint8_t  server_cookie[40];
+	size_t   server_cookie_len;
 	
-	unsigned has_client_cookie : 1;
-	unsigned has_prev_client_cookie : 1;
-	unsigned has_server_cookie : 1;
-	unsigned server_cookie_len : 5;
+	uint64_t                src_addr_checked;
+	struct sockaddr_storage src_addr;
+	socklen_t               src_addr_len;
+	char                    src_addr_str[INET6_ADDRSTRLEN];
 
 	/* TSIG */
 	uint8_t          tsig_dname[256];
@@ -249,12 +273,51 @@ typedef struct getdns_upstreams {
 	size_t count;
 	size_t current_udp;
 	size_t current_stateful;
+	uint16_t max_backoff_value;
 	uint16_t tls_backoff_time;
 	uint16_t tls_connection_retries;
 	getdns_log_config log;
 	getdns_upstream upstreams[];
 } getdns_upstreams;
 
+typedef enum tas_state {
+	TAS_LOOKUP_ADDRESSES = 0,
+	TAS_WRITE_GET_XML,
+	TAS_READ_XML_HDR,
+	TAS_READ_XML_DOC,
+	TAS_WRITE_GET_PS7,
+	TAS_READ_PS7_HDR,
+	TAS_READ_PS7_DOC,
+	TAS_DONE,
+	TAS_RETRY,
+	TAS_RETRY_GET_PS7,
+	TAS_RETRY_PS7_HDR,
+	TAS_RETRY_PS7_DOC,
+	TAS_RETRY_DONE
+} tas_state;
+
+typedef enum _getdns_property {
+	PROP_INHERIT =  0,
+	PROP_UNKNOWN =  1,
+	PROP_UNABLE  =  2,
+	PROP_ABLE    =  3 
+} _getdns_property;
+
+typedef struct tas_connection {
+	getdns_eventloop       *loop;
+	getdns_network_req     *req;
+	_getdns_rrset_spc       rrset_spc;
+	_getdns_rrset          *rrset;
+	_getdns_rrtype_iter     rr_spc;
+	_getdns_rrtype_iter    *rr;
+	int                    fd;
+	getdns_eventloop_event event;
+	tas_state              state;
+	getdns_tcp_state       tcp;
+	char                  *http;
+	getdns_bindata         xml;
+} tas_connection;
+
 struct getdns_context {
 	/* Context values */
 	getdns_resolution_t  resolution_type;
@@ -262,6 +325,7 @@ struct getdns_context {
 	size_t               namespace_count;
 	uint64_t             timeout;
 	uint64_t             idle_timeout;
+	int                  tcp_send_timeout; /* -1 is unset */
 	getdns_redirects_t   follow_redirects;
 	getdns_list          *dns_root_servers;
 
@@ -276,14 +340,41 @@ struct getdns_context {
 	const uint8_t        *suffixes;
 	/* Length of all suffixes in the suffix buffer */
 	size_t               suffixes_len; 
+
 	uint8_t              *trust_anchors;
 	size_t                trust_anchors_len;
+	getdns_tasrc          trust_anchors_source;
+
+	tas_connection        a;
+	tas_connection        aaaa;
+	uint8_t               tas_hdr_spc[512];
+
+	char                 *trust_anchors_url;
+	char                 *trust_anchors_verify_CA;
+	char                 *trust_anchors_verify_email;
+	uint64_t              trust_anchors_backoff_time;
+	uint64_t              trust_anchors_backoff_expiry;
+
+	_getdns_ksks          root_ksk;
+
+	char                 *appdata_dir;
+	_getdns_property      can_write_appdata;
+
+	char                 *tls_ca_path;
+	char                 *tls_ca_file;
+	char                 *tls_cipher_list;
+	char                 *tls_ciphersuites;
+	char                 *tls_curves_list;
+	getdns_tls_version_t  tls_min_version;
+	getdns_tls_version_t  tls_max_version;
+
 	getdns_upstreams     *upstreams;
 	uint16_t             limit_outstanding_queries;
 	uint32_t             dnssec_allowed_skew;
 	getdns_tls_authentication_t  tls_auth;  /* What user requested for TLS*/
 	getdns_tls_authentication_t  tls_auth_min; /* Derived minimum auth allowed*/
 	uint8_t              round_robin_upstreams;
+	uint16_t             max_backoff_value;
 	uint16_t             tls_backoff_time;
 	uint16_t             tls_connection_retries;
 
@@ -296,7 +387,7 @@ struct getdns_context {
 	int edns_maximum_udp_payload_size; /* -1 is unset */
 	uint8_t edns_client_subnet_private;
 	uint16_t tls_query_padding_blocksize;
-	SSL_CTX* tls_ctx;
+	_getdns_tls_context* tls_ctx;
 
 	getdns_update_callback  update_callback;
 	getdns_update_callback2 update_callback2;
@@ -306,6 +397,7 @@ struct getdns_context {
 
 	int processing;
 	int destroying;
+	int to_destroy;
 
 	struct mem_funcs mf;
 	struct mem_funcs my_mf;
@@ -358,6 +450,7 @@ struct getdns_context {
 	getdns_dict *header;
 	getdns_dict *add_opt_parameters;
 	unsigned add_warning_for_bad_dns             : 1;
+	unsigned dnssec                              : 1;
 	unsigned dnssec_return_all_statuses          : 1;
 	unsigned dnssec_return_full_validation_chain : 1;
 	unsigned dnssec_return_only_secure           : 1;
@@ -372,11 +465,23 @@ struct getdns_context {
 	unsigned return_call_reporting               : 1;
 	uint16_t specify_class;
 
+	/*
+	 * Context for doing system queries.
+	 * For example to resolve data.iana.org or to resolver the addresses
+	 * of upstreams without specified addresses.
+	 */
+	getdns_context *sys_ctxt;
+
+	/* List of dnsreqs that want to be notified when we have fetched a
+	 * trust anchor from data.iana.org.
+	 */
+	getdns_dns_req *ta_notify;
+
 	/*
 	 * state data used to detect changes to the system config files
 	 */
-	struct filechg *fchg_resolvconf;
-	struct filechg *fchg_hosts;
+	struct filechg fchg_resolvconf;
+	struct filechg fchg_hosts;
 
 	uint8_t trust_anchors_spc[1024];
 
@@ -403,11 +508,38 @@ struct getdns_context {
 #endif /* HAVE_MDNS_SUPPORT */
 }; /* getdns_context */
 
-void _getdns_upstream_log(getdns_upstream *upstream, uint64_t system,
-    getdns_loglevel_type level, const char *fmt, ...);
+static inline int _getdns_check_log(const getdns_log_config *log,
+    uint64_t system, getdns_loglevel_type level)
+{ assert(log)
+; return log->func && (log->system & system) && level <= log->level; }
 
-void _getdns_context_log(getdns_context *context, uint64_t system,
-    getdns_loglevel_type level, const char *fmt, ...);
+static inline void _getdns_log(const getdns_log_config *log,
+    uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
+{
+	va_list args;
+
+	if (!_getdns_check_log(log, system, level))
+		return;
+
+	va_start(args, fmt);
+	log->func(log->userarg, system, level, fmt, args);
+	va_end(args);
+}
+
+static inline void _getdns_upstream_log(const getdns_upstream *up,
+    uint64_t system, getdns_loglevel_type level, const char *fmt, ...)
+{
+	va_list args;
+
+	if (!up || !up->upstreams
+	||  !_getdns_check_log(&up->upstreams->log, system, level))
+		return;
+
+	va_start(args, fmt);
+	up->upstreams->log.func(
+	    up->upstreams->log.userarg, system, level, fmt, args);
+	va_end(args);
+}
 
 
 /** internal functions **/
@@ -415,11 +547,9 @@ void _getdns_context_log(getdns_context *context, uint64_t system,
  * Sets up the unbound contexts with stub or recursive behavior
  * if needed.
  * @param context previously initialized getdns_context
- * @param usenamespaces if 0 then only use the DNS, else use context namespace list
  * @return GETDNS_RETURN_GOOD on success
  */
-getdns_return_t _getdns_context_prepare_for_resolution(struct getdns_context *context,
- int usenamespaces);
+getdns_return_t _getdns_context_prepare_for_resolution(getdns_context *context);
 
 /* Register a getdns_dns_req with context.
  * - Without pluggable unbound event API,
@@ -449,8 +579,6 @@ void _getdns_context_cancel_request(getdns_dns_req *dnsreq);
  */
 void _getdns_context_request_timed_out(getdns_dns_req *dnsreq);
 
-char *_getdns_strdup(const struct mem_funcs *mfs, const char *str);
-
 struct getdns_bindata *_getdns_bindata_copy(
     struct mem_funcs *mfs, size_t size, const uint8_t *data);
 
@@ -462,12 +590,23 @@ void _getdns_bindata_destroy(
 getdns_return_t _getdns_context_local_namespace_resolve(
     getdns_dns_req* req, struct getdns_dict **response);
 
-int _getdns_filechg_check(struct getdns_context *context, struct filechg *fchg);
-
 void _getdns_context_ub_read_cb(void *userarg);
 
 void _getdns_upstreams_dereference(getdns_upstreams *upstreams);
 
 void _getdns_upstream_shutdown(getdns_upstream *upstream);
 
+FILE *_getdns_context_get_priv_fp(
+    const getdns_context *context, const char *fn);
+uint8_t *_getdns_context_get_priv_file(const getdns_context *context,
+    const char *fn, uint8_t *buf, size_t buf_len, size_t *file_sz);
+
+int _getdns_context_write_priv_file(getdns_context *context,
+    const char *fn, getdns_bindata *content);
+
+int _getdns_context_can_write_appdata(getdns_context *context);
+
+getdns_context *_getdns_context_get_sys_ctxt(
+    getdns_context *context, getdns_eventloop *loop);
+
 #endif /* _GETDNS_CONTEXT_H_ */

src/convert.c

@@ -32,16 +32,15 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+#include "config.h"
 #include <stdio.h>
 #include <string.h>
 #include <locale.h>
-#include "config.h"
 #ifndef USE_WINSOCK
 #include <arpa/inet.h>
 #endif
-#ifdef HAVE_LIBIDN
-#include <stringprep.h>
-#include <idna.h>
+#if defined(HAVE_LIBIDN2)
+#include <idn2.h>
 #endif
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
@@ -54,6 +53,9 @@
 #include "dict.h"
 #include "list.h"
 #include "jsmn/jsmn.h"
+#ifdef USE_YAML_CONFIG
+#include "yaml/convert_yaml_to_json.h"
+#endif
 #include "convert.h"
 #include "debug.h"
 
@@ -112,48 +114,17 @@ getdns_convert_fqdn_to_dns_name(
 char *
 getdns_convert_ulabel_to_alabel(const char *ulabel)
 {
-#ifdef HAVE_LIBIDN
-    int ret;
-    char *buf;
-    char *prepped;
-    char *prepped2;
+#if defined(HAVE_LIBIDN2)
+	uint8_t *alabel;
 
-    if (ulabel == NULL)
-	return 0;
-    prepped2 = malloc(BUFSIZ);
-    if(!prepped2)
-	    return 0;
-    setlocale(LC_ALL, "");
-    if ((prepped = stringprep_locale_to_utf8(ulabel)) == 0) {
-	/* convert to utf8 fails, which it can, but continue anyway */
-	if(strlen(ulabel)+1 > BUFSIZ) {
-	    free(prepped2);
-	    return 0;
-	}
-	memcpy(prepped2, ulabel, strlen(ulabel)+1);
-    } else {
-	if(strlen(prepped)+1 > BUFSIZ) {
-	    free(prepped);
-	    free(prepped2);
-	    return 0;
-	}
-	memcpy(prepped2, prepped, strlen(prepped)+1);
-	free(prepped);
-    }
-    if ((ret = stringprep(prepped2, BUFSIZ, 0, stringprep_nameprep)) != STRINGPREP_OK) {
-	free(prepped2);
-	return 0;
-    }
-    if ((ret = idna_to_ascii_8z(prepped2, &buf, 0)) != IDNA_SUCCESS)  {
-	free(prepped2);
-	return 0;
-    }
-    free(prepped2);
-    return buf;
+	if (!ulabel) return NULL;
+
+	if (idn2_lookup_u8((uint8_t *)ulabel, &alabel, IDN2_TRANSITIONAL) == IDN2_OK)
+		return (char *)alabel;
 #else
-    (void)ulabel;
-    return NULL;
+	(void)ulabel; /* unused parameter */
 #endif
+	return NULL;
 }
 
 /*---------------------------------------- getdns_convert_alabel_to_ulabel */
@@ -170,20 +141,17 @@ getdns_convert_ulabel_to_alabel(const char *ulabel)
 char *
 getdns_convert_alabel_to_ulabel(const char *alabel)
 {
-#ifdef HAVE_LIBIDN
-    int  ret;              /* just in case we might want to use it someday */
-    char *buf;
+#if defined(HAVE_LIBIDN2)
+	char *ulabel;
 
-    if (alabel == NULL)
-        return 0;
-    if ((ret = idna_to_unicode_8z8z(alabel, &buf, 0)) != IDNA_SUCCESS)  {
-        return NULL;
-    }
-    return buf;
+	if (!alabel) return NULL;
+
+	if (idn2_to_unicode_8z8z(alabel, &ulabel, 0) == IDN2_OK)
+		return ulabel;
 #else
-    (void)alabel;
-    return NULL;
+	(void)alabel; /* unused parameter */
 #endif
+	return NULL;
 }
 
 
@@ -459,7 +427,7 @@ getdns_rr_dict2str_scan(
 	prev_str_len = *str_len;
 	sz = (size_t)*str_len;
 	sz_needed = gldns_wire2str_rr_scan(
-	    &scan_buf, &scan_sz, str, &sz, NULL, 0);
+	    &scan_buf, &scan_sz, str, &sz, NULL, 0, NULL);
 
 	if (sz_needed > prev_str_len) {
 		*str = prev_str + sz_needed;
@@ -561,8 +529,10 @@ _getdns_fp2rr_list(struct mem_funcs *mf,
 	else while (r == GETDNS_RETURN_GOOD && !feof(in)) {
 		len = GLDNS_RR_BUF_SIZE;
 		dname_len = 0;
-		if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst))
+		if (gldns_fp2wire_rr_buf(in, rr, &len, &dname_len, &pst)) {
+			r = GETDNS_RETURN_GENERIC_ERROR;
 			break;
+		}
 		if (dname_len && dname_len < sizeof(pst.prev_rr)) {
 			memcpy(pst.prev_rr, rr, dname_len);
 			pst.prev_rr_len = dname_len;
@@ -776,6 +746,75 @@ getdns_wire2msg_dict_scan(
 		else   GLDNS_ ## Y ## _CLR(header); \
 	}
 
+static getdns_return_t
+_getdns_reply_dict2wire_hdr(
+    const getdns_dict *reply, gldns_buffer *gbuf, getdns_bindata *wf_reply)
+{
+	size_t          pkt_start = gldns_buffer_position(gbuf);
+	size_t          pkt_len = wf_reply->size;
+	uint8_t        *header = gldns_buffer_current(gbuf);
+	uint8_t        *pkt_end = header + pkt_len;
+	getdns_list    *sec;
+	size_t          sec_len;
+	uint32_t        n, i;
+	_getdns_rr_iter rr_iter_storage, *rr_iter;
+	getdns_list    *section;
+	size_t          rrs2skip;
+	getdns_dict    *rr_dict;
+
+	gldns_buffer_write(gbuf, wf_reply->data, wf_reply->size);
+
+	if (GLDNS_QDCOUNT(header) != 1
+	|| (GLDNS_ARCOUNT(header) != 0 && GLDNS_ARCOUNT(header) != 1))
+		return GETDNS_RETURN_GENERIC_ERROR;
+
+	sec_len = 0;
+	if (!getdns_dict_get_list(reply, "answer", &sec))
+		(void) getdns_list_get_length(sec, &sec_len);
+	if (sec_len != GLDNS_ANCOUNT(header))
+		return GETDNS_RETURN_GENERIC_ERROR;
+
+	sec_len = 0;
+	if (!getdns_dict_get_list(reply, "authority", &sec))
+		(void) getdns_list_get_length(sec, &sec_len);
+	if (sec_len != GLDNS_NSCOUNT(header))
+		return GETDNS_RETURN_GENERIC_ERROR;
+
+	rrs2skip = 1 + GLDNS_ANCOUNT(header) +  GLDNS_NSCOUNT(header);
+
+	SET_HEADER_INT(id, ID);
+	SET_HEADER_BIT(qr, QR);
+	SET_HEADER_BIT(aa, AA);
+	SET_HEADER_BIT(tc, TC);
+	SET_HEADER_BIT(rd, RD);
+	SET_HEADER_BIT(cd, CD);
+	SET_HEADER_BIT(ra, RA);
+	SET_HEADER_BIT(ad, AD);
+	SET_HEADER_INT(opcode, OPCODE);
+	SET_HEADER_INT(rcode, RCODE);
+	SET_HEADER_BIT(z, Z);
+
+	for ( rr_iter = _getdns_rr_iter_init(&rr_iter_storage, header, pkt_len)
+	    ; rr_iter
+	    ; rr_iter = _getdns_rr_iter_next(rr_iter)) {
+		if (rr_iter->nxt > pkt_end)
+			return GETDNS_RETURN_GENERIC_ERROR;
+		if (!--rrs2skip)
+			break;
+		/* TODO: Delete sigs when do bit was off */
+	}
+	gldns_buffer_set_position(gbuf, rr_iter->nxt - header);
+	if (!getdns_dict_get_list(reply, "additional", &section)) {
+		for ( n = 0, i = 0
+		    ; !getdns_list_get_dict(section, i, &rr_dict); i++) {
+			 if (!_getdns_rr_dict2wire(rr_dict, gbuf))
+				 n++;
+		}
+		gldns_buffer_write_u16_at(gbuf, pkt_start+GLDNS_ARCOUNT_OFF, n);
+	}
+	return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t
 _getdns_reply_dict2wire(
     const getdns_dict *reply, gldns_buffer *buf, int reuse_header)
@@ -786,6 +825,7 @@ _getdns_reply_dict2wire(
 	getdns_list *section;
 	getdns_dict *rr_dict;
 	getdns_bindata *qname;
+	name_cache_t name_cache = {0};
 	int remove_dnssec;
 
 	pkt_start = gldns_buffer_position(buf);
@@ -815,7 +855,7 @@ _getdns_reply_dict2wire(
 	if (!getdns_dict_get_bindata(reply, "/question/qname", &qname) &&
 	    !getdns_dict_get_int(reply, "/question/qtype", &qtype)) {
 		(void)getdns_dict_get_int(reply, "/question/qclass", &qclass);
-		gldns_buffer_write(buf, qname->data, qname->size);
+		_getdns_rr_buffer_write_cached_name(buf, qname, &name_cache);
 		gldns_buffer_write_u16(buf, (uint16_t)qtype);
 		gldns_buffer_write_u16(buf, (uint16_t)qclass);
 		gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_QDCOUNT_OFF, 1);
@@ -838,7 +878,7 @@ _getdns_reply_dict2wire(
 			    !getdns_dict_get_int(rr_dict, "type", &rr_type) &&
 			    rr_type == GETDNS_RRTYPE_RRSIG)
 				continue;
-			if (!_getdns_rr_dict2wire(rr_dict, buf))
+			if (!_getdns_rr_dict2wire_cache(rr_dict, buf, &name_cache))
 				 n++;
 		}
 		gldns_buffer_write_u16_at(buf, pkt_start+GLDNS_ANCOUNT_OFF, n);
@@ -882,6 +922,8 @@ _getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
 	getdns_return_t r;
 	getdns_list    *replies;
 	getdns_dict    *reply;
+	getdns_list    *wf_replies = NULL;
+	getdns_bindata *wf_reply;
 	size_t i;
 
 	if ((r = getdns_dict_get_list(msg_dict, "replies_tree", &replies))) {
@@ -889,8 +931,23 @@ _getdns_msg_dict2wire_buf(const getdns_dict *msg_dict, gldns_buffer *gbuf)
 			return r;
 		return _getdns_reply_dict2wire(msg_dict, gbuf, 0);
 	}
+	(void) getdns_dict_get_list(msg_dict, "replies_full", &wf_replies);
 	for (i = 0; r == GETDNS_RETURN_GOOD; i++) {
-		if (!(r = getdns_list_get_dict(replies, i, &reply)))
+		if ((r = getdns_list_get_dict(replies, i, &reply)))
+			;
+		else if (wf_replies
+		     && !getdns_list_get_bindata(wf_replies, i, &wf_reply)) {
+			size_t pkt_start = gldns_buffer_position(gbuf);
+
+			if (!gldns_buffer_reserve(gbuf, wf_reply->size))
+				return GETDNS_RETURN_NEED_MORE_SPACE;
+
+			if ((r = _getdns_reply_dict2wire_hdr( reply, gbuf
+			                                    , wf_reply))) {
+				gldns_buffer_set_position(gbuf, pkt_start);
+				r = _getdns_reply_dict2wire(reply, gbuf, 0);
+			}
+		} else
 			r = _getdns_reply_dict2wire(reply, gbuf, 0);
 	}
 	return r == GETDNS_RETURN_NO_SUCH_LIST_ITEM ? GETDNS_RETURN_GOOD : r;
@@ -1134,7 +1191,7 @@ _getdns_ipaddr_dict_mf(struct mem_funcs *mf, const char *ipstr)
 			tsig_name_str = "";
 		}
 	}
-	if (*ipstr == '*') {
+	if (*ipstr == '*' && *(ipstr+1) == '\0') {
 		getdns_dict_util_set_string(r, "address_type", "IPv6");
 		addr.size = 16;
 		(void) memset(buf, 0, 16);
@@ -1388,7 +1445,7 @@ static int _jsmn_get_int(const char *js, jsmntok_t *t, uint32_t *value)
 
 static int _jsmn_get_const(const char *js, jsmntok_t *t, uint32_t *value)
 {
-	char value_str[80];
+	char value_str[80] = "";
 	int size = t->end - t->start;
 
 	if (size <= 0 || size >= (int)sizeof(value_str))
@@ -1669,7 +1726,7 @@ getdns_str2dict(const char *str, getdns_dict **dict)
 	if (!str || !dict)
 		return GETDNS_RETURN_INVALID_PARAMETER;
 
-	while (*str && isspace(*str))
+	while (*str && isspace((unsigned char)*str))
 		str++;
 
 	if (*str != '{') {
@@ -1802,3 +1859,101 @@ getdns_str2int(const char *str, uint32_t *value)
 	return GETDNS_RETURN_GOOD;
 }
 
+#ifdef USE_YAML_CONFIG
+getdns_return_t
+getdns_yaml2dict(const char *str, getdns_dict **dict)
+{
+	char *jsonstr;
+	
+	if (!str || !dict)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2dict(jsonstr, dict);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+}
+#endif /* USE_YAML_CONFIG */
+
+/* WT: I am not certain about the value of yaml2list...
+ *     I don't see how yaml2bindata and yaml2int  would be different from
+ *     the str2bindata and str2int ones.
+ */
+#if 0
+
+getdns_return_t
+getdns_yaml2list(const char *str, getdns_list **list)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !list)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2list(jsonstr, list);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	(void) str; /* unused parameter */
+	(void) list; /* unused parameter */
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
+getdns_return_t
+getdns_yaml2bindata(const char *str, getdns_bindata **bindata)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !bindata)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2bindata(jsonstr, bindata);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	(void) str; /* unused parameter */
+	(void) bindata; /* unused parameter */
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+
+getdns_return_t
+getdns_yaml2int(const char *str, uint32_t *value)
+{
+#ifdef USE_YAML_CONFIG
+	char *jsonstr;
+	
+	if (!str || !value)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	jsonstr = yaml_string_to_json_string(str);
+	if (jsonstr) {
+		getdns_return_t res = getdns_str2int(jsonstr, value);
+		free(jsonstr);
+		return res;
+	} else {
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}	
+#else /* USE_YAML_CONFIG */
+	(void) str; /* unused parameter */
+	(void) value; /* unused parameter */
+	return GETDNS_RETURN_NOT_IMPLEMENTED;
+#endif /* USE_YAML_CONFIG */
+}
+#endif

src/convert.h

@@ -38,6 +38,10 @@
 #include "types-internal.h"
 #include <stdio.h>
 
+getdns_return_t
+_getdns_wire2msg_dict_scan(struct mem_funcs *mf,
+    const uint8_t **wire, size_t *wire_len, getdns_dict **msg_dict);
+
 getdns_return_t _getdns_wire2rr_dict(struct mem_funcs *mf,
     const uint8_t *wire, size_t wire_len, getdns_dict **rr_dict);
 

src/debug.h

@@ -47,45 +47,58 @@
 
 #ifdef GETDNS_ON_WINDOWS
 #define DEBUG_ON(...) do { \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
-        time_t tsec; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
+		time_t tsec_dEbUgSyM; \
 		\
-		gettimeofday(&tv, NULL); \
-		tsec = (time_t) tv.tv_sec; \
-		gmtime_s(&tm, (const time_t *) &tsec); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
+		fprintf(stderr, __VA_ARGS__); \
+	} while (0)
+
+#define DEBUG_NL(...) do {		    \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
+		time_t tsec_dEbUgSyM; \
+		\
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		tsec_dEbUgSyM = (time_t) tv_dEbUgSyM.tv_sec; \
+		gmtime_s(&tm_dEbUgSyM, (const time_t *) &tsec_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
 #else
 #define DEBUG_ON(...) do { \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
 		\
-		gettimeofday(&tv, NULL); \
-		gmtime_r(&tv.tv_sec, &tm); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 	} while (0)
-#endif
 
 #define DEBUG_NL(...) do {		    \
-		struct timeval tv; \
-		struct tm tm; \
-		char buf[10]; \
+		struct timeval tv_dEbUgSyM; \
+		struct tm tm_dEbUgSyM; \
+		char buf_dEbUgSyM[10]; \
 		\
-		gettimeofday(&tv, NULL); \
-		gmtime_r(&tv.tv_sec, &tm); \
-		strftime(buf, 10, "%H:%M:%S", &tm); \
-		fprintf(stderr, "[%s.%.6d] ", buf, (int)tv.tv_usec); \
+		gettimeofday(&tv_dEbUgSyM, NULL); \
+		gmtime_r(&tv_dEbUgSyM.tv_sec, &tm_dEbUgSyM); \
+		strftime(buf_dEbUgSyM, 10, "%H:%M:%S", &tm_dEbUgSyM); \
+		fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 		fprintf(stderr, __VA_ARGS__); \
 		fprintf(stderr, "\n"); \
 	} while (0)
-
+#endif
 
 #define DEBUG_OFF(...) do {} while (0)
 
@@ -162,14 +175,25 @@ static inline void debug_req(const char *msg, getdns_network_req *netreq)
 #define DEBUG_MDNS(...) DEBUG_OFF(__VA_ARGS__)
 #endif
 
+#if defined(ANCHOR_DEBUG) && ANCHOR_DEBUG
+#include <time.h>
+#define DEBUG_ANCHOR(...) DEBUG_ON(__VA_ARGS__)
+#else
+#define DEBUG_ANCHOR(...) DEBUG_OFF(__VA_ARGS__)
+#endif
+
 #if (defined(REQ_DEBUG)    && REQ_DEBUG)    || \
     (defined(SCHED_DEBUG)  && SCHED_DEBUG)  || \
     (defined(STUB_DEBUG)   && STUB_DEBUG)   || \
     (defined(DAEMON_DEBUG) && DAEMON_DEBUG) || \
     (defined(SEC_DEBUG)    && SEC_DEBUG)    || \
     (defined(SERVER_DEBUG) && SERVER_DEBUG) || \
-    (defined(MDNS_DEBUG)   && MDNS_DEBUG)
+    (defined(MDNS_DEBUG)   && MDNS_DEBUG)   || \
+    (defined(ANCHOR_DEBUG) && ANCHOR_DEBUG)
 #define DEBUGGING 1
+static inline int
+_getdns_ERR_print_errors_cb_f(const char *str, size_t len, void *u)
+{ DEBUG_ON("%.*s (u: %p)\n", (int)len, str, u); return 1; }
 #endif
 
 #endif

src/dict.c

@@ -34,8 +34,8 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <ctype.h>
 #include "config.h"
+#include <ctype.h>
 #ifndef USE_WINSOCK
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -83,7 +83,7 @@ static char *_json_ptr_first(const struct mem_funcs *mf,
 static struct getdns_dict_item *
 _find_dict_item(const getdns_dict *dict, const char *jptr)
 {
-	char first_spc[1024], *first;
+	char first_spc[1024] = "", *first;
 	struct getdns_dict_item *d;
 
 	first = _json_ptr_first(&dict->mf, jptr,
@@ -434,7 +434,7 @@ getdns_dict_create_with_memory_functions(void *(*malloc)(size_t),
 
 /*-------------------------- getdns_dict_create_with_context */
 struct getdns_dict *
-getdns_dict_create_with_context(struct getdns_context *context)
+getdns_dict_create_with_context(const getdns_context *context)
 {
 	if (context)
 		return getdns_dict_create_with_extended_memory_functions(
@@ -655,7 +655,8 @@ getdns_dict_set_bindata(
 
 /*---------------------------------------- getdns_dict_set_bindata */
 getdns_return_t
-getdns_dict_util_set_string(getdns_dict *dict, char *name, const char *value)
+getdns_dict_util_set_string(getdns_dict *dict,
+    const char *name, const char *value)
 {
 	getdns_item    *item;
 	getdns_bindata *newbindata;
@@ -737,21 +738,16 @@ getdns_pp_base64(gldns_buffer *buf, getdns_bindata *bindata)
 {
 	size_t p = gldns_buffer_position(buf);
 	size_t base64str_sz;
-	char *target;
-	size_t avail;
 
 	if (gldns_buffer_printf(buf, " <bindata of ") < 0)
 		return -1;
 
 	base64str_sz = gldns_b64_ntop_calculate_size(bindata->size);
-	target = (char *)gldns_buffer_current(buf);
-	avail = gldns_buffer_remaining(buf);
-	if (avail >= base64str_sz)
-		gldns_buffer_skip(buf, gldns_b64_ntop(
-		    bindata->data, bindata->size,
-		    target, base64str_sz));
-	else
-		gldns_buffer_skip(buf, base64str_sz);
+	if (!gldns_buffer_reserve(buf, base64str_sz))
+		return -1;
+
+	gldns_buffer_skip(buf, gldns_b64_ntop(bindata->data, bindata->size,
+	    (char *)gldns_buffer_current(buf), base64str_sz));
 
 	if (gldns_buffer_printf(buf, ">") < 0)
 		return -1;
@@ -786,13 +782,37 @@ getdns_pp_bindata(gldns_buffer *buf, getdns_bindata *bindata,
 
 	if (bindata->size > 0 && i == bindata->size) {     /* all printable? */
 
-		if (json)
-			(void)snprintf(spc, sizeof(spc), "\"%%.%ds\"", (int)i);
-		else
+		if (json) {
+			const uint8_t *s = bindata->data;
+			const uint8_t *e = s + bindata->size;
+			const uint8_t *b;
+
+			if (!gldns_buffer_reserve(buf, (e - s) + 2))
+				return -1;
+			gldns_buffer_write_u8(buf, '"');
+			for (;;) {
+				for ( b = s
+				    ; b < e && *b != '\\' && *b != '"'
+				    ; b++)
+					; /* pass */
+				if (b == e)
+					break;
+				if (!gldns_buffer_reserve(buf, (b - s) + 3))
+					return -1;
+				gldns_buffer_write(buf, s, b - s);
+				gldns_buffer_write_u8(buf, '\\');
+				gldns_buffer_write_u8(buf, *b);
+				s = b + 1;
+			}
+			if (s < e)
+			       	gldns_buffer_write(buf, s, e - s);
+			gldns_buffer_write_u8(buf, '"');
+		} else {
 			(void)snprintf(spc, sizeof(spc), "of \"%%.%ds\"%s>",
 			    (int)(i > 32 ? 32 : i), (i > 32 ? "..." : ""));
 			if (gldns_buffer_printf(buf, spc, bindata->data) < 0)
 				return -1;
+		}
 
 	} else if (bindata->size > 1 &&         /* null terminated printable */
 	    i == bindata->size - 1 && bindata->data[i] == 0) {
@@ -872,6 +892,7 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 	struct getdns_bindata *bindata_item;
 	uint32_t int_item;
 	const char *strval;
+	char abuf[80];
 
 	if (list == NULL)
 		return 0;
@@ -913,7 +934,21 @@ getdns_pp_list(gldns_buffer *buf, size_t indent, const getdns_list *list,
 			if (getdns_list_get_bindata(list, i, &bindata_item) !=
 			    GETDNS_RETURN_GOOD)
 				return -1;
-			if (getdns_pp_bindata(
+
+			if (for_literals && (bindata_item->size == 4  ||
+			                     bindata_item->size == 16 )) {
+
+				if (gldns_buffer_printf(buf, 
+				    (json ? "\"%s\"" : " <bindata for %s>"),
+				    inet_ntop(( bindata_item->size == 4
+				              ? AF_INET : AF_INET6)
+				              , bindata_item->data
+				              , abuf
+				              , sizeof(abuf) - 1
+				              )) < 0)
+					return -1;
+
+			} else if (getdns_pp_bindata(
 			    buf, bindata_item, 0, json) < 0)
 				return -1;
 			break;
@@ -1002,7 +1037,7 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 {
 	static const char *rcodes[] = {
 		" GETDNS_RCODE_NOERROR" , " GETDNS_RCODE_FORMERR"  ,
-		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN",
+		" GETDNS_RCODE_SERVFAIL", " GETDNS_RCODE_NXDOMAIN" ,
 		" GETDNS_RCODE_NOTIMP"  , " GETDNS_RCODE_REFUSED"  ,
 		" GETDNS_RCODE_YXDOMAIN", " GETDNS_RCODE_YXRRSET"  ,
 		" GETDNS_RCODE_NXRRSET" , " GETDNS_RCODE_NOTAUTH"  ,
@@ -1010,12 +1045,12 @@ _getdns_print_rcode(gldns_buffer *buf, uint32_t rcode)
 		" GETDNS_RCODE_BADSIG"  , " GETDNS_RCODE_BADKEY"   ,
 		" GETDNS_RCODE_BADTIME" , " GETDNS_RCODE_BADMODE"  ,
 		" GETDNS_RCODE_BADNAME" , " GETDNS_RCODE_BADALG"   ,
-		" GETDNS_RCODE_BADTRUNC"
+		" GETDNS_RCODE_BADTRUNC", " GETDNS_RCODE_BADCOOKIE"
 	};
 	if (rcode <= 10)
 		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode]);
-	else if (rcode >= 16 && rcode <= 22)
-		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-6]);
+	else if (rcode >= 16 && rcode <= 23)
+		(void) gldns_buffer_printf(buf, "%s", rcodes[rcode-5]);
 	else
 		return 0;
 	return 1;
@@ -1082,7 +1117,28 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			     strcmp(item->node.key, "follow_redirects") == 0 ||
 			     strcmp(item->node.key, "transport") == 0 ||
 			     strcmp(item->node.key, "resolution_type") == 0 ||
-			     strcmp(item->node.key, "tls_authentication") == 0 ) &&
+			     strcmp(item->node.key, "tls_authentication") == 0 ||
+			     strcmp(item->node.key, "tls_min_version") == 0 ||
+			     strcmp(item->node.key, "tls_max_version") == 0 ||
+
+			     /* extensions */
+			     strcmp(item->node.key, "add_warning_for_bad_dns") == 0 ||
+			     strcmp(item->node.key, "dnssec") == 0 ||
+			     strcmp(item->node.key, "dnssec_return_all_statuses") == 0 ||
+			     strcmp(item->node.key, "dnssec_return_full_validation_chain") == 0 ||
+			     strcmp(item->node.key, "dnssec_return_only_secure") == 0 ||
+			     strcmp(item->node.key, "dnssec_return_status") == 0 ||
+			     strcmp(item->node.key, "dnssec_return_validation_chain") == 0 ||
+#if defined(DNSSEC_ROADBLOCK_AVOIDANCE) && defined(HAVE_LIBUNBOUND)
+			     strcmp(item->node.key, "dnssec_roadblock_avoidance") == 0 ||
+#endif
+#ifdef EDNS_COOKIES
+			     strcmp(item->node.key, "edns_cookies") == 0 ||
+#endif
+			     strcmp(item->node.key, "return_api_information") == 0 ||
+			     strcmp(item->node.key, "return_both_v4_and_v6") == 0 ||
+			     strcmp(item->node.key, "return_call_reporting") == 0
+			     ) &&
 			    (strval =
 			     _getdns_get_const_info(item->i.data.n)->name)) {
 				if (gldns_buffer_printf(buf, " %s", strval) < 0)
@@ -1100,6 +1156,11 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (!json && strcmp(item->node.key, "rcode") == 0 &&
 			    _getdns_print_rcode(buf, item->i.data.n))
 				break;
+			if (!json &&
+			    strcmp(item->node.key, "extended_rcode") == 0 &&
+			    item->i.data.n >= 16 &&
+			    _getdns_print_rcode(buf, item->i.data.n))
+				break;
 			if (gldns_buffer_printf(
 			    buf,(json < 2 ? " %d" : "%d"), item->i.data.n) < 0)
 				return -1;
@@ -1108,7 +1169,9 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 		case t_bindata:
 			if ((strcmp(item->node.key, "address_data") == 0 ||
 			     strcmp(item->node.key, "ipv4_address") == 0 ||
-			     strcmp(item->node.key, "ipv6_address") == 0 ) &&
+			     strcmp(item->node.key, "ipv6_address") == 0 ||
+			     strcmp(item->node.key, "answer_ipv4_address") == 0 ||
+			     strcmp(item->node.key, "answer_ipv6_address") == 0) &&
 			    (item->i.data.bindata->size == 4  ||
 			     item->i.data.bindata->size == 16 )) {
 
@@ -1156,8 +1219,9 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			if (getdns_pp_list(buf, indent, item->i.data.list, 
 			    (strcmp(item->node.key, "namespaces") == 0 ||
 			     strcmp(item->node.key, "dns_transport_list") == 0
-			     || strcmp(item->node.key, "bad_dns") == 0),
-			    json) < 0)
+			     || strcmp(item->node.key, "bad_dns") == 0 ||
+			     strcmp(item->node.key, "dns_root_servers") == 0
+			    ), json) < 0)
 				return -1;
 			break;
 

src/dnssec.h

@@ -48,6 +48,7 @@
 void _getdns_get_validation_chain(getdns_dns_req *dns_req);
 void _getdns_cancel_validation_chain(getdns_dns_req *dns_req);
 void _getdns_validation_chain_timeout(getdns_dns_req *dns_req);
+void _getdns_ta_notify_dnsreqs(getdns_context *context);
 
 uint16_t _getdns_parse_ta_file(time_t *ta_mtime, gldns_buffer *gbuf);
 
@@ -66,6 +67,8 @@ static inline int _dnssec_rdata_to_canonicalize(uint16_t rr_type)
 	    || rr_type == GLDNS_RR_TYPE_DNAME || rr_type == GLDNS_RR_TYPE_RRSIG;
 }
 
+int _getdns_bogus(getdns_dns_req *dns_req);
+
 #endif
 
 /* dnssec.h */

src/extension/libev.c

@@ -97,7 +97,7 @@ static void
 getdns_libev_read_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
-	(void)l; (void)revents;
+	(void)l; (void)revents; /* unused parameters */
         assert(el_ev->read_cb);
         el_ev->read_cb(el_ev->userarg);
 }
@@ -106,7 +106,7 @@ static void
 getdns_libev_write_cb(struct ev_loop *l, struct ev_io *io, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)io->data;
-	(void)l; (void)revents;
+	(void)l; (void)revents; /* unused parameters */
         assert(el_ev->write_cb);
         el_ev->write_cb(el_ev->userarg);
 }
@@ -115,7 +115,7 @@ static void
 getdns_libev_timeout_cb(struct ev_loop *l, struct ev_timer *timer, int revents)
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
-	(void)l; (void)revents;
+	(void)l; (void)revents; /* unused parameters */
         assert(el_ev->timeout_cb);
         el_ev->timeout_cb(el_ev->userarg);
 }

src/extension/libevent.c

@@ -33,7 +33,11 @@
 
 #include "config.h"
 #include "types-internal.h"
+#ifndef USE_WINSOCK
 #include <sys/time.h>
+#else
+#include <winsock2.h>
+#endif
 #include "getdns/getdns_ext_libevent.h"
 
 #ifdef HAVE_EVENT2_EVENT_H
@@ -95,7 +99,7 @@ static getdns_return_t
 getdns_libevent_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 {
 	struct event *my_ev = (struct event *)el_ev->ev;
-	(void)loop;
+	(void)loop; /* unused parameter */
 
 	assert(my_ev);
 
@@ -111,7 +115,7 @@ static void
 getdns_libevent_callback(evutil_socket_t fd, short bits, void *arg)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)arg;
-	(void)fd;
+	(void)fd; /* unused parameter */
 
 	if (bits & EV_READ) {
 		assert(el_ev->read_cb);

src/extension/libuv.c

@@ -73,8 +73,7 @@ getdns_libuv_cleanup(getdns_eventloop *loop)
 }
 
 typedef struct poll_timer {
-	uv_poll_t        read;
-	uv_poll_t        write;
+	uv_poll_t        poll;
 	uv_timer_t       timer;
 	int              to_close;
 	struct mem_funcs mf;
@@ -104,22 +103,15 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 	poll_timer   *my_ev = (poll_timer *)el_ev->ev;
 	uv_poll_t    *my_poll;
 	uv_timer_t   *my_timer;
-	(void)loop;
+	(void)loop; /* unused parameter */
 	
 	assert(my_ev);
 
 	DEBUG_UV("enter libuv_clear(el_ev = %p, my_ev = %p, to_close = %d)\n"
 	        , el_ev, my_ev, my_ev->to_close);
 
-	if (el_ev->read_cb) {
-		my_poll = &my_ev->read;
-		uv_poll_stop(my_poll);
-		my_ev->to_close += 1;
-		my_poll->data = my_ev;
-		uv_close((uv_handle_t *)my_poll, getdns_libuv_close_cb);
-	}
-	if (el_ev->write_cb) {
-		my_poll = &my_ev->write;
+	if (el_ev->read_cb || el_ev->write_cb) {
+		my_poll = &my_ev->poll;
 		uv_poll_stop(my_poll);
 		my_ev->to_close += 1;
 		my_poll->data = my_ev;
@@ -139,29 +131,29 @@ getdns_libuv_clear(getdns_eventloop *loop, getdns_eventloop_event *el_ev)
 }
 
 static void
-getdns_libuv_read_cb(uv_poll_t *poll, int status, int events)
+getdns_libuv_cb(uv_poll_t *poll, int status, int events)
 {
 	getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
-	(void)status; (void)events;
+
+	if (status == 0) {
+		if (events & UV_READABLE) {
 			assert(el_ev->read_cb);
 			DEBUG_UV("enter libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 					, el_ev, el_ev->ev);
 			el_ev->read_cb(el_ev->userarg);
 			DEBUG_UV("exit  libuv_read_cb(el_ev = %p, el_ev->ev = %p)\n"
 					, el_ev, el_ev->ev);
-}
-
-static void
-getdns_libuv_write_cb(uv_poll_t *poll, int status, int events)
-{
-        getdns_eventloop_event *el_ev = (getdns_eventloop_event *)poll->data;
-	(void)status; (void)events;
+		} else if (events & UV_WRITABLE) {
 			assert(el_ev->write_cb);
 			DEBUG_UV("enter libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 					, el_ev, el_ev->ev);
 			el_ev->write_cb(el_ev->userarg);
 			DEBUG_UV("exit  libuv_write_cb(el_ev = %p, el_ev->ev = %p)\n"
 					, el_ev, el_ev->ev);
+		} else {
+			assert(ASSERT_UNREACHABLE);
+		}
+	}
 }
 
 static void
@@ -172,6 +164,9 @@ getdns_libuv_timeout_cb(uv_timer_t *timer, int status)
 #endif
 {
         getdns_eventloop_event *el_ev = (getdns_eventloop_event *)timer->data;
+#ifndef HAVE_NEW_UV_TIMER_CB
+	(void)status; /* unused parameter */
+#endif
         assert(el_ev->timeout_cb);
 	DEBUG_UV("enter libuv_timeout_cb(el_ev = %p, el_ev->ev = %p)\n"
 	        , el_ev, el_ev->ev);
@@ -203,17 +198,14 @@ getdns_libuv_schedule(getdns_eventloop *loop,
 	my_ev->mf = ext->mf;
 	el_ev->ev = my_ev;
 
-	if (el_ev->read_cb) {
-		my_poll = &my_ev->read;
+	if (el_ev->read_cb || el_ev->write_cb) {
+		my_poll = &my_ev->poll;
 		my_poll->data = el_ev;
 		uv_poll_init(ext->loop, my_poll, fd);
-		uv_poll_start(my_poll, UV_READABLE, getdns_libuv_read_cb);
-	}
-	if (el_ev->write_cb) {
-		my_poll = &my_ev->write;
-		my_poll->data = el_ev;
-		uv_poll_init(ext->loop, my_poll, fd);
-		uv_poll_start(my_poll, UV_WRITABLE, getdns_libuv_write_cb);
+		int events =
+			(el_ev->read_cb ? UV_READABLE : 0) |
+			(el_ev->write_cb ? UV_WRITABLE : 0);
+		uv_poll_start(my_poll, events, getdns_libuv_cb);
 	}
 	if (el_ev->timeout_cb) {
 		my_timer = &my_ev->timer;

src/extension/poll_eventloop.c

@@ -27,13 +27,8 @@
 
 #include "config.h"
 
-#ifdef HAVE_SYS_POLL_H
-#include <sys/poll.h>
-#else
-#ifndef USE_WINSOCK
-#include <poll.h>
-#endif
-#endif
+#include "util-internal.h"
+#include "platform.h"
 #ifdef HAVE_SYS_RESOURCE_H
 #include <sys/resource.h>
 #endif
@@ -148,7 +143,7 @@ static uint64_t get_now_plus(uint64_t amount)
 	uint64_t       now;
 
 	if (gettimeofday(&tv, NULL)) {
-		perror("gettimeofday() failed");
+		_getdns_perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
@@ -293,9 +288,10 @@ static void
 poll_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
+	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	if (event && event->read_cb)
 		event->read_cb(event->userarg);
 }
 
@@ -303,9 +299,10 @@ static void
 poll_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
+	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
+	if (event && event->write_cb)
 		event->write_cb(event->userarg);
 }
 
@@ -313,6 +310,7 @@ static void
 poll_timeout_cb(getdns_eventloop_event *event)
 {
 	DEBUG_SCHED( "%s(event: %p)\n", __FUNC__, (void *)event);
+	if (event && event->timeout_cb)
 		event->timeout_cb(event->userarg);
 }
 
@@ -408,12 +406,14 @@ poll_eventloop_run_once(getdns_eventloop *loop, int blocking)
     {
         Sleep(poll_timeout);
     } else
-	if (WSAPoll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
-#else	
-	if (poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
 #endif
-		perror("poll() failed");
-		exit(EXIT_FAILURE);
+	if (_getdns_poll(poll_loop->pfds, poll_loop->fd_events_free, poll_timeout) < 0) {
+		if (_getdns_socketerror() == _getdns_EAGAIN ||
+		    _getdns_socketerror() == _getdns_EINTR )
+			return;
+
+		DEBUG_SCHED("I/O error with poll(): %s\n", _getdns_errnostr());
+		return;
 	}
 	now = get_now_plus(0);
 

src/extension/select_eventloop.c

@@ -27,9 +27,10 @@
 
 #include "config.h"
 
-#include "extension/select_eventloop.h"
 #include "debug.h"
 #include "types-internal.h"
+#include "platform.h"
+#include "extension/select_eventloop.h"
 
 static uint64_t get_now_plus(uint64_t amount)
 {
@@ -37,7 +38,7 @@ static uint64_t get_now_plus(uint64_t amount)
 	uint64_t       now;
 
 	if (gettimeofday(&tv, NULL)) {
-		perror("gettimeofday() failed");
+		_getdns_perror("gettimeofday() failed");
 		exit(EXIT_FAILURE);
 	}
 	now = tv.tv_sec * 1000000 + tv.tv_usec;
@@ -153,14 +154,14 @@ select_eventloop_clear(getdns_eventloop *loop, getdns_eventloop_event *event)
 static void
 select_eventloop_cleanup(getdns_eventloop *loop)
 {
-	(void)loop;
+	(void)loop; /* unused parameter */
 }
 
 static void
 select_read_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
+	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->read_cb(event->userarg);
@@ -170,7 +171,7 @@ static void
 select_write_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
+	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->write_cb(event->userarg);
@@ -180,7 +181,7 @@ static void
 select_timeout_cb(int fd, getdns_eventloop_event *event)
 {
 #if !defined(SCHED_DEBUG) || !SCHED_DEBUG
-	(void)fd;
+	(void)fd; /* unused parameter */
 #endif
 	DEBUG_SCHED( "%s(fd: %d, event: %p)\n", __FUNC__, fd, (void *)event);
 	event->timeout_cb(event->userarg);
@@ -235,20 +236,24 @@ select_eventloop_run_once(getdns_eventloop *loop, int blocking)
 		tv.tv_usec = (long)((timeout - now) % 1000000);
 	}
 #ifdef USE_WINSOCK
-    if (max_fd == -1)
-    {
-        if (timeout != TIMEOUT_FOREVER)
-        {
+	if (max_fd == -1) {
+		if (timeout != TIMEOUT_FOREVER) {
 			uint32_t timeout_ms = (tv.tv_usec / 1000) + (tv.tv_sec * 1000);
 			Sleep(timeout_ms);
         	}
-    } else
+	} else {
 #endif
 	if (select(max_fd + 1, &readfds, &writefds, NULL,
-	    (timeout == TIMEOUT_FOREVER ? NULL : &tv)) < 0) {
-		perror("select() failed");
-		exit(EXIT_FAILURE);
+		   ((blocking && timeout == TIMEOUT_FOREVER) ? NULL : &tv)) < 0) {
+		if (_getdns_socketerror_wants_retry())
+			return;
+
+		DEBUG_SCHED("I/O error with select(): %s\n", _getdns_errnostr());
+		return;
 	}
+#ifdef USE_WINSOCK
+	}
+#endif
 	now = get_now_plus(0);
 	for (fd = 0; fd < (int)FD_SETSIZE; fd++) {
 		if (select_loop->fd_events[fd] &&
@@ -304,7 +309,7 @@ _getdns_select_eventloop_init(struct mem_funcs *mf, _getdns_select_eventloop *lo
 		select_eventloop_run,
 		select_eventloop_run_once
 	};
-	(void) mf;
+	(void) mf; /* unused parameter */
 	(void) memset(loop, 0, sizeof(_getdns_select_eventloop));
 	loop->loop.vmt = &select_eventloop_vmt;
 }

src/extension/select_eventloop.h

@@ -34,6 +34,7 @@
 #include "config.h"
 #include "getdns/getdns.h"
 #include "getdns/getdns_extra.h"
+#include "types-internal.h"
 
 /* No more than select's capability queries can be outstanding,
  * The number of outstanding timeouts should be less or equal then

src/general.c

@@ -54,6 +54,7 @@
 #include "dict.h"
 #include "mdns.h"
 #include "debug.h"
+#include "anchor.h"
 
 void _getdns_call_user_callback(getdns_dns_req *dnsreq, getdns_dict *response)
 {
@@ -115,7 +116,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 
 	/* Do we have to check more suffixes on nxdomain/nodata?
 	 */
-	if (dns_req->is_dns_request &&
+	if (dns_req->is_dns_request == 1 &&
 	    dns_req->suffix_appended && /* Something was appended */
 	    dns_req->suffix_len > 1 &&  /* Next suffix available */
 	    no_answer(dns_req)) {
@@ -152,7 +153,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 			return;
 		}
 	} else if (
-	    dns_req->is_dns_request &&
+	    dns_req->is_dns_request == 1 &&
 	    ( dns_req->append_name ==
 	      GETDNS_APPEND_NAME_ONLY_TO_SINGLE_LABEL_AFTER_FAILURE ||
 	      dns_req->append_name ==
@@ -205,7 +206,7 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 	} else if (! results_found)
 		_getdns_call_user_callback(dns_req, NULL);
 	else if (
-	    dns_req->is_dns_request &&
+	    dns_req->is_dns_request == 1 &&
 	    (dns_req->dnssec_return_validation_chain
 #ifdef DNSSEC_ROADBLOCK_AVOIDANCE
 	    || (   dns_req->dnssec_roadblock_avoidance 
@@ -213,13 +214,20 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 #endif
 
 #ifdef STUB_NATIVE_DNSSEC
-	    || (dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
+	    || (    dns_req->context->resolution_type == GETDNS_RESOLUTION_STUB
 	        && !dns_req->avoid_dnssec_roadblocks
 	        && (dns_req->dnssec_return_status ||
 	            dns_req->dnssec_return_only_secure ||
+	            dns_req->dnssec ||
 	            dns_req->dnssec_return_all_statuses
 	           ))
 #endif
+	    || (   dns_req->context->resolution_type == GETDNS_RESOLUTION_RECURSING
+	       && (dns_req->dnssec_return_status ||
+	           dns_req->dnssec_return_only_secure ||
+	           dns_req->dnssec ||
+	           dns_req->dnssec_return_all_statuses)
+	       && _getdns_bogus(dns_req))
 	    )) {
 		/* Reschedule timeout for this DNS request
 		 */
@@ -243,10 +251,18 @@ _getdns_check_dns_req_complete(getdns_dns_req *dns_req)
 
 #ifdef HAVE_LIBUNBOUND
 #ifdef HAVE_UNBOUND_EVENT_API
+#if UNBOUND_VERSION_MAJOR > 1 || (UNBOUND_VERSION_MAJOR == 1 && UNBOUND_VERSION_MINOR >= 8)
+static void
+ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
+    int sec, char* why_bogus, int was_ratelimited)
+{
+	(void) was_ratelimited; /* unused parameter */
+#else
 static void
 ub_resolve_event_callback(void* arg, int rcode, void *pkt, int pkt_len,
     int sec, char* why_bogus)
 {
+#endif
 	getdns_network_req *netreq = (getdns_network_req *) arg;
 	getdns_dns_req *dns_req = netreq->owner;
 
@@ -336,7 +352,7 @@ _getdns_netreq_change_state(
 	if (!netreq)
 		return;
 
-	if (!netreq->owner->is_dns_request) {
+	if (netreq->owner->is_dns_request == 0) {
 		netreq->state = new_state;
 		return;
 	}
@@ -416,6 +432,7 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 	if ( context->resolution_type == GETDNS_RESOLUTION_RECURSING
 	    || dns_req->dnssec_return_status
 	    || dns_req->dnssec_return_only_secure
+	    || dns_req->dnssec
 	    || dns_req->dnssec_return_all_statuses
 	    || dns_req->dnssec_return_validation_chain) {
 #endif
@@ -442,14 +459,12 @@ _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms)
 		if (_getdns_ub_loop_enabled(&context->ub_loop))
 			ub_resolve_r = ub_resolve_event(context->unbound_ctx,
 			    name, netreq->request_type, dns_req->request_class,
-			    netreq, ub_resolve_event_callback, &(netreq->unbound_id)) ?
-			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
+			    netreq, ub_resolve_event_callback, &(netreq->unbound_id));
 		else
 #endif
 			ub_resolve_r = ub_resolve_async(context->unbound_ctx,
 			    name, netreq->request_type, dns_req->request_class,
-			    netreq, ub_resolve_callback, &(netreq->unbound_id)) ?
-			    GETDNS_RETURN_GENERIC_ERROR : GETDNS_RETURN_GOOD;
+			    netreq, ub_resolve_callback, &(netreq->unbound_id));
 		if (dnsreq_freed)
 			return DNS_REQ_FINISHED;
 		dns_req->freed = NULL;
@@ -487,7 +502,7 @@ extformatcmp(const void *a, const void *b)
 
 /*---------------------------------------- validate_extensions */
 static getdns_return_t
-validate_extensions(struct getdns_dict * extensions)
+validate_extensions(const getdns_dict * extensions)
 {
 	/**
 	  * this is a comprehensive list of extensions and their data types
@@ -498,6 +513,7 @@ validate_extensions(struct getdns_dict * extensions)
 	static getdns_extension_format extformats[] = {
 		{"add_opt_parameters"            , t_dict, 1},
 		{"add_warning_for_bad_dns"       , t_int , 1},
+		{"dnssec"                        , t_int , 1},
 		{"dnssec_return_all_statuses"    , t_int , 1},
 		{"dnssec_return_full_validation_chain", t_int , 1},
 		{"dnssec_return_only_secure"     , t_int , 1},
@@ -550,7 +566,7 @@ validate_extensions(struct getdns_dict * extensions)
 
 static getdns_return_t
 getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
-    const char *name, uint16_t request_type, getdns_dict *extensions,
+    const char *name, uint16_t request_type, const getdns_dict *extensions,
     void *userarg, getdns_network_req **return_netreq_p,
     getdns_callback_t callbackfn, internal_cb_t internal_cb, int usenamespaces)
 {
@@ -570,11 +586,6 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 	if (extensions && (r = validate_extensions(extensions)))
 		return r;
 
-	/* Set up the context assuming we won't use the specified namespaces.
-	   This is (currently) identical to setting up a pure DNS namespace */
-	if ((r = _getdns_context_prepare_for_resolution(context, 0)))
-		return r;
-
 	/* create the request */
 	if (!(req = _getdns_dns_req_new(
 	    context, loop, name, request_type, extensions, &now_ms)))
@@ -590,9 +601,36 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 
 	_getdns_context_track_outbound_request(req);
 
-	if (!usenamespaces)
+	if (req->dnssec_extension_set) {
+		if (context->trust_anchors_source == GETDNS_TASRC_FAILED
+		&&  _getdns_ms_until_expiry2(
+		    context->trust_anchors_backoff_expiry, &now_ms) == 0) {
+			context->trust_anchors_source = GETDNS_TASRC_NONE;
+		}
+		if (context->trust_anchors_source == GETDNS_TASRC_XML_UPDATE)
+			_getdns_start_fetching_ta(context, loop, &now_ms);
+
+		else if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+			_getdns_context_equip_with_anchor(context, &now_ms);
+			if (context->trust_anchors_source == GETDNS_TASRC_NONE) {
+				_getdns_start_fetching_ta(context, loop, &now_ms);
+			}
+		}
+	}
+	if (!usenamespaces) {
+		if (context->trust_anchors_source == GETDNS_TASRC_FETCHING
+		    && context->resolution_type == GETDNS_RESOLUTION_RECURSING
+		    && context->resolution_type != context->resolution_type_set) {
+			req->waiting_for_ta = 1;
+			req->ta_notify = context->ta_notify;
+			context->ta_notify = req;
+			return GETDNS_RETURN_GOOD;
+		}
+		if ((r = _getdns_context_prepare_for_resolution(context)))
+			; /* pass */
+
 		/* issue all network requests */
-		for ( netreq_p = req->netreqs
+		else for ( netreq_p = req->netreqs
 		    ; !r && (netreq = *netreq_p)
 		    ; netreq_p++) {
 			if ((r = _getdns_submit_netreq(netreq, &now_ms))) {
@@ -605,7 +643,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 		}
 
-	else for (i = 0; i < context->namespace_count; i++) {
+	} else for (i = 0; i < context->namespace_count; i++) {
 		if (context->namespaces[i] == GETDNS_NAMESPACE_LOCALNAMES) {
 
 			if (!(r = _getdns_context_local_namespace_resolve(
@@ -613,6 +651,8 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 				req->is_dns_request = 0;
 				_getdns_call_user_callback
 				    ( req, localnames_response);
+				if (return_netreq_p)
+					*return_netreq_p = NULL;
 				break;
 			}
 #ifdef HAVE_MDNS_SUPPORT
@@ -639,6 +679,16 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 			}
 #endif /* HAVE_MDNS_SUPPORT */
 		} else if (context->namespaces[i] == GETDNS_NAMESPACE_DNS) {
+			if (context->trust_anchors_source == GETDNS_TASRC_FETCHING
+			    && context->resolution_type == GETDNS_RESOLUTION_RECURSING
+			    && context->resolution_type != context->resolution_type_set) {
+				req->waiting_for_ta = 1;
+				req->ta_notify = context->ta_notify;
+				context->ta_notify = req;
+				return GETDNS_RETURN_GOOD;
+			}
+			if ((r =  _getdns_context_prepare_for_resolution(context)))
+				break;
 
 			/* TODO: We will get a good return code here even if
 			   the name is not found (NXDOMAIN). We should consider
@@ -665,6 +715,8 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 		/* clean up the request */
 		_getdns_context_clear_outbound_request(req);
 		_getdns_dns_req_free(req);
+		if (return_netreq_p)
+			*return_netreq_p = NULL;
 		return r;
 	}
 	return GETDNS_RETURN_GOOD;
@@ -672,7 +724,7 @@ getdns_general_ns(getdns_context *context, getdns_eventloop *loop,
 
 getdns_return_t
 _getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, uint16_t request_type, getdns_dict *extensions,
+    const char *name, uint16_t request_type, const getdns_dict *extensions,
     void *userarg, getdns_network_req **netreq_p,
     getdns_callback_t callback, internal_cb_t internal_cb)
 {
@@ -684,33 +736,33 @@ _getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
 
 getdns_return_t
 _getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, getdns_dict *extensions, void *userarg,
+    const char *name, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t *transaction_id, getdns_callback_t callback)
 {
-	getdns_dict *my_extensions = extensions;
+	getdns_dict *my_extensions = NULL;
 	getdns_return_t r;
 	uint32_t value;
 	getdns_network_req *netreq = NULL;
 
-	if (!my_extensions) {
+	if (!extensions) {
 		if (!(my_extensions=getdns_dict_create_with_context(context)))
 			return GETDNS_RETURN_MEMORY_ERROR;
 	} else if (
-	    getdns_dict_get_int(my_extensions, "return_both_v4_and_v6", &value)
+	    getdns_dict_get_int(extensions, "return_both_v4_and_v6", &value)
 	    && (r = _getdns_dict_copy(extensions, &my_extensions)))
 		return r;
 
-	if (my_extensions != extensions && (r = getdns_dict_set_int(
+	if (my_extensions && (r = getdns_dict_set_int(
 	    my_extensions, "return_both_v4_and_v6", GETDNS_EXTENSION_TRUE)))
 		return r;
 
 	r = getdns_general_ns(context, loop,
-	    name, GETDNS_RRTYPE_AAAA, my_extensions,
+	    name, GETDNS_RRTYPE_AAAA, my_extensions ? my_extensions : extensions,
 	    userarg, &netreq, callback, NULL, 1);
 	if (netreq && transaction_id)
 		*transaction_id = netreq->owner->trans_id;
 
-	if (my_extensions != extensions)
+	if (my_extensions)
 		getdns_dict_destroy(my_extensions);
 
 	return r;
@@ -718,7 +770,7 @@ _getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
 
 getdns_return_t
 _getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
-    getdns_dict *address, getdns_dict *extensions, void *userarg,
+    const getdns_dict *address, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t *transaction_id, getdns_callback_t callback)
 {
 	struct getdns_bindata *address_data;
@@ -808,7 +860,7 @@ _getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
 
 getdns_return_t
 _getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, getdns_dict *extensions, void *userarg,
+    const char *name, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t * transaction_id, getdns_callback_t callback)
 {
 	getdns_return_t r;
@@ -825,7 +877,7 @@ _getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
  */
 getdns_return_t
 getdns_general(getdns_context *context,
-    const char *name, uint16_t request_type, getdns_dict *extensions,
+    const char *name, uint16_t request_type, const getdns_dict *extensions,
     void *userarg, getdns_transaction_t * transaction_id,
     getdns_callback_t callbackfn)
 {
@@ -847,7 +899,7 @@ getdns_general(getdns_context *context,
  */
 getdns_return_t
 getdns_address(getdns_context *context,
-    const char *name, getdns_dict *extensions, void *userarg,
+    const char *name, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
 {
 	if (!context) return GETDNS_RETURN_INVALID_PARAMETER;
@@ -862,7 +914,7 @@ getdns_address(getdns_context *context,
  */
 getdns_return_t
 getdns_hostname(getdns_context *context,
-    getdns_dict *address, getdns_dict *extensions, void *userarg,
+    const getdns_dict *address, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
 {
 	if (!context) return GETDNS_RETURN_INVALID_PARAMETER;
@@ -876,7 +928,7 @@ getdns_hostname(getdns_context *context,
  */
 getdns_return_t
 getdns_service(getdns_context *context,
-    const char *name, getdns_dict *extensions, void *userarg,
+    const char *name, const getdns_dict *extensions, void *userarg,
     getdns_transaction_t *transaction_id, getdns_callback_t callbackfn)
 {
 	if (!context) return GETDNS_RETURN_INVALID_PARAMETER;

src/general.h

@@ -63,25 +63,25 @@ int _getdns_submit_netreq(getdns_network_req *netreq, uint64_t *now_ms);
 
 getdns_return_t
 _getdns_general_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, uint16_t request_type, getdns_dict *extensions,
+    const char *name, uint16_t request_type, const getdns_dict *extensions,
     void *userarg, getdns_network_req **netreq_p,
     getdns_callback_t callbackfn, internal_cb_t internal_cb);
 
 getdns_return_t
 _getdns_address_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, getdns_dict *extensions,
+    const char *name, const getdns_dict *extensions,
     void *userarg, getdns_transaction_t *transaction_id,
     getdns_callback_t callbackfn);
 
 getdns_return_t
 _getdns_hostname_loop(getdns_context *context, getdns_eventloop *loop,
-    getdns_dict *address, getdns_dict *extensions,
+    const getdns_dict *address, const getdns_dict *extensions,
     void *userarg, getdns_transaction_t *transaction_id,
     getdns_callback_t callbackfn);
 
 getdns_return_t
 _getdns_service_loop(getdns_context *context, getdns_eventloop *loop,
-    const char *name, getdns_dict *extensions,
+    const char *name, const getdns_dict *extensions,
     void *userarg, getdns_transaction_t *transaction_id,
     getdns_callback_t callbackfn);
 

src/getdns/getdns.h.in

@@ -416,6 +416,9 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_CDNSKEY   60
 #define GETDNS_RRTYPE_OPENPGPKEY 61
 #define GETDNS_RRTYPE_CSYNC     62
+#define GETDNS_RRTYPE_ZONEMD    63
+#define GETDNS_RRTYPE_SVCB      64
+#define GETDNS_RRTYPE_HTTPS     65
 #define GETDNS_RRTYPE_SPF       99
 #define GETDNS_RRTYPE_UINFO     100
 #define GETDNS_RRTYPE_UID       101
@@ -437,6 +440,8 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RRTYPE_URI       256
 #define GETDNS_RRTYPE_CAA       257
 #define GETDNS_RRTYPE_AVC       258
+#define GETDNS_RRTYPE_DOA       259
+#define GETDNS_RRTYPE_AMTRELAY  260
 #define GETDNS_RRTYPE_TA        32768
 #define GETDNS_RRTYPE_DLV       32769
 /** @}
@@ -489,7 +494,7 @@ typedef enum getdns_callback_type_t {
 #define GETDNS_RCODE_BADNAME   20
 #define GETDNS_RCODE_BADALG    21
 #define GETDNS_RCODE_BADTRUNC  22
-#define GETDNS_RCODE_COOKIE   23
+#define GETDNS_RCODE_BADCOOKIE 23
 /** @}
  */
 
@@ -742,7 +747,7 @@ getdns_list *getdns_list_create();
  *                used to create and initialize the list.
  * @return pointer to an allocated list, NULL if insufficient memory
  */
-getdns_list *getdns_list_create_with_context(getdns_context *context);
+getdns_list *getdns_list_create_with_context(const getdns_context *context);
 
 /**
  * create a new list with no items, creating and initializing it with the
@@ -862,7 +867,7 @@ getdns_dict *getdns_dict_create();
  *                used to create and initialize the dict.
  * @return pointer to an allocated dict, NULL if insufficient memory
  */
-getdns_dict *getdns_dict_create_with_context(getdns_context *context);
+getdns_dict *getdns_dict_create_with_context(const getdns_context *context);
 
 /**
  * create a new dict with no items, creating and initializing it with the
@@ -1029,9 +1034,9 @@ getdns_return_t
 getdns_general(getdns_context *context,
     const char *name,
     uint16_t request_type,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     void *userarg,
-    getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
+    getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
 
 /**
  * retrieve address assigned to a DNS name
@@ -1047,9 +1052,9 @@ getdns_general(getdns_context *context,
 getdns_return_t
 getdns_address(getdns_context *context,
     const char *name,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     void *userarg,
-    getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
+    getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
 
 /**
  * retrieve hostname assigned to an IP address
@@ -1064,10 +1069,10 @@ getdns_address(getdns_context *context,
  */
 getdns_return_t
 getdns_hostname(getdns_context *context,
-    getdns_dict *address,
-    getdns_dict *extensions,
+    const getdns_dict *address,
+    const getdns_dict *extensions,
     void *userarg,
-    getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
+    getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
 
 /**
  * retrieve a service assigned to a DNS name
@@ -1083,9 +1088,9 @@ getdns_hostname(getdns_context *context,
 getdns_return_t
 getdns_service(getdns_context *context,
     const char *name,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     void *userarg,
-    getdns_transaction_t * transaction_id, getdns_callback_t callbackfn);
+    getdns_transaction_t *transaction_id, getdns_callback_t callbackfn);
 /** @}
  */
 
@@ -1200,7 +1205,7 @@ getdns_return_t
 getdns_general_sync(getdns_context *context,
     const char *name,
     uint16_t request_type,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     getdns_dict **response);
 
 /**
@@ -1215,7 +1220,7 @@ getdns_general_sync(getdns_context *context,
 getdns_return_t
 getdns_address_sync(getdns_context *context,
     const char *name,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     getdns_dict **response);
 
 /**
@@ -1229,8 +1234,8 @@ getdns_address_sync(getdns_context *context,
  */
 getdns_return_t
 getdns_hostname_sync(getdns_context *context,
-    getdns_dict *address,
-    getdns_dict *extensions,
+    const getdns_dict *address,
+    const getdns_dict *extensions,
     getdns_dict **response);
 
 /**
@@ -1245,7 +1250,7 @@ getdns_hostname_sync(getdns_context *context,
 getdns_return_t
 getdns_service_sync(getdns_context *context,
     const char *name,
-    getdns_dict *extensions,
+    const getdns_dict *extensions,
     getdns_dict **response);
 
 /** @}
@@ -1340,9 +1345,8 @@ char *getdns_convert_alabel_to_ulabel(const char *alabel);
  * depending on the validation status.
  */
 getdns_return_t
-getdns_validate_dnssec(getdns_list *to_validate,
-    getdns_list *support_records,
-    getdns_list *trust_anchors);
+getdns_validate_dnssec(const getdns_list *to_validate,
+    const getdns_list *support_records, const getdns_list *trust_anchors);
 
 /**
  * Get the default list of trust anchor records that is used by the library
@@ -1391,7 +1395,7 @@ char *getdns_display_ip_address(const getdns_bindata
  * @param value The callback function that will be called when any context is
  *              changed. A update callback function can be deregistered by
  *              passing NULL.
- * @return GETDNS_RETURN_GOOD when succesful.
+ * @return GETDNS_RETURN_GOOD when successful.
  * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL.
  */
 getdns_return_t
@@ -1443,7 +1447,7 @@ getdns_context_set_resolution_type(getdns_context *context,
  */
 getdns_return_t
 getdns_context_set_namespaces(getdns_context *context,
-    size_t namespace_count, getdns_namespace_t *namespaces);
+    size_t namespace_count, const getdns_namespace_t *namespaces);
 
 /**
  * Specifies what transport are used for DNS lookups. The default is
@@ -1512,6 +1516,24 @@ getdns_context_set_dns_transport_list(getdns_context *context,
 getdns_return_t
 getdns_context_set_idle_timeout(getdns_context *context, uint64_t timeout);
 
+/**
+ * Set the number of milliseconds send data may remain unacknowledged by
+ * the peer in a TCP connection, if supported by the operation system.
+ * When not set (the default), the system default is left alone.
+ *
+ * @see getdns_context_get_tcp_send_timeout
+ * @see getdns_context_unset_tcp_send_timeout
+ * @param context The context to configure
+ * @param value The number of milliseconds the send data may remain
+ *              unacknowledged by the peer in a TCP connection.
+ * @return GETDNS_RETURN_GOOD when successful.
+ * @return GETDNS_RETURN_INVALID_PARAMETER when context was NULL or the
+ *         value was too high.
+ */
+getdns_return_t
+getdns_context_set_tcp_send_timeout(getdns_context *context,
+    uint32_t value);
+
 /**
  * Limit the number of outstanding DNS queries. When more than limit requests
  * are scheduled, they are kept on an internal queue, to be rescheduled when
@@ -1577,7 +1599,7 @@ getdns_context_set_follow_redirects(getdns_context *context,
  *                  contains at least two names: address_type (whose value is
  *                  a bindata; it is currently either "IPv4" or "IPv6") and
  *                  address_data (whose value is a bindata).
- *                  This implementation also accepts a list of addressxi
+ *                  This implementation also accepts a list of address
  *                  bindatas. Or a list of rr_dicts for address records (i.e.
  *                  the additional section of a NS query for ".", or a with
  *                  getdns_fp2rr_list() converted root.hints file).
@@ -1686,6 +1708,8 @@ getdns_context_set_dnssec_allowed_skew(getdns_context *context,
  *                        - `value` A SHA256 hash of the `SubjectPublicKeyInfo`
  *                          of the upstream, which will be used to authenticate
  *                          it.
+ *                      - `tls_cipher_list` (a bindata) that is the string
+ *                        of available ciphers specific for this upstream.
  * @return GETDNS_RETURN_GOOD when successful. 
  * @return GETDNS_RETURN_INVALID_PARAMETER when `context` or `upstream_list` was `NULL`
  * @return GETDNS_RETURN_CONTEXT_UPDATE_FAIL when there were problems parsing
@@ -1809,9 +1833,11 @@ getdns_context_set_extended_memory_functions(getdns_context *context,
  *            GETDNS_RESOLUTION_STUB.
  *         - all_context (a dict) with names for all the other settings in
  *           context.
+ *         The application is responsible for cleaning up the returned dictionary 
+ *         object with getdns_dict_destroy.
  */
 getdns_dict*
-getdns_context_get_api_information(getdns_context* context);
+getdns_context_get_api_information(const getdns_context *context);
 
 /** @}
  */

src/gldns/compare.sh

@@ -3,7 +3,7 @@
 # Meant to be run from this directory
 rm -fr gldns
 mkdir gldns
-svn co http://unbound.net/svn/trunk/sldns/
+svn co https://github.com/NLnetLabs/unbound/trunk/sldns/
 mv gbuffer.h sbuffer.h
 mv gbuffer.c sbuffer.c
 for f in sldns/*.[ch]

src/gldns/gbuffer.c

@@ -14,6 +14,7 @@
 #include "config.h"
 #include "gldns/gbuffer.h"
 #include <stdarg.h>
+#include <stdlib.h>
 
 gldns_buffer *
 gldns_buffer_new(size_t capacity)
@@ -106,6 +107,8 @@ int
 gldns_buffer_reserve(gldns_buffer *buffer, size_t amount)
 {
 	gldns_buffer_invariant(buffer);
+	if (buffer->_vfixed)
+		return 1;
 	assert(!buffer->_fixed);
 	if (buffer->_capacity < buffer->_position + amount) {
 		size_t new_capacity = buffer->_capacity * 3 / 2;

src/gldns/gbuffer.h

@@ -13,6 +13,12 @@
 #ifndef GLDNS_SBUFFER_H
 #define GLDNS_SBUFFER_H
 
+#include <stdint.h>
+#if defined(_MSC_VER)
+#include <BaseTsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -130,7 +136,7 @@ struct gldns_buffer
 	/** If the buffer is fixed it cannot be resized */
 	unsigned _fixed : 1;
 
-	/** If the buffer is vfixed, no more than capacity bytes willl be
+	/** If the buffer is vfixed, no more than capacity bytes will be
 	 * written to _data, however the _position counter will be updated
 	 * with the amount that would have been written in consecutive
 	 * writes.  This allows for a modus operandi in which a sequence is
@@ -160,7 +166,7 @@ gldns_buffer_invariant(gldns_buffer *buffer)
 	assert(buffer != NULL);
 	assert(buffer->_position <= buffer->_limit || buffer->_vfixed);
 	assert(buffer->_limit <= buffer->_capacity);
-	assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0));
+	assert(buffer->_data != NULL || (buffer->_vfixed && buffer->_capacity == 0 && buffer->_limit == 0));
 }
 #endif
 
@@ -226,7 +232,6 @@ INLINE void gldns_buffer_clear(gldns_buffer *buffer)
  * the position is set to 0.
  *
  * \param[in] buffer the buffer to flip
- * \return void
  */
 INLINE void gldns_buffer_flip(gldns_buffer *buffer)
 {
@@ -497,7 +502,7 @@ gldns_buffer_set_at(gldns_buffer *buffer, size_t at, int c, size_t count)
  * writes count bytes of data to the current position of the buffer
  * \param[in] buffer the buffer
  * \param[in] data the data to write
- * \param[in] count the lenght of the data to write
+ * \param[in] count the length of the data to write
  */
 INLINE void
 gldns_buffer_write(gldns_buffer *buffer, const void *data, size_t count)
@@ -776,7 +781,6 @@ int gldns_buffer_printf(gldns_buffer *buffer, const char *format, ...)
 /**
  * frees the buffer.
  * \param[in] *buffer the buffer to be freed
- * \return void
  */
 void gldns_buffer_free(gldns_buffer *buffer);
 
@@ -784,7 +788,6 @@ void gldns_buffer_free(gldns_buffer *buffer);
  * Makes the buffer fixed and returns a pointer to the data.  The
  * caller is responsible for free'ing the result.
  * \param[in] *buffer the buffer to be exported
- * \return void
  */
 void *gldns_buffer_export(gldns_buffer *buffer);
 

src/gldns/import.sh

@@ -16,16 +16,5 @@ then
 	mv sbuffer.h gbuffer.h
 	mv sbuffer.c gbuffer.c
 else
-	svn co http://unbound.net/svn/trunk/ldns/
-	for f in ldns/*.[ch]
-	do
-		sed -e 's/sldns_/gldns_/g' \
-		    -e 's/LDNS_/GLDNS_/g' \
-		    -e 's/include "sldns/include "gldns/g' \
-		    -e 's/<sldns\/rrdef\.h>/<gldns\/rrdef.h>/g' \
-		    -e 's/sbuffer\.h/gbuffer.h/g' $f > ${f#ldns/}
-	done
-	mv sbuffer.h gbuffer.h
-	mv sbuffer.c gbuffer.c
-	rm -r ldns
+	echo Run compare first
 fi

src/gldns/keyraw.c

@@ -14,26 +14,6 @@
 #include "gldns/keyraw.h"
 #include "gldns/rrdef.h"
 
-#ifdef HAVE_SSL
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/md5.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-#  include <openssl/engine.h>
-#endif
-#ifdef HAVE_OPENSSL_BN_H
-#include <openssl/bn.h>
-#endif
-#ifdef HAVE_OPENSSL_RSA_H
-#include <openssl/rsa.h>
-#endif
-#ifdef HAVE_OPENSSL_DSA_H
-#include <openssl/dsa.h>
-#endif
-#endif /* HAVE_SSL */
-
 size_t
 gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
 	const size_t len, int alg)
@@ -89,13 +69,21 @@ gldns_rr_dnskey_key_size_raw(const unsigned char* keydata,
                 return 256;
         case GLDNS_ECDSAP384SHA384:
                 return 384;
+#endif
+#ifdef USE_ED25519
+	case GLDNS_ED25519:
+		return 256;
+#endif
+#ifdef USE_ED448
+	case GLDNS_ED448:
+		return 456;
 #endif
 	default:
 		return 0;
 	}
 }
 
-uint16_t gldns_calc_keytag_raw(uint8_t* key, size_t keysize)
+uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize)
 {
 	if(keysize < 4) {
 		return 0;
@@ -118,312 +106,3 @@ uint16_t gldns_calc_keytag_raw(uint8_t* key, size_t keysize)
 		return (uint16_t) (ac32 & 0xFFFF);
 	}
 }
-
-#ifdef HAVE_SSL
-#ifdef USE_GOST
-/** store GOST engine reference loaded into OpenSSL library */
-ENGINE* gldns_gost_engine = NULL;
-
-int
-gldns_key_EVP_load_gost_id(void)
-{
-	static int gost_id = 0;
-	const EVP_PKEY_ASN1_METHOD* meth;
-	ENGINE* e;
-
-	if(gost_id) return gost_id;
-
-	/* see if configuration loaded gost implementation from other engine*/
-	meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
-	if(meth) {
-		EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
-		return gost_id;
-	}
-
-	/* see if engine can be loaded already */
-	e = ENGINE_by_id("gost");
-	if(!e) {
-		/* load it ourself, in case statically linked */
-		ENGINE_load_builtin_engines();
-		ENGINE_load_dynamic();
-		e = ENGINE_by_id("gost");
-	}
-	if(!e) {
-		/* no gost engine in openssl */
-		return 0;
-	}
-	if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
-		ENGINE_finish(e);
-		ENGINE_free(e);
-		return 0;
-	}
-
-	meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
-	if(!meth) {
-		/* algo not found */
-		ENGINE_finish(e);
-		ENGINE_free(e);
-		return 0;
-	}
-        /* Note: do not ENGINE_finish and ENGINE_free the acquired engine
-         * on some platforms this frees up the meth and unloads gost stuff */
-        gldns_gost_engine = e;
-	
-	EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
-	return gost_id;
-} 
-
-void gldns_key_EVP_unload_gost(void)
-{
-        if(gldns_gost_engine) {
-                ENGINE_finish(gldns_gost_engine);
-                ENGINE_free(gldns_gost_engine);
-                gldns_gost_engine = NULL;
-        }
-}
-#endif /* USE_GOST */
-
-DSA *
-gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
-{
-	uint8_t T;
-	uint16_t length;
-	uint16_t offset;
-	DSA *dsa;
-	BIGNUM *Q; BIGNUM *P;
-	BIGNUM *G; BIGNUM *Y;
-
-	if(len == 0)
-		return NULL;
-	T = (uint8_t)key[0];
-	length = (64 + T * 8);
-	offset = 1;
-
-	if (T > 8) {
-		return NULL;
-	}
-	if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length)
-		return NULL;
-
-	Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL);
-	offset += SHA_DIGEST_LENGTH;
-
-	P = BN_bin2bn(key+offset, (int)length, NULL);
-	offset += length;
-
-	G = BN_bin2bn(key+offset, (int)length, NULL);
-	offset += length;
-
-	Y = BN_bin2bn(key+offset, (int)length, NULL);
-
-	/* create the key and set its properties */
-	if(!Q || !P || !G || !Y || !(dsa = DSA_new())) {
-		BN_free(Q);
-		BN_free(P);
-		BN_free(G);
-		BN_free(Y);
-		return NULL;
-	}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
-#ifndef S_SPLINT_S
-	dsa->p = P;
-	dsa->q = Q;
-	dsa->g = G;
-	dsa->pub_key = Y;
-#endif /* splint */
-
-#else /* OPENSSL_VERSION_NUMBER */
-	if (!DSA_set0_pqg(dsa, P, Q, G)) {
-		/* QPG not yet attached, need to free */
-		BN_free(Q);
-		BN_free(P);
-		BN_free(G);
-
-		DSA_free(dsa);
-		BN_free(Y);
-		return NULL;
-	}
-	if (!DSA_set0_key(dsa, Y, NULL)) {
-		/* QPG attached, cleaned up by DSA_fre() */
-		DSA_free(dsa);
-		BN_free(Y);
-		return NULL;
-	}
-#endif
-
-	return dsa;
-}
-
-RSA *
-gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
-{
-	uint16_t offset;
-	uint16_t exp;
-	uint16_t int16;
-	RSA *rsa;
-	BIGNUM *modulus;
-	BIGNUM *exponent;
-
-	if (len == 0)
-		return NULL;
-	if (key[0] == 0) {
-		if(len < 3)
-			return NULL;
-		memmove(&int16, key+1, 2);
-		exp = ntohs(int16);
-		offset = 3;
-	} else {
-		exp = key[0];
-		offset = 1;
-	}
-
-	/* key length at least one */
-	if(len < (size_t)offset + exp + 1)
-		return NULL;
-
-	/* Exponent */
-	exponent = BN_new();
-	if(!exponent) return NULL;
-	(void) BN_bin2bn(key+offset, (int)exp, exponent);
-	offset += exp;
-
-	/* Modulus */
-	modulus = BN_new();
-	if(!modulus) {
-		BN_free(exponent);
-		return NULL;
-	}
-	/* length of the buffer must match the key length! */
-	(void) BN_bin2bn(key+offset, (int)(len - offset), modulus);
-
-	rsa = RSA_new();
-	if(!rsa) {
-		BN_free(exponent);
-		BN_free(modulus);
-		return NULL;
-	}
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
-#ifndef S_SPLINT_S
-	rsa->n = modulus;
-	rsa->e = exponent;
-#endif /* splint */
-
-#else /* OPENSSL_VERSION_NUMBER */
-	if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
-		BN_free(exponent);
-		BN_free(modulus);
-		RSA_free(rsa);
-		return NULL;
-	}
-#endif
-
-	return rsa;
-}
-
-#ifdef USE_GOST
-EVP_PKEY*
-gldns_gost2pkey_raw(unsigned char* key, size_t keylen)
-{
-	/* prefix header for X509 encoding */
-	uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, 
-		0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, 
-		0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, 
-		0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40};
-	unsigned char encoded[37+64];
-	const unsigned char* pp;
-	if(keylen != 64) {
-		/* key wrong size */
-		return NULL;
-	}
-
-	/* create evp_key */
-	memmove(encoded, asn, 37);
-	memmove(encoded+37, key, 64);
-	pp = (unsigned char*)&encoded[0];
-
-	return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded));
-}
-#endif /* USE_GOST */
-
-#ifdef USE_ECDSA
-EVP_PKEY*
-gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo)
-{
-	unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */
-        const unsigned char* pp = buf;
-        EVP_PKEY *evp_key;
-        EC_KEY *ec;
-	/* check length, which uncompressed must be 2 bignums */
-        if(algo == GLDNS_ECDSAP256SHA256) {
-		if(keylen != 2*256/8) return NULL;
-                ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
-        } else if(algo == GLDNS_ECDSAP384SHA384) {
-		if(keylen != 2*384/8) return NULL;
-                ec = EC_KEY_new_by_curve_name(NID_secp384r1);
-        } else    ec = NULL;
-        if(!ec) return NULL;
-	if(keylen+1 > sizeof(buf)) { /* sanity check */
-                EC_KEY_free(ec);
-		return NULL;
-	}
-	/* prepend the 0x02 (from docs) (or actually 0x04 from implementation
-	 * of openssl) for uncompressed data */
-	buf[0] = POINT_CONVERSION_UNCOMPRESSED;
-	memmove(buf+1, key, keylen);
-        if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) {
-                EC_KEY_free(ec);
-                return NULL;
-        }
-        evp_key = EVP_PKEY_new();
-        if(!evp_key) {
-                EC_KEY_free(ec);
-                return NULL;
-        }
-        if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
-		EVP_PKEY_free(evp_key);
-		EC_KEY_free(ec);
-		return NULL;
-	}
-        return evp_key;
-}
-#endif /* USE_ECDSA */
-
-#ifdef USE_ED25519
-EVP_PKEY*
-gldns_ed255192pkey_raw(const unsigned char* key, size_t keylen)
-{
-	/* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */
-	uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
-		0x70, 0x03, 0x21, 0x00};
-	int pre_len = 12;
-	uint8_t buf[256];
-	EVP_PKEY *evp_key;
-	/* pp gets modified by d2i() */
-	const unsigned char* pp = (unsigned char*)buf;
-	if(keylen != 32 || keylen + pre_len > sizeof(buf))
-		return NULL; /* wrong length */
-	memmove(buf, pre, pre_len);
-	memmove(buf+pre_len, key, keylen);
-	evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen));
-	return evp_key;
-}
-#endif /* USE_ED25519 */
-
-int
-gldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest,
-	const EVP_MD* md)
-{
-	EVP_MD_CTX* ctx;
-	ctx = EVP_MD_CTX_create();
-	if(!ctx)
-		return 0;
-	if(!EVP_DigestInit_ex(ctx, md, NULL) ||
-		!EVP_DigestUpdate(ctx, data, len) ||
-		!EVP_DigestFinal_ex(ctx, dest, NULL)) {
-		EVP_MD_CTX_destroy(ctx);
-		return 0;
-	}
-	EVP_MD_CTX_destroy(ctx);
-	return 1;
-}
-#endif /* HAVE_SSL */

src/gldns/keyraw.h

@@ -20,13 +20,11 @@
 #ifndef GLDNS_KEYRAW_H
 #define GLDNS_KEYRAW_H
 
+#include "keyraw-internal.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
-#if GLDNS_BUILD_CONFIG_HAVE_SSL
-#  include <openssl/ssl.h>
-#  include <openssl/evp.h>
-#endif /* GLDNS_BUILD_CONFIG_HAVE_SSL */
 
 /**
  * get the length of the keydata in bits
@@ -44,75 +42,7 @@ size_t gldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
  * \param[in] keysize length of key data.
  * \return the keytag
  */
-uint16_t gldns_calc_keytag_raw(uint8_t* key, size_t keysize);
-
-#if GLDNS_BUILD_CONFIG_HAVE_SSL
-/** 
- * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
- * Only available if GOST is compiled into the library and openssl.
- * \return the gost id for EVP_CTX creation.
- */
-int gldns_key_EVP_load_gost_id(void);
-
-/** Release the engine reference held for the GOST engine. */
-void gldns_key_EVP_unload_gost(void);
-
-/**
- * Like gldns_key_buf2dsa, but uses raw buffer.
- * \param[in] key the uncompressed wireformat of the key.
- * \param[in] len length of key data
- * \return a DSA * structure with the key material
- */
-DSA *gldns_key_buf2dsa_raw(unsigned char* key, size_t len);
-
-/**
- * Converts a holding buffer with key material to EVP PKEY in openssl.
- * Only available if ldns was compiled with GOST.
- * \param[in] key data to convert
- * \param[in] keylen length of the key data
- * \return the key or NULL on error.
- */
-EVP_PKEY* gldns_gost2pkey_raw(unsigned char* key, size_t keylen);
-
-/**
- * Converts a holding buffer with key material to EVP PKEY in openssl.
- * Only available if ldns was compiled with ECDSA.
- * \param[in] key data to convert
- * \param[in] keylen length of the key data
- * \param[in] algo precise algorithm to initialize ECC group values.
- * \return the key or NULL on error.
- */
-EVP_PKEY* gldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
-
-/**
- * Like gldns_key_buf2rsa, but uses raw buffer.
- * \param[in] key the uncompressed wireformat of the key.
- * \param[in] len length of key data
- * \return a RSA * structure with the key material
- */
-RSA *gldns_key_buf2rsa_raw(unsigned char* key, size_t len);
-
-/**
- * Converts a holding buffer with key material to EVP PKEY in openssl.
- * Only available if ldns was compiled with ED25519.
- * \param[in] key the uncompressed wireformat of the key.
- * \param[in] len length of key data
- * \return the key or NULL on error.
- */
-EVP_PKEY* gldns_ed255192pkey_raw(const unsigned char* key, size_t len);
-
-/**
- * Utility function to calculate hash using generic EVP_MD pointer.
- * \param[in] data the data to hash.
- * \param[in] len  length of data.
- * \param[out] dest the destination of the hash, must be large enough.
- * \param[in] md the message digest to use.
- * \return true if worked, false on failure.
- */
-int gldns_digest_evp(unsigned char* data, unsigned int len, 
-	unsigned char* dest, const EVP_MD* md);
-
-#endif /* GLDNS_BUILD_CONFIG_HAVE_SSL */
+uint16_t gldns_calc_keytag_raw(const uint8_t* key, size_t keysize);
 
 #ifdef __cplusplus
 }

src/gldns/parse.c

@@ -33,14 +33,14 @@ ssize_t
 gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
 {
 	int c, prev_c;
-	int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
-	int com, quoted;
+	int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
+	int com, quoted, only_blank;
 	char *t;
 	size_t i;
 	const char *d;
 	const char *del;
 
-	/* standard delimeters */
+	/* standard delimiters */
 	if (!delim) {
 		/* from isspace(3) */
 		del = GLDNS_PARSE_NORMAL;
@@ -53,6 +53,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 	com = 0;
 	quoted = 0;
 	prev_c = 0;
+	only_blank = 1;	/* Assume we got only <blank> until now */
 	t = token;
 	if (del[0] == '"') {
 		quoted = 1;
@@ -101,6 +102,22 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
+			if (only_blank && i > 0) {
+				/* Got only <blank> so far. Reset and try
+				 * again with the next line.
+				 */
+				i = 0;
+				t = token;
+			}
+			if (p == 0) {
+				/* If p != 0 then the next line is a continuation. So
+				 * we assume that the next line starts with a blank only
+				 * if it is actually a new line.
+				 */
+				only_blank = 1;	/* Assume next line starts with
+						 * <blank>.
+						 */
+			}
 			if (p == 0 && i > 0) {
 				goto tokenread;
 			} else {
@@ -120,7 +137,7 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 			if (line_nr) {
 				*line_nr = *line_nr + 1;
 			}
-			if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+			if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 				*t = '\0';
 				return -1;
 			}
@@ -131,23 +148,49 @@ gldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *l
 
 		/* check if we hit the delim */
 		for (d = del; *d; d++) {
+			if (c == *d)
+				break;
+		}
+
 		if (c == *d && i > 0 && prev_c != '\\' && p == 0) {
 			if (c == '\n' && line_nr) {
 				*line_nr = *line_nr + 1;
 			}
+			if (only_blank) {
+				/* Got only <blank> so far. Reset and
+				 * try again with the next line.
+				 */
+				i = 0;
+				t = token;
+				only_blank = 1;
+				prev_c = c;
+				continue;
+			}
 			goto tokenread;
 		}
+		if (c != ' ' && c != '\t') {
+			/* Found something that is not <blank> */
+			only_blank= 0;
 		}
 		if (c != '\0' && c != '\n') {
 			i++;
 		}
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		/* is there space for the character and the zero after it */
+		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}
 		if (c != '\0' && c != '\n') {
 			*t++ = c;
 		}
+		if (c == '\n') {
+			if (line_nr) {
+				*line_nr = *line_nr + 1;
+			}
+			only_blank = 1;	/* Assume next line starts with
+					 * <blank>.
+					 */
+		}
 		if (c == '\\' && prev_c == '\\')
 			prev_c = 0;
 		else	prev_c = c;
@@ -244,7 +287,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 	size_t limit, int* par, const char* skipw)
 {
 	int c, lc;
-	int p; /* 0 -> no parenthese seen, >0 nr of ( seen */
+	int p; /* 0 -> no parentheses seen, >0 nr of ( seen */
 	int com, quoted;
 	char *t;
 	size_t i;
@@ -325,8 +368,14 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 		if (c == '\n' && p != 0) {
 			/* in parentheses */
 			/* do not write ' ' if we want to skip spaces */
-			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' '))))
+			if(!(skipw && (strchr(skipw, c)||strchr(skipw, ' ')))) {
+				/* check for space for the space character and a zero delimiter after that. */
+				if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
+					*t = '\0';
+					return -1;
+				}
 				*t++ = ' ';
+			}
 			lc = c;
 			continue;
 		}
@@ -348,7 +397,7 @@ gldns_bget_token_par(gldns_buffer *b, char *token, const char *delim,
 		}
 
 		i++;
-		if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) {
+		if (limit > 0 && (i+1 >= limit || (size_t)(t-token)+1 >= limit)) {
 			*t = '\0';
 			return -1;
 		}

src/gldns/parse.h

@@ -103,9 +103,9 @@ ssize_t gldns_bget_token(struct gldns_buffer *b, char *token, const char *delim,
  * after the keyword + k_del until we hit d_del
  * \param[in] f file pointer to read from
  * \param[in] keyword keyword to look for
- * \param[in] k_del keyword delimeter 
+ * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
- * \param[in] d_del the data delimeter
+ * \param[in] d_del the data delimiter
  * \param[in] data_limit maximum size the the data buffer
  * \return the number of character read
  */
@@ -116,9 +116,9 @@ ssize_t gldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del,
  * after the keyword + k_del until we hit d_del
  * \param[in] f file pointer to read from
  * \param[in] keyword keyword to look for
- * \param[in] k_del keyword delimeter 
+ * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
- * \param[in] d_del the data delimeter
+ * \param[in] d_del the data delimiter
  * \param[in] data_limit maximum size the the data buffer
  * \param[in] line_nr pointer to an integer containing the current line number (for
 debugging purposes)
@@ -131,9 +131,9 @@ ssize_t gldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_de
  * after the keyword + k_del until we hit d_del
  * \param[in] b buffer pointer to read from
  * \param[in] keyword keyword to look for
- * \param[in] k_del keyword delimeter 
+ * \param[in] k_del keyword delimiter 
  * \param[out] data the data found 
- * \param[in] d_del the data delimeter
+ * \param[in] d_del the data delimiter
  * \param[in] data_limit maximum size the the data buffer
  * \return the number of character read
  */
@@ -153,7 +153,6 @@ int gldns_bgetc(struct gldns_buffer *buffer);
  * the position to the first character that is not in *s.
  * \param[in] *buffer buffer to use
  * \param[in] *s characters to skip
- * \return void
  */
 void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
 
@@ -162,7 +161,6 @@ void gldns_bskipcs(struct gldns_buffer *buffer, const char *s);
  * the position to the first character that is not in *s.
  * \param[in] *fp file to use
  * \param[in] *s characters to skip
- * \return void
  */
 void gldns_fskipcs(FILE *fp, const char *s);
 
@@ -173,7 +171,6 @@ void gldns_fskipcs(FILE *fp, const char *s);
  * \param[in] *fp file to use
  * \param[in] *s characters to skip
  * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes)
- * \return void
  */
 void gldns_fskipcs_l(FILE *fp, const char *s, int *line_nr);
 

src/gldns/parseutil.c

@@ -165,20 +165,20 @@ gldns_gmtime64_r(int64_t clock, struct tm *result)
 #endif /* SIZEOF_TIME_T <= 4 */
 
 static int64_t
-gldns_serial_arithmitics_time(int32_t time, time_t now)
+gldns_serial_arithmetics_time(int32_t time, time_t now)
 {
-	int32_t offset = time - (int32_t) now;
+	int32_t offset = (int32_t)((uint32_t) time - (uint32_t) now);
 	return (int64_t) now + offset;
 }
 
 struct tm *
-gldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result)
+gldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result)
 {
 #if SIZEOF_TIME_T <= 4
-	int64_t secs_since_epoch = gldns_serial_arithmitics_time(time, now);
+	int64_t secs_since_epoch = gldns_serial_arithmetics_time(time, now);
 	return  gldns_gmtime64_r(secs_since_epoch, result);
 #else
-	time_t  secs_since_epoch = gldns_serial_arithmitics_time(time, now);
+	time_t  secs_since_epoch = gldns_serial_arithmetics_time(time, now);
 	return  gmtime_r(&secs_since_epoch, result);
 #endif
 }
@@ -209,11 +209,13 @@ gldns_hexdigit_to_int(char ch)
 }
 
 uint32_t
-gldns_str2period(const char *nptr, const char **endptr)
+gldns_str2period(const char *nptr, const char **endptr, int* overflow)
 {
 	int sign = 0;
 	uint32_t i = 0;
 	uint32_t seconds = 0;
+	const uint32_t maxint = 0xffffffff;
+	*overflow = 0;
 
 	for(*endptr = nptr; **endptr; (*endptr)++) {
 		switch (**endptr) {
@@ -236,26 +238,46 @@ gldns_str2period(const char *nptr, const char **endptr)
 				break;
 			case 's':
 			case 'S':
+				if(seconds > maxint-i) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i;
 				i = 0;
 				break;
 			case 'm':
 			case 'M':
+				if(i > maxint/60 || seconds > maxint-(i*60)) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i * 60;
 				i = 0;
 				break;
 			case 'h':
 			case 'H':
+				if(i > maxint/(60*60) || seconds > maxint-(i*60*60)) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i * 60 * 60;
 				i = 0;
 				break;
 			case 'd':
 			case 'D':
+				if(i > maxint/(60*60*24) || seconds > maxint-(i*60*60*24)) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i * 60 * 60 * 24;
 				i = 0;
 				break;
 			case 'w':
 			case 'W':
+				if(i > maxint/(60*60*24*7) || seconds > maxint-(i*60*60*24*7)) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i * 60 * 60 * 24 * 7;
 				i = 0;
 				break;
@@ -269,15 +291,27 @@ gldns_str2period(const char *nptr, const char **endptr)
 			case '7':
 			case '8':
 			case '9':
+				if(i > maxint/10 || i*10 > maxint - (**endptr - '0')) {
+					*overflow = 1;
+					return 0;
+				}
 				i *= 10;
 				i += (**endptr - '0');
 				break;
 			default:
+				if(seconds > maxint-i) {
+					*overflow = 1;
+					return 0;
+				}
 				seconds += i;
 				/* disregard signedness */
 				return seconds;
 		}
 	}
+	if(seconds > maxint-i) {
+		*overflow = 1;
+		return 0;
+	}
 	seconds += i;
 	/* disregard signedness */
 	return seconds;
@@ -619,13 +653,18 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize)
  *
  * This routine does not insert spaces or linebreaks after 76 characters.
  */
-int gldns_b64_ntop(uint8_t const *src, size_t srclength,
-	char *target, size_t targsize)
+static int gldns_b64_ntop_base(uint8_t const *src, size_t srclength,
+	char *target, size_t targsize, int base64url, int padding)
 {
-	const char* b64 =
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+	char* b64;
 	const char pad64 = '=';
 	size_t i = 0, o = 0;
+	if(base64url)
+		b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
+			"456789-_";
+	else
+		b64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123"
+			"456789+/";
 	if(targsize < gldns_b64_ntop_calculate_size(srclength))
 		return -1;
 	/* whole chunks: xxxxxxyy yyyyzzzz zzwwwwww */
@@ -645,18 +684,26 @@ int gldns_b64_ntop(uint8_t const *src, size_t srclength,
 		target[o] = b64[src[i] >> 2];
 		target[o+1] = b64[ ((src[i]&0x03)<<4) | (src[i+1]>>4) ];
 		target[o+2] = b64[ ((src[i+1]&0x0f)<<2) ];
+		if(padding) {
 			target[o+3] = pad64;
 			/* i += 2; */
 			o += 4;
+		} else {
+			o += 3;
+		}
 		break;
 	case 1:
 		/* one at end, converted into A B = = */
 		target[o] = b64[src[i] >> 2];
 		target[o+1] = b64[ ((src[i]&0x03)<<4) ];
+		if(padding) {
 			target[o+2] = pad64;
 			target[o+3] = pad64;
 			/* i += 1; */
 			o += 4;
+		} else {
+			o += 2;
+		}
 		break;
 	case 0:
 	default:
@@ -669,19 +716,36 @@ int gldns_b64_ntop(uint8_t const *src, size_t srclength,
 	return (int)o;
 }
 
+int gldns_b64_ntop(uint8_t const *src, size_t srclength, char *target,
+	size_t targsize)
+{
+	return gldns_b64_ntop_base(src, srclength, target, targsize,
+		0 /* no base64url */, 1 /* padding */);
+}
+
+int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
+	size_t targsize)
+{
+	return gldns_b64_ntop_base(src, srclength, target, targsize,
+		1 /* base64url */, 0 /* no padding */);
+}
+
 size_t gldns_b64_pton_calculate_size(size_t srcsize)
 {
 	return (((((srcsize + 3) / 4) * 3)) + 1);
 }
 
-int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
+/* padding not required if srcsize is set */
+static int gldns_b64_pton_base(char const *src, size_t srcsize, uint8_t *target,
+	size_t targsize, int base64url)
 {
 	const uint8_t pad64 = 64; /* is 64th in the b64 array */
 	const char* s = src;
 	uint8_t in[4];
 	size_t o = 0, incount = 0;
+	int check_padding = (srcsize) ? 0 : 1;
 
-	while(*s) {
+	while(*s && (check_padding || srcsize)) {
 		/* skip any character that is not base64 */
 		/* conceptually we do:
 		const char* b64 =      pad'=' is appended to array
@@ -690,30 +754,43 @@ int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
 		and use d-b64;
 		*/
 		char d = *s++;
+		srcsize--;
 		if(d <= 'Z' && d >= 'A')
 			d -= 'A';
 		else if(d <= 'z' && d >= 'a')
 			d = d - 'a' + 26;
 		else if(d <= '9' && d >= '0')
 			d = d - '0' + 52;
-		else if(d == '+')
+		else if(!base64url && d == '+')
 			d = 62;
-		else if(d == '/')
+		else if(base64url && d == '-')
+			d = 62;
+		else if(!base64url && d == '/')
 			d = 63;
-		else if(d == '=')
-			d = 64;
-		else	continue;
-		in[incount++] = (uint8_t)d;
-		if(incount != 4)
+		else if(base64url && d == '_')
+			d = 63;
+		else if(d == '=') {
+			if(!check_padding)
 				continue;
+			d = 64;
+		} else	continue;
+
+		in[incount++] = (uint8_t)d;
+		/* work on block of 4, unless padding is not used and there are
+		 * less than 4 chars left */
+		if(incount != 4 && (check_padding || srcsize))
+			continue;
+		assert(!check_padding || incount==4);
 		/* process whole block of 4 characters into 3 output bytes */
-		if(in[3] == pad64 && in[2] == pad64) { /* A B = = */
+		if((incount == 2 ||
+			(incount == 4 && in[3] == pad64 && in[2] == pad64))) { /* A B = = */
 			if(o+1 > targsize)
 				return -1;
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
 			o += 1;
 			break; /* we are done */
-		} else if(in[3] == pad64) { /* A B C = */
+		} else if(incount == 3 ||
+			(incount == 4 && in[3] == pad64)) { /* A B C = */
 			if(o+2 > targsize)
 				return -1;
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@@ -721,7 +798,7 @@ int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
 			o += 2;
 			break; /* we are done */
 		} else {
-			if(o+3 > targsize)
+			if(incount != 4 || o+3 > targsize)
 				return -1;
 			/* write xxxxxxyy yyyyzzzz zzwwwwww */
 			target[o] = (in[0]<<2) | ((in[1]&0x30)>>4);
@@ -733,3 +810,32 @@ int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
 	}
 	return (int)o;
 }
+
+int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
+{
+	return gldns_b64_pton_base(src, 0, target, targsize, 0);
+}
+
+int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
+	size_t targsize)
+{
+	if(!srcsize) {
+		return 0;
+	}
+	return gldns_b64_pton_base(src, srcsize, target, targsize, 1);
+}
+
+int gldns_b64_contains_nonurl(char const *src, size_t srcsize)
+{
+	const char* s = src;
+	while(*s && srcsize) {
+		char d = *s++;
+		srcsize--;
+		/* the '+' and the '/' and padding '=' is not allowed in b64
+		 * url encoding */
+		if(d == '+' || d == '/' || d == '=') {
+			return 1;
+		}
+	}
+	return 0;
+}

src/gldns/parseutil.h

@@ -58,25 +58,27 @@ time_t gldns_mktime_from_utc(const struct tm *tm);
  * The function interprets time as the number of seconds since epoch
  * with respect to now using serial arithmetics (rfc1982).
  * That number of seconds is then converted to broken-out time information.
- * This is especially usefull when converting the inception and expiration
+ * This is especially useful when converting the inception and expiration
  * fields of RRSIG records.
  *
  * \param[in] time number of seconds since epoch (midnight, January 1st, 1970)
- *            to be intepreted as a serial arithmetics number relative to now.
+ *            to be interpreted as a serial arithmetics number relative to now.
  * \param[in] now number of seconds since epoch (midnight, January 1st, 1970)
  *            to which the time value is compared to determine the final value.
  * \param[out] result the struct with the broken-out time information
  * \return result on success or NULL on error
  */
-struct tm * gldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result);
+struct tm * gldns_serial_arithmetics_gmtime_r(int32_t time, time_t now, struct tm *result);
 
 /**
  * converts a ttl value (like 5d2h) to a long.
  * \param[in] nptr the start of the string
  * \param[out] endptr points to the last char in case of error
+ * \param[out] overflow returns if the string causes integer overflow error,
+ * 	       the number is too big, string of digits too long.
  * \return the convert duration value
  */
-uint32_t gldns_str2period(const char *nptr, const char **endptr);
+uint32_t gldns_str2period(const char *nptr, const char **endptr, int* overflow);
 
 /**
  * Returns the int value of the given (hex) digit
@@ -92,13 +94,17 @@ size_t gldns_b64_ntop_calculate_size(size_t srcsize);
 
 int gldns_b64_ntop(uint8_t const *src, size_t srclength,
 	char *target, size_t targsize);
+int gldns_b64url_ntop(uint8_t const *src, size_t srclength, char *target,
+	size_t targsize);
 
 /**
  * calculates the size needed to store the result of gldns_b64_pton
  */
 size_t gldns_b64_pton_calculate_size(size_t srcsize);
-
 int gldns_b64_pton(char const *src, uint8_t *target, size_t targsize);
+int gldns_b64url_pton(char const *src, size_t srcsize, uint8_t *target,
+	size_t targsize);
+int gldns_b64_contains_nonurl(char const *src, size_t srcsize);
 
 /**
  * calculates the size needed to store the result of b32_ntop

src/gldns/pkthdr.h

@@ -97,18 +97,22 @@ extern "C" {
 #define	QDCOUNT(wirebuf)		(ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF)))
 */
 #define	GLDNS_QDCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_QDCOUNT_OFF))
+#define GLDNS_QDCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_QDCOUNT_OFF, i))
 
 /* Counter of the answer section */
 #define GLDNS_ANCOUNT_OFF		6
 #define	GLDNS_ANCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_ANCOUNT_OFF))
+#define GLDNS_ANCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_ANCOUNT_OFF, i))
 
 /* Counter of the authority section */
 #define GLDNS_NSCOUNT_OFF		8
 #define	GLDNS_NSCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_NSCOUNT_OFF))
+#define GLDNS_NSCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_NSCOUNT_OFF, i))
 
 /* Counter of the additional section */
 #define GLDNS_ARCOUNT_OFF		10
 #define	GLDNS_ARCOUNT(wirebuf)		(gldns_read_uint16(wirebuf+GLDNS_ARCOUNT_OFF))
+#define GLDNS_ARCOUNT_SET(wirebuf, i)    (gldns_write_uint16(wirebuf+GLDNS_ARCOUNT_OFF, i))
 
 /**
  * The sections of a packet

src/gldns/rrdef.c

@@ -16,6 +16,8 @@
 #include "gldns/rrdef.h"
 #include "gldns/parseutil.h"
 
+#include <stdlib.h>
+
 /* classes  */
 static gldns_lookup_table gldns_rr_classes_data[] = {
         { GLDNS_RR_CLASS_IN, "IN" },
@@ -150,6 +152,12 @@ static const gldns_rdf_type type_openpgpkey_wireformat[] = {
 static const gldns_rdf_type type_csync_wireformat[] = {
 	GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_NSEC
 };
+static const gldns_rdf_type type_zonemd_wireformat[] = {
+	GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_INT8, GLDNS_RDF_TYPE_HEX
+};
+static const gldns_rdf_type type_svcb_wireformat[] = {
+	GLDNS_RDF_TYPE_INT16, GLDNS_RDF_TYPE_DNAME
+};
 /* nsec3 is some vars, followed by same type of data of nsec */
 static const gldns_rdf_type type_nsec3_wireformat[] = {
 /*	GLDNS_RDF_TYPE_NSEC3_VARS, GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER, GLDNS_RDF_TYPE_NSEC*/
@@ -229,6 +237,15 @@ static const gldns_rdf_type type_caa_wireformat[] = {
 	GLDNS_RDF_TYPE_TAG,
 	GLDNS_RDF_TYPE_LONG_STR
 };
+#ifdef DRAFT_RRTYPES
+static const gldns_rdf_type type_doa_wireformat[] = {
+	GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT32, GLDNS_RDF_TYPE_INT8,
+	GLDNS_RDF_TYPE_STR, GLDNS_RDF_TYPE_B64
+};
+static const gldns_rdf_type type_amtrelay_wireformat[] = {
+	GLDNS_RDF_TYPE_AMTRELAY
+};
+#endif
 
 /* All RR's defined in 1035 are well known and can thus
  * be compressed. See RFC3597. These RR's are:
@@ -236,7 +253,7 @@ static const gldns_rdf_type type_caa_wireformat[] = {
  */
 static gldns_rr_descriptor rdata_field_descriptors[] = {
 	/* 0 */
-	{ 0, NULL, 0, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+	{(enum gldns_enum_rr_type)0, NULL, 0, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 1 */
 	{GLDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 2 */
@@ -341,13 +358,10 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	{GLDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 52 */
 	{GLDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-	/*53 */
-#ifdef DRAFT_RRTYPES
+	/* 53 */
 	{GLDNS_RR_TYPE_SMIMEA, "SMIMEA", 4, 4, type_tlsa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-#else
-{GLDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-#endif
-{GLDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+	/* 54 */
+{(enum gldns_enum_rr_type)0, "TYPE54", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
         /* 55
 	 * Hip ends with 0 or more Rendezvous Servers represented as dname's.
 	 * Hence the GLDNS_RDF_TYPE_DNAME _variable field and the _maximum field
@@ -361,8 +375,8 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	/* 57 */
 	{GLDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #else
-{GLDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE56", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE57", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #endif
 	/* 58 */
 	{GLDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 2 },
@@ -375,54 +389,57 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 {GLDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* 62 */
 	{GLDNS_RR_TYPE_CSYNC, "CSYNC", 3, 3, type_csync_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+	/* 63 */
+	{GLDNS_RR_TYPE_ZONEMD, "ZONEMD", 4, 4, type_zonemd_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+	/* 64 */
+	{GLDNS_RR_TYPE_SVCB, "SVCB", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
+	/* 65 */
+	{GLDNS_RR_TYPE_HTTPS, "HTTPS", 2, 2, type_svcb_wireformat, GLDNS_RDF_TYPE_SVCPARAM, GLDNS_RR_NO_COMPRESS, 1 },
+{(enum gldns_enum_rr_type)0, "TYPE66", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE67", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE68", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE69", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE70", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE71", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE72", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE73", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE74", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE75", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE76", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE77", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE78", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE79", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE80", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE81", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE82", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE83", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE84", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE85", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE86", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE87", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE88", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE89", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE90", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE91", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE92", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE93", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE94", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE95", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE96", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE97", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE98", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 
 	/* 99 */
 	{GLDNS_RR_TYPE_SPF,  "SPF", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
 
 	/* UINFO  [IANA-Reserved] */
-{GLDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE100", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* UID    [IANA-Reserved] */
-{GLDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE101", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* GID    [IANA-Reserved] */
-{GLDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE102", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 	/* UNSPEC [IANA-Reserved] */
-{GLDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE103", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 
 	/* 104 */
 	{GLDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
@@ -438,145 +455,145 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	/* 109 */
 	{GLDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 
-{GLDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
-{GLDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE110", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE111", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE112", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE113", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE114", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE115", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE116", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE117", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE118", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE119", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE120", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE121", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE122", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE123", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE124", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE125", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE126", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE127", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE128", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE129", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE130", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE131", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE132", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE133", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE134", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE135", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE136", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE137", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE138", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE139", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE140", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE141", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE142", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE143", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE144", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE145", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE146", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE147", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE148", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE149", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE150", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE151", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE152", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE153", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE154", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE155", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE156", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE157", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE158", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE159", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE160", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE161", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE162", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE163", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE164", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE165", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE166", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE167", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE168", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE169", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE170", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE171", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE172", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE173", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE174", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE175", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE176", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE177", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE178", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE179", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE180", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE181", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE182", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE183", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE184", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE185", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE186", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE187", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE188", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE189", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE190", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE191", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE192", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE193", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE194", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE195", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE196", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE197", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE198", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE199", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE200", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE201", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE202", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE203", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE204", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE205", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE206", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE207", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE208", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE209", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE210", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE211", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE212", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE213", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE214", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE215", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE216", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE217", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE218", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE219", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE220", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE221", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE222", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE223", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE224", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE225", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE226", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE227", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE228", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE229", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE230", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE231", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE232", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE233", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE234", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE235", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE236", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE237", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE238", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE239", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE240", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE241", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE242", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE243", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE244", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE245", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE246", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE247", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE248", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 
 	/* GLDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one.
 	 * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9.
@@ -607,8 +624,14 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 #ifdef DRAFT_RRTYPES
 	/* 258 */
 	{GLDNS_RR_TYPE_AVC, "AVC", 1, 0, NULL, GLDNS_RDF_TYPE_STR, GLDNS_RR_NO_COMPRESS, 0 },
+	/* 259 */
+	{GLDNS_RR_TYPE_DOA, "DOA", 1, 0, type_doa_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+	/* 260 */
+	{GLDNS_RR_TYPE_AMTRELAY, "AMTRELAY", 1, 0, type_amtrelay_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #else
-{GLDNS_RR_TYPE_NULL, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE258", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE259", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE260", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #endif
 
 /* split in array, no longer contiguous */
@@ -617,7 +640,7 @@ static gldns_rr_descriptor rdata_field_descriptors[] = {
 	/* 32768 */
 	{GLDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #else
-{GLDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
+{(enum gldns_enum_rr_type)0, "TYPE32768", 1, 1, type_0_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 },
 #endif
 	/* 32769 */
 	{GLDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, GLDNS_RDF_TYPE_NONE, GLDNS_RR_NO_COMPRESS, 0 }
@@ -713,18 +736,18 @@ gldns_get_rr_type_by_name(const char *name)
 
 	/* special cases for query types */
 	if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) {
-		return 251;
+		return GLDNS_RR_TYPE_IXFR;
 	} else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) {
-		return 252;
+		return GLDNS_RR_TYPE_AXFR;
 	} else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) {
-		return 253;
+		return GLDNS_RR_TYPE_MAILB;
 	} else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) {
-		return 254;
+		return GLDNS_RR_TYPE_MAILA;
 	} else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) {
-		return 255;
+		return GLDNS_RR_TYPE_ANY;
 	}
 
-	return 0;
+	return (enum gldns_enum_rr_type)0;
 }
 
 gldns_rr_class

src/gldns/rrdef.h

@@ -38,7 +38,7 @@ extern "C" {
 #define GLDNS_KEY_REVOKE_KEY 0x0080 /* used to revoke KSK, rfc 5011 */
 
 /* The first fields are contiguous and can be referenced instantly */
-#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 259
+#define GLDNS_RDATA_FIELD_DESCRIPTORS_COMMON 260
 
 /** lookuptable for rr classes  */
 extern struct gldns_struct_lookup_table* gldns_rr_classes;
@@ -182,9 +182,7 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
 	GLDNS_RR_TYPE_NSEC3PARAMS = 51,
 	GLDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */
-	GLDNS_RR_TYPE_SMIMEA = 53, /* draft-ietf-dane-smime, TLSA-like but may
-				     be extended */
-
+	GLDNS_RR_TYPE_SMIMEA = 53, /* RFC 8162 */
 	GLDNS_RR_TYPE_HIP = 55, /* RFC 5205 */
 
 	/** draft-reid-dnsext-zs */
@@ -197,6 +195,9 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
 	GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
 	GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
+	GLDNS_RR_TYPE_ZONEMD = 63, /* RFC8976 */
+	GLDNS_RR_TYPE_SVCB = 64, /* draft-ietf-dnsop-svcb-https-04 */
+	GLDNS_RR_TYPE_HTTPS = 65, /* draft-ietf-dnsop-svcb-https-04 */
 
 	GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */
 
@@ -227,6 +228,8 @@ enum gldns_enum_rr_type
 	GLDNS_RR_TYPE_URI = 256, /* RFC 7553 */
 	GLDNS_RR_TYPE_CAA = 257, /* RFC 6844 */
 	GLDNS_RR_TYPE_AVC = 258,
+	GLDNS_RR_TYPE_DOA = 259, /* draft-durand-doa-over-dns */
+	GLDNS_RR_TYPE_AMTRELAY = 260, /* draft-ietf-mboned-driad-amt-discovery */
 
 	/** DNSSEC Trust Authorities */
 	GLDNS_RR_TYPE_TA = 32768,
@@ -331,13 +334,13 @@ enum gldns_enum_rdf_type
         GLDNS_RDF_TYPE_NSEC3_NEXT_OWNER,
 
         /** 4 shorts represented as 4 * 16 bit hex numbers
-         *  seperated by colons. For NID and L64.
+         *  separated by colons. For NID and L64.
          */
         GLDNS_RDF_TYPE_ILNP64,
 
-        /** 6 * 8 bit hex numbers seperated by dashes. For EUI48. */
+        /** 6 * 8 bit hex numbers separated by dashes. For EUI48. */
         GLDNS_RDF_TYPE_EUI48,
-        /** 8 * 8 bit hex numbers seperated by dashes. For EUI64. */
+        /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */
         GLDNS_RDF_TYPE_EUI64,
 
         /** A non-zero sequence of US-ASCII letters and numbers in lower case.
@@ -351,11 +354,19 @@ enum gldns_enum_rdf_type
          */
         GLDNS_RDF_TYPE_LONG_STR,
 
+	/* draft-ietf-mboned-driad-amt-discovery */
+	GLDNS_RDF_TYPE_AMTRELAY,
+
 	/** TSIG extended 16bit error value */
 	GLDNS_RDF_TYPE_TSIGERROR,
 
+	/* draft-ietf-dnsop-svcb-https-05:
+	 * each SvcParam consisting of a SvcParamKey=SvcParamValue pair or
+	 * a standalone SvcParamKey */
+	GLDNS_RDF_TYPE_SVCPARAM,
+
         /* Aliases */
-        GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC
+        GLDNS_RDF_TYPE_BITMAP = GLDNS_RDF_TYPE_NSEC,
 };
 typedef enum gldns_enum_rdf_type gldns_rdf_type;
 
@@ -428,10 +439,43 @@ enum gldns_enum_edns_option
 	GLDNS_EDNS_N3U = 7, /* RFC6975 */
 	GLDNS_EDNS_CLIENT_SUBNET = 8, /* RFC7871 */
 	GLDNS_EDNS_KEEPALIVE = 11, /* draft-ietf-dnsop-edns-tcp-keepalive*/
-	GLDNS_EDNS_PADDING = 12 /* RFC7830 */
+	GLDNS_EDNS_PADDING = 12, /* RFC7830 */
+	GLDNS_EDNS_EDE = 15, /* RFC8914 */
+	GLDNS_EDNS_CLIENT_TAG = 16 /* draft-bellis-dnsop-edns-tags-01 */
 };
 typedef enum gldns_enum_edns_option gldns_edns_option;
 
+enum gldns_enum_ede_code
+{
+	GLDNS_EDE_NONE = -1, /* EDE undefined for internal use */
+	GLDNS_EDE_OTHER = 0,
+	GLDNS_EDE_UNSUPPORTED_DNSKEY_ALG = 1,
+	GLDNS_EDE_UNSUPPORTED_DS_DIGEST = 2,
+	GLDNS_EDE_STALE_ANSWER = 3,
+	GLDNS_EDE_FORGED_ANSWER = 4,
+	GLDNS_EDE_DNSSEC_INDETERMINATE = 5,
+	GLDNS_EDE_DNSSEC_BOGUS = 6,
+	GLDNS_EDE_SIGNATURE_EXPIRED = 7,
+	GLDNS_EDE_SIGNATURE_NOT_YET_VALID = 8,
+	GLDNS_EDE_DNSKEY_MISSING = 9,
+	GLDNS_EDE_RRSIGS_MISSING = 10,
+	GLDNS_EDE_NO_ZONE_KEY_BIT_SET = 11,
+	GLDNS_EDE_NSEC_MISSING = 12,
+	GLDNS_EDE_CACHED_ERROR = 13,
+	GLDNS_EDE_NOT_READY = 14,
+	GLDNS_EDE_BLOCKED = 15,
+	GLDNS_EDE_CENSORED = 16,
+	GLDNS_EDE_FILTERED = 17,
+	GLDNS_EDE_PROHIBITED = 18,
+	GLDNS_EDE_STALE_NXDOMAIN_ANSWER = 19,
+	GLDNS_EDE_NOT_AUTHORITATIVE = 20,
+	GLDNS_EDE_NOT_SUPPORTED = 21,
+	GLDNS_EDE_NO_REACHABLE_AUTHORITY = 22,
+	GLDNS_EDE_NETWORK_ERROR = 23,
+	GLDNS_EDE_INVALID_DATA = 24,
+};
+typedef enum gldns_enum_ede_code gldns_ede_code;
+
 #define GLDNS_EDNS_MASK_DO_BIT 0x8000
 
 /** TSIG and TKEY extended rcodes (16bit), 0-15 are the normal rcodes. */

src/gldns/str2wire.h

@@ -23,10 +23,27 @@ extern "C" {
 #endif
 struct gldns_struct_lookup_table;
 
+#define GLDNS_IP4ADDRLEN      (32/8)
+#define GLDNS_IP6ADDRLEN      (128/8)
+
 /** buffer to read an RR, cannot be larger than 64K because of packet size */
 #define GLDNS_RR_BUF_SIZE 65535 /* bytes */
 #define GLDNS_DEFAULT_TTL	3600
 
+/* SVCB keys currently defined in draft-ietf-dnsop-svcb-https */
+#define SVCB_KEY_MANDATORY		0
+#define SVCB_KEY_ALPN			1
+#define SVCB_KEY_NO_DEFAULT_ALPN	2
+#define SVCB_KEY_PORT			3
+#define SVCB_KEY_IPV4HINT		4
+#define SVCB_KEY_ECH			5
+#define SVCB_KEY_IPV6HINT		6
+#define SVCPARAMKEY_COUNT		7
+
+#define MAX_NUMBER_OF_SVCPARAMS	64
+
+#define SVCB_MAX_COMMA_SEPARATED_VALUES	1000
+
 /*
  * To convert class and type to string see
  * gldns_get_rr_class_by_name(str)
@@ -170,7 +187,7 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
 #define GLDNS_WIREPARSE_MASK 0x0fff
 #define GLDNS_WIREPARSE_SHIFT 12
 #define GLDNS_WIREPARSE_ERROR(e) ((e)&GLDNS_WIREPARSE_MASK)
-#define GLDNS_WIREPARSE_OFFSET(e) (((e)&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
+#define GLDNS_WIREPARSE_OFFSET(e) ((((unsigned)(e))&~GLDNS_WIREPARSE_MASK)>>GLDNS_WIREPARSE_SHIFT)
 /* use lookuptable to get error string, gldns_wireparse_errors */
 #define GLDNS_WIREPARSE_ERR_OK 0
 #define GLDNS_WIREPARSE_ERR_GENERAL 342
@@ -204,6 +221,20 @@ uint8_t* gldns_wirerr_get_rdatawl(uint8_t* rr, size_t len, size_t dname_len);
 #define GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW 370
 #define GLDNS_WIREPARSE_ERR_INCLUDE 371
 #define GLDNS_WIREPARSE_ERR_PARENTHESIS 372
+#define GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY 373
+#define GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM 374
+#define GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS 375
+#define GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS 376
+#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS 377
+#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM 378
+#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY 379
+#define GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY 380
+#define GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX 381
+#define GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES 382
+#define GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES 383
+#define GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE 384
+#define GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE 385
+#define GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA 386
 
 /**
  * Get reference to a constant string for the (parse) error.
@@ -554,6 +585,21 @@ int gldns_str2wire_hip_buf(const char* str, uint8_t* rd, size_t* len);
  */
 int gldns_str2wire_int16_data_buf(const char* str, uint8_t* rd, size_t* len);
 
+/**
+ * Convert rdf of type GLDNS_RDF_TYPE_AMTRELAY from string to wireformat.
+ * @param str: the text to convert for this rdata element.
+ * @param rd: rdata buffer for the wireformat.
+ * @param len: length of rd buffer on input, used length on output.
+ * @return 0 on success, error on failure.
+ */
+int gldns_str2wire_amtrelay_buf(const char* str, uint8_t* rd, size_t* len);
+
+/**
+ * Strip whitespace from the start and the end of line.
+ * @param line: modified with 0 to shorten it.
+ * @return new start with spaces skipped.
+ */
+char * gldns_strip_ws(char *line);
 #ifdef __cplusplus
 }
 #endif

src/gldns/wire2str.c

@@ -14,6 +14,7 @@
  * Contains functions to translate the wireformat to text
  * representation, as well as functions to print them.
  */
+#include <stdlib.h>
 #include "config.h"
 #include "gldns/wire2str.h"
 #include "gldns/str2wire.h"
@@ -25,7 +26,9 @@
 #ifdef HAVE_TIME_H
 #include <time.h>
 #endif
+#ifdef HAVE_SYS_TIME_H
 #include <sys/time.h>
+#endif
 #include <stdarg.h>
 #include <ctype.h>
 #ifdef HAVE_NETDB_H
@@ -148,6 +151,30 @@ static gldns_lookup_table gldns_wireparse_errors_data[] = {
 	{ GLDNS_WIREPARSE_ERR_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer overflow" },
 	{ GLDNS_WIREPARSE_ERR_INCLUDE, "$INCLUDE directive was seen in the zone" },
 	{ GLDNS_WIREPARSE_ERR_PARENTHESIS, "Parse error, parenthesis mismatch" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_UNKNOWN_KEY, "Unknown SvcParamKey"},
+	{ GLDNS_WIREPARSE_ERR_SVCB_MISSING_PARAM, "SvcParam is missing a SvcParamValue"},
+	{ GLDNS_WIREPARSE_ERR_SVCB_DUPLICATE_KEYS, "Duplicate SVCB key found"},
+	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_TOO_MANY_KEYS, "Too many keys in mandatory" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_TOO_MANY_PARAMS,
+		"Too many SvcParams. Unbound only allows 63 entries" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_MISSING_PARAM,
+		"Mandatory SvcParamKey is missing"},
+	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_DUPLICATE_KEY,
+		"Keys in SvcParam mandatory MUST be unique" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_MANDATORY_IN_MANDATORY, 
+		"mandatory MUST not be included as mandatory parameter" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_PORT_VALUE_SYNTAX,
+		"Could not parse port SvcParamValue" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_IPV4_TOO_MANY_ADDRESSES,
+		"Too many IPv4 addresses in ipv4hint" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_IPV6_TOO_MANY_ADDRESSES,
+		"Too many IPv6 addresses in ipv6hint" },
+	{ GLDNS_WIREPARSE_ERR_SVCB_ALPN_KEY_TOO_LARGE,
+		"Alpn strings need to be smaller than 255 chars"},
+	{ GLDNS_WIREPARSE_ERR_SVCB_NO_DEFAULT_ALPN_VALUE,
+		"No-default-alpn should not have a value" },
+	{ GLDNS_WIREPARSE_ERR_SVCPARAM_BROKEN_RDATA,
+		"General SVCParam error" },
 	{ 0, NULL }
 };
 gldns_lookup_table* gldns_wireparse_errors = gldns_wireparse_errors_data;
@@ -169,6 +196,7 @@ static gldns_lookup_table gldns_edns_options_data[] = {
 	{ 8, "edns-client-subnet" },
 	{ 11, "edns-tcp-keepalive"},
 	{ 12, "Padding" },
+	{ 15, "EDE"},
 	{ 0, NULL}
 };
 gldns_lookup_table* gldns_edns_options = gldns_edns_options_data;
@@ -195,6 +223,12 @@ static gldns_lookup_table gldns_tsig_errors_data[] = {
 };
 gldns_lookup_table* gldns_tsig_errors = gldns_tsig_errors_data;
 
+/* draft-ietf-dnsop-svcb-https-06: 6. Initial SvcParamKeys */
+const char *svcparamkey_strs[] = {
+	"mandatory", "alpn", "no-default-alpn", "port",
+	"ipv4hint", "ech", "ipv6hint"
+};
+
 char* gldns_wire2str_pkt(uint8_t* data, size_t len)
 {
 	size_t slen = (size_t)gldns_wire2str_pkt_buf(data, len, NULL, 0);
@@ -252,7 +286,13 @@ int gldns_wire2str_pkt_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 int gldns_wire2str_rr_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 {
 	/* use arguments as temporary variables */
-	return gldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0);
+	return gldns_wire2str_rr_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
+}
+
+int gldns_wire2str_rrquestion_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
+{
+	/* use arguments as temporary variables */
+	return gldns_wire2str_rrquestion_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
 }
 
 int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
@@ -260,13 +300,13 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
 {
 	/* use arguments as temporary variables */
 	return gldns_wire2str_rdata_scan(&rdata, &rdata_len, &str, &str_len,
-		rrtype, NULL, 0);
+		rrtype, NULL, 0, NULL);
 }
 
 int gldns_wire2str_rr_unknown_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 {
 	/* use arguments as temporary variables */
-	return gldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0);
+	return gldns_wire2str_rr_unknown_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
 }
 
 int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rrlen, size_t dname_len,
@@ -304,7 +344,7 @@ int gldns_wire2str_opcode_buf(int opcode, char* s, size_t slen)
 int gldns_wire2str_dname_buf(uint8_t* d, size_t dlen, char* s, size_t slen)
 {
 	/* use arguments as temporary variables */
-	return gldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0);
+	return gldns_wire2str_dname_scan(&d, &dlen, &s, &slen, NULL, 0, NULL);
 }
 
 int gldns_str_vprint(char** str, size_t* slen, const char* format, va_list args)
@@ -359,7 +399,7 @@ static int print_remainder_hex(const char* pref, uint8_t** d, size_t* dlen,
 
 int gldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
 {
-	int w = 0;
+	int w = 0, comprloop = 0;
 	unsigned qdcount, ancount, nscount, arcount, i;
 	uint8_t* pkt = *d;
 	size_t pktlen = *dlen;
@@ -376,25 +416,25 @@ int gldns_wire2str_pkt_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
 	w += gldns_str_print(s, slen, ";; QUESTION SECTION:\n");
 	for(i=0; i<qdcount; i++) {
 		w += gldns_wire2str_rrquestion_scan(d, dlen, s, slen,
-			pkt, pktlen);
+			pkt, pktlen, &comprloop);
 		if(!*dlen) break;
 	}
 	w += gldns_str_print(s, slen, "\n");
 	w += gldns_str_print(s, slen, ";; ANSWER SECTION:\n");
 	for(i=0; i<ancount; i++) {
-		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
+		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
 		if(!*dlen) break;
 	}
 	w += gldns_str_print(s, slen, "\n");
 	w += gldns_str_print(s, slen, ";; AUTHORITY SECTION:\n");
 	for(i=0; i<nscount; i++) {
-		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
+		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
 		if(!*dlen) break;
 	}
 	w += gldns_str_print(s, slen, "\n");
 	w += gldns_str_print(s, slen, ";; ADDITIONAL SECTION:\n");
 	for(i=0; i<arcount; i++) {
-		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen);
+		w += gldns_wire2str_rr_scan(d, dlen, s, slen, pkt, pktlen, &comprloop);
 		if(!*dlen) break;
 	}
 	/* other fields: WHEN(time), SERVER(IP) not available here. */
@@ -443,7 +483,7 @@ static int gldns_rr_tcttl_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 }
 
 int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
-	uint8_t* pkt, size_t pktlen)
+	uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	int w = 0;
 	uint8_t* rr = *d;
@@ -458,7 +498,7 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 
 	/* try to scan the rdata with pretty-printing, but if that fails, then
 	 * scan the rdata as an unknown RR type */
-	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
+	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
 	w += gldns_str_print(s, slen, "\t");
 	dname_off = rrlen-(*dlen);
 	if(*dlen == 4) {
@@ -502,7 +542,8 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 		w += print_remainder_hex(";Error partial rdata 0x", d, dlen, s, slen);
 		return w + gldns_str_print(s, slen, "\n");
 	}
-	w += gldns_wire2str_rdata_scan(d, &rdlen, s, slen, rrtype, pkt, pktlen);
+	w += gldns_wire2str_rdata_scan(d, &rdlen, s, slen, rrtype, pkt, pktlen,
+		comprloop);
 	(*dlen) -= (ordlen-rdlen);
 
 	/* default comment */
@@ -513,11 +554,11 @@ int gldns_wire2str_rr_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 }
 
 int gldns_wire2str_rrquestion_scan(uint8_t** d, size_t* dlen, char** s,
-	size_t* slen, uint8_t* pkt, size_t pktlen)
+	size_t* slen, uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	int w = 0;
 	uint16_t t, c;
-	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
+	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
 	w += gldns_str_print(s, slen, "\t");
 	if(*dlen < 4) {
 		if(*dlen == 0)
@@ -537,11 +578,11 @@ int gldns_wire2str_rrquestion_scan(uint8_t** d, size_t* dlen, char** s,
 }
 
 int gldns_wire2str_rr_unknown_scan(uint8_t** d, size_t* dlen, char** s,
-	size_t* slen, uint8_t* pkt, size_t pktlen)
+	size_t* slen, uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	size_t rdlen, ordlen;
 	int w = 0;
-	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
+	w += gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
 	w += gldns_str_print(s, slen, "\t");
 	w += gldns_rr_tcttl_scan(d, dlen, s, slen);
 	w += gldns_str_print(s, slen, "\t");
@@ -579,6 +620,7 @@ static int rr_comment_dnskey(char** s, size_t* slen, uint8_t* rr,
 	if(rrlen < dname_off + 10) return 0;
 	rdlen = gldns_read_uint16(rr+dname_off+8);
 	if(rrlen < dname_off + 10 + rdlen) return 0;
+	if(rdlen < 2) return 0;
 	rdata = rr + dname_off + 10;
 	flags = (int)gldns_read_uint16(rdata);
 	w += gldns_str_print(s, slen, " ;{");
@@ -692,7 +734,8 @@ int gldns_wire2str_header_scan(uint8_t** d, size_t* dlen, char** s,
 }
 
 int gldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,
-	size_t* slen, uint16_t rrtype, uint8_t* pkt, size_t pktlen)
+	size_t* slen, uint16_t rrtype, uint8_t* pkt, size_t pktlen,
+	int* comprloop)
 {
 	/* try to prettyprint, but if that fails, use unknown format */
 	uint8_t* origd = *d;
@@ -718,7 +761,7 @@ int gldns_wire2str_rdata_scan(uint8_t** d, size_t* dlen, char** s,
 		if(r_cnt != 0)
 			w += gldns_str_print(s, slen, " ");
 		n = gldns_wire2str_rdf_scan(d, dlen, s, slen, rdftype,
-			pkt, pktlen);
+			pkt, pktlen, comprloop);
 		if(n == -1) {
 		failed:
 			/* failed, use unknown format */
@@ -769,21 +812,28 @@ static int dname_char_print(char** s, size_t* slen, uint8_t c)
 }
 
 int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
-	uint8_t* pkt, size_t pktlen)
+	uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	int w = 0;
 	/* spool labels onto the string, use compression if its there */
 	uint8_t* pos = *d;
 	unsigned i, counter=0;
-	const unsigned maxcompr = 1000; /* loop detection, max compr ptrs */
+	unsigned maxcompr = 1000; /* loop detection, max compr ptrs */
 	int in_buf = 1;
+	size_t dname_len = 0;
+	if(comprloop) {
+		if(*comprloop != 0)
+			maxcompr = 30; /* for like ipv6 reverse name, per label */
+		if(*comprloop > 4)
+			maxcompr = 4; /* just don't want to spend time, any more */
+	}
 	if(*dlen == 0) return gldns_str_print(s, slen, "ErrorMissingDname");
 	if(*pos == 0) {
 		(*d)++;
 		(*dlen)--;
 		return gldns_str_print(s, slen, ".");
 	}
-	while(*pos) {
+	while((!pkt || pos < pkt+pktlen) && *pos) {
 		/* read label length */
 		uint8_t labellen = *pos++;
 		if(in_buf) { (*d)++; (*dlen)--; }
@@ -804,9 +854,12 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			if(!pkt || target >= pktlen)
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrOutOfBounds");
-			if(counter++ > maxcompr)
+			if(counter++ > maxcompr) {
+				if(comprloop && *comprloop < 10)
+					(*comprloop)++;
 				return w + gldns_str_print(s, slen,
 					"ErrorComprPtrLooped");
+			}
 			in_buf = 0;
 			pos = pkt+target;
 			continue;
@@ -823,6 +876,16 @@ int gldns_wire2str_dname_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 			labellen = (uint8_t)*dlen;
 		else if(!in_buf && pos+(size_t)labellen > pkt+pktlen)
 			labellen = (uint8_t)(pkt + pktlen - pos);
+		dname_len += ((size_t)labellen)+1;
+		if(dname_len > GLDNS_MAX_DOMAINLEN) {
+			/* dname_len counts the uncompressed length we have
+			 * seen so far, and the domain name has become too
+			 * long, prevent the loop from printing overly long
+			 * content. */
+			w += gldns_str_print(s, slen,
+				"ErrorDomainNameTooLong");
+			return w;
+		}
 		for(i=0; i<(unsigned)labellen; i++) {
 			w += dname_char_print(s, slen, *pos++);
 		}
@@ -921,15 +984,262 @@ int gldns_wire2str_ttl_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
 	return gldns_str_print(s, slen, "%u", (unsigned)ttl);
 }
 
+static int
+gldns_print_svcparamkey(char** s, size_t* slen, uint16_t svcparamkey)
+{
+	if (svcparamkey < SVCPARAMKEY_COUNT) {
+		return gldns_str_print(s, slen, "%s", svcparamkey_strs[svcparamkey]);
+	}
+	else {
+		return gldns_str_print(s, slen, "key%d", (int)svcparamkey);
+	}
+}
+
+static int gldns_wire2str_svcparam_port2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	int w = 0;
+
+	if (data_len != 2)
+		return -1; /* wireformat error, a short is 2 bytes */
+	w = gldns_str_print(s, slen, "=%d", (int)gldns_read_uint16(data));
+
+	return w;
+}
+
+static int gldns_wire2str_svcparam_ipv4hint2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	char ip_str[INET_ADDRSTRLEN + 1];
+
+	int w = 0;
+
+	assert(data_len > 0);
+
+	if ((data_len % GLDNS_IP4ADDRLEN) == 0) {
+		if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
+			return -1; /* wireformat error, incorrect size or inet family */
+
+		w += gldns_str_print(s, slen, "=%s", ip_str);
+		data += GLDNS_IP4ADDRLEN;
+
+		while ((data_len -= GLDNS_IP4ADDRLEN) > 0) {
+			if (inet_ntop(AF_INET, data, ip_str, sizeof(ip_str)) == NULL)
+				return -1; /* wireformat error, incorrect size or inet family */
+
+			w += gldns_str_print(s, slen, ",%s", ip_str);
+			data += GLDNS_IP4ADDRLEN;
+		}
+	} else
+		return -1;
+
+	return w;
+}
+
+static int gldns_wire2str_svcparam_ipv6hint2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	char ip_str[INET6_ADDRSTRLEN + 1];
+
+	int w = 0;
+
+	assert(data_len > 0);
+
+	if ((data_len % GLDNS_IP6ADDRLEN) == 0) {
+		if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
+			return -1; /* wireformat error, incorrect size or inet family */
+
+		w += gldns_str_print(s, slen, "=%s", ip_str);
+		data += GLDNS_IP6ADDRLEN;
+
+		while ((data_len -= GLDNS_IP6ADDRLEN) > 0) {
+			if (inet_ntop(AF_INET6, data, ip_str, sizeof(ip_str)) == NULL)
+				return -1; /* wireformat error, incorrect size or inet family */
+
+			w += gldns_str_print(s, slen, ",%s", ip_str);
+			data += GLDNS_IP6ADDRLEN;
+		}
+	} else
+		return -1;
+
+	return w;
+}
+
+static int gldns_wire2str_svcparam_mandatory2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	int w = 0;
+
+	assert(data_len > 0);
+
+	if (data_len % sizeof(uint16_t))
+		return -1; /* wireformat error, data_len must be multiple of shorts */
+	w += gldns_str_print(s, slen, "=");
+	w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
+	data += 2;
+
+	while ((data_len -= sizeof(uint16_t))) {
+		w += gldns_str_print(s, slen, ",");
+		w += gldns_print_svcparamkey(s, slen, gldns_read_uint16(data));
+		data += 2;
+	}
+
+	return w;
+}
+
+static int gldns_wire2str_svcparam_alpn2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	uint8_t *dp = (void *)data;
+	int w = 0;
+
+	assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
+
+	w += gldns_str_print(s, slen, "=\"");
+	while (data_len) {
+		/* alpn is list of length byte (str_len) followed by a string of that size */
+		uint8_t i, str_len = *dp++;
+
+		if (str_len > --data_len)
+			return -1;
+
+		for (i = 0; i < str_len; i++) {
+			if (dp[i] == '"' || dp[i] == '\\')
+				w += gldns_str_print(s, slen, "\\\\\\%c", dp[i]);
+
+			else if (dp[i] == ',')
+				w += gldns_str_print(s, slen, "\\\\%c", dp[i]);
+
+			else if (!isprint(dp[i]))
+				w += gldns_str_print(s, slen, "\\%03u", (unsigned) dp[i]);
+
+			else
+				w += gldns_str_print(s, slen, "%c", dp[i]);
+		}
+		dp += str_len;
+		if ((data_len -= str_len))
+			w += gldns_str_print(s, slen, "%s", ",");
+	}
+	w += gldns_str_print(s, slen, "\"");
+	
+	return w;
+}
+
+static int gldns_wire2str_svcparam_ech2str(char** s,
+	size_t* slen, uint16_t data_len, uint8_t* data)
+{
+	int size;
+	int w = 0;
+
+	assert(data_len > 0); /* Guaranteed by gldns_wire2str_svcparam_scan */
+
+	w += gldns_str_print(s, slen, "=\"");
+
+	if ((size = gldns_b64_ntop(data, data_len, *s, *slen)) < 0)
+		return -1;
+
+	(*s) += size;
+	(*slen) -= size;
+
+	w += gldns_str_print(s, slen, "\"");	
+
+	return w + size;
+}
+
+int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen)
+{
+	uint8_t ch;
+	uint16_t svcparamkey, data_len;
+	int written_chars = 0;
+	int r, i;
+
+	/* verify that we have enough data to read svcparamkey and data_len */
+	if(*dlen < 4)
+		return -1;
+
+	svcparamkey = gldns_read_uint16(*d);
+	data_len = gldns_read_uint16(*d+2);
+	*d    += 4;
+	*dlen -= 4;
+
+	/* verify that we have data_len data */
+	if (data_len > *dlen)
+		return -1; 
+
+	written_chars += gldns_print_svcparamkey(s, slen, svcparamkey);
+	if (!data_len) {
+
+	 	/* Some SvcParams MUST have values */
+	 	switch (svcparamkey) {
+	 	case SVCB_KEY_ALPN:
+	 	case SVCB_KEY_PORT:
+	 	case SVCB_KEY_IPV4HINT:
+	 	case SVCB_KEY_IPV6HINT:
+	 	case SVCB_KEY_MANDATORY:
+	 		return -1;
+	 	default:
+	 		return written_chars;
+	 	}
+	}
+
+	switch (svcparamkey) {
+	case SVCB_KEY_PORT:
+		r = gldns_wire2str_svcparam_port2str(s, slen, data_len, *d);
+		break;
+	case SVCB_KEY_IPV4HINT:
+		r = gldns_wire2str_svcparam_ipv4hint2str(s, slen, data_len, *d);
+		break;
+	case SVCB_KEY_IPV6HINT:
+		r = gldns_wire2str_svcparam_ipv6hint2str(s, slen, data_len, *d);
+		break;
+	case SVCB_KEY_MANDATORY:
+		r = gldns_wire2str_svcparam_mandatory2str(s, slen, data_len, *d);
+		break;
+	case SVCB_KEY_NO_DEFAULT_ALPN:
+		return -1;  /* wireformat error, should not have a value */
+	case SVCB_KEY_ALPN:
+		r = gldns_wire2str_svcparam_alpn2str(s, slen, data_len, *d);
+		break;
+	case SVCB_KEY_ECH:
+		r = gldns_wire2str_svcparam_ech2str(s, slen, data_len, *d);
+		break;
+	default:
+		r = gldns_str_print(s, slen, "=\"");
+
+		for (i = 0; i < data_len; i++) {
+			ch = (*d)[i];
+
+			if (ch == '"' || ch == '\\')
+				r += gldns_str_print(s, slen, "\\%c", ch);
+
+			else if (!isprint(ch))
+				r += gldns_str_print(s, slen, "\\%03u", (unsigned) ch);
+
+			else
+				r += gldns_str_print(s, slen, "%c", ch);
+
+		}
+		r += gldns_str_print(s, slen, "\"");
+		break;
+	}
+	if (r <= 0)
+		return -1; /* wireformat error */
+	
+	written_chars += r;
+	*d    += data_len;
+	*dlen -= data_len;
+	return written_chars;
+}
+
 int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
-	int rdftype, uint8_t* pkt, size_t pktlen)
+	int rdftype, uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	if(*dlen == 0) return 0;
 	switch(rdftype) {
 	case GLDNS_RDF_TYPE_NONE:
 		return 0;
 	case GLDNS_RDF_TYPE_DNAME:
-		return gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen);
+		return gldns_wire2str_dname_scan(d, dlen, s, slen, pkt, pktlen, comprloop);
 	case GLDNS_RDF_TYPE_INT8:
 		return gldns_wire2str_int8_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_INT16:
@@ -981,7 +1291,7 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 		return gldns_wire2str_atma_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_IPSECKEY:
 		return gldns_wire2str_ipseckey_scan(d, dlen, s, slen, pkt,
-			pktlen);
+			pktlen, comprloop);
 	case GLDNS_RDF_TYPE_HIP:
 		return gldns_wire2str_hip_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_INT16_DATA:
@@ -998,6 +1308,11 @@ int gldns_wire2str_rdf_scan(uint8_t** d, size_t* dlen, char** s, size_t* slen,
 		return gldns_wire2str_tag_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_LONG_STR:
 		return gldns_wire2str_long_str_scan(d, dlen, s, slen);
+	case GLDNS_RDF_TYPE_AMTRELAY:
+		return gldns_wire2str_amtrelay_scan(d, dlen, s, slen, pkt,
+			pktlen, comprloop);
+	case GLDNS_RDF_TYPE_SVCPARAM:
+		return gldns_wire2str_svcparam_scan(d, dlen, s, slen);
 	case GLDNS_RDF_TYPE_TSIGERROR:
 		return gldns_wire2str_tsigerror_scan(d, dlen, s, slen);
 	}
@@ -1335,7 +1650,7 @@ int gldns_wire2str_time_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	if(*dl < 4) return -1;
 	t = gldns_read_uint32(*d);
 	date_buf[15]=0;
-	if(gldns_serial_arithmitics_gmtime_r(t, time(NULL), &tm) &&
+	if(gldns_serial_arithmetics_gmtime_r(t, time(NULL), &tm) &&
 		strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) {
 		(*d) += 4;
 		(*dl) -= 4;
@@ -1471,6 +1786,10 @@ int gldns_wire2str_wks_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	if(protocol && (protocol->p_name != NULL)) {
 		w += gldns_str_print(s, sl, "%s", protocol->p_name);
 		proto_name = protocol->p_name;
+	} else if(protocol_nr == 6) {
+		w += gldns_str_print(s, sl, "tcp");
+	} else if(protocol_nr == 17) {
+		w += gldns_str_print(s, sl, "udp");
 	} else	{
 		w += gldns_str_print(s, sl, "%u", (unsigned)protocol_nr);
 	}
@@ -1519,7 +1838,7 @@ int gldns_wire2str_atma_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 
 /* internal scan routine that can modify arguments on failure */
 static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
-	char** s, size_t* sl, uint8_t* pkt, size_t pktlen)
+	char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	/* http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt*/
 	uint8_t precedence, gateway_type, algorithm;
@@ -1547,7 +1866,7 @@ static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
 		w += gldns_wire2str_aaaa_scan(d, dl, s, sl);
 		break;
 	case 3: /* dname */
-		w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen);
+		w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop);
 		break;
 	default: /* unknown */
 		return -1;
@@ -1561,12 +1880,12 @@ static int gldns_wire2str_ipseckey_scan_internal(uint8_t** d, size_t* dl,
 }
 
 int gldns_wire2str_ipseckey_scan(uint8_t** d, size_t* dl, char** s, size_t* sl,
-	uint8_t* pkt, size_t pktlen)
+	uint8_t* pkt, size_t pktlen, int* comprloop)
 {
 	uint8_t* od = *d;
 	char* os = *s;
 	size_t odl = *dl, osl = *sl;
-	int w=gldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen);
+	int w=gldns_wire2str_ipseckey_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop);
 	if(w == -1) {
 		*d = od;
 		*s = os;
@@ -1697,6 +2016,61 @@ int gldns_wire2str_long_str_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 	return w;
 }
 
+/* internal scan routine that can modify arguments on failure */
+static int gldns_wire2str_amtrelay_scan_internal(uint8_t** d, size_t* dl,
+	char** s, size_t* sl, uint8_t* pkt, size_t pktlen, int* comprloop)
+{
+	/* https://www.ietf.org/id/draft-ietf-mboned-driad-amt-discovery-01.txt */
+	uint8_t precedence, discovery_optional, relay_type;
+	int w = 0;
+
+	if(*dl < 2) return -1;
+	precedence = (*d)[0];
+	discovery_optional= (*d)[1] >> 7;
+	relay_type = (*d)[1] % 0x7F;
+	if(relay_type > 3)
+		return -1; /* unknown */
+	(*d)+=2;
+	(*dl)-=2;
+	w += gldns_str_print(s, sl, "%d %d %d ",
+		(int)precedence, (int)discovery_optional, (int)relay_type);
+
+	switch(relay_type) {
+	case 0: /* no relay */
+		break;
+	case 1: /* ip4 */
+		w += gldns_wire2str_a_scan(d, dl, s, sl);
+		break;
+	case 2: /* ip6 */
+		w += gldns_wire2str_aaaa_scan(d, dl, s, sl);
+		break;
+	case 3: /* dname */
+		w += gldns_wire2str_dname_scan(d, dl, s, sl, pkt, pktlen, comprloop);
+		break;
+	default: /* unknown */
+		return -1;
+	}
+	return w;
+}
+
+int gldns_wire2str_amtrelay_scan(uint8_t** d, size_t* dl, char** s, size_t* sl,
+	uint8_t* pkt, size_t pktlen, int* comprloop)
+{
+	uint8_t* od = *d;
+	char* os = *s;
+	size_t odl = *dl, osl = *sl;
+	int w=gldns_wire2str_amtrelay_scan_internal(d, dl, s, sl, pkt, pktlen, comprloop);
+	if(w == -1) {
+		*d = od;
+		*s = os;
+		*dl = odl;
+		*sl = osl;
+		return -1;
+	}
+	return w;
+}
+
+
 int gldns_wire2str_tsigerror_scan(uint8_t** d, size_t* dl, char** s, size_t* sl)
 {
 	gldns_lookup_table *lt;
@@ -1898,8 +2272,8 @@ int gldns_wire2str_edns_subnet_print(char** s, size_t* sl, uint8_t* data,
 	return w;
 }
 
-int gldns_wire2str_edns_keepalive_print(char** s, size_t* sl, uint8_t* data,
-	size_t len)
+static int gldns_wire2str_edns_keepalive_print(char** s, size_t* sl,
+	uint8_t* data, size_t len)
 {
 	int w = 0;
 	uint16_t timeout;

src/gldns/wire2str.h

@@ -59,7 +59,7 @@ char* gldns_wire2str_pkt(uint8_t* data, size_t len);
 char* gldns_wire2str_rr(uint8_t* rr, size_t len);
 
 /**
- * Conver wire dname to a string.
+ * Convert wire dname to a string.
  * @param dname: the dname in uncompressed wireformat.
  * @param dname_len: length of the dname.
  * @return string or NULL on failure.
@@ -156,10 +156,11 @@ int gldns_wire2str_pkt_scan(uint8_t** data, size_t* data_len, char** str,
  * @param str_len: length of string buffer.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  */
 int gldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
 
 /**
  * Scan wireformat question rr to string, with user buffers.
@@ -170,10 +171,11 @@ int gldns_wire2str_rr_scan(uint8_t** data, size_t* data_len, char** str,
  * @param str_len: length of string buffer.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  */
 int gldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
 
 /**
  * Scan wireformat RR to string in unknown RR format, with user buffers.
@@ -184,10 +186,11 @@ int gldns_wire2str_rrquestion_scan(uint8_t** data, size_t* data_len, char** str,
  * @param str_len: length of string buffer.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  */
 int gldns_wire2str_rr_unknown_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
 
 /**
  * Print to string the RR-information comment in default format,
@@ -228,10 +231,12 @@ int gldns_wire2str_header_scan(uint8_t** data, size_t* data_len, char** str,
  * @param rrtype: RR type of Rdata, host format.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  */
 int gldns_wire2str_rdata_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint16_t rrtype, uint8_t* pkt, size_t pktlen,
+	int* comprloop);
 
 /**
  * Scan wireformat rdata to string in unknown format, with user buffers.
@@ -254,10 +259,17 @@ int gldns_wire2str_rdata_unknown_scan(uint8_t** data, size_t* data_len,
  * @param str_len: length of string buffer.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: inout bool, that is set true if compression loop failure
+ * 	happens.  Pass in 0, if passsed in as true, a lower bound is set
+ * 	on compression loops to stop arbitrary long packet parse times.
+ * 	This is meant so you can set it to 0 at the start of a list of dnames,
+ * 	and then scan all of them in sequence, if a loop happens, it becomes
+ * 	true and then it becomes more strict for the next dnames in the list.
+ * 	You can leave it at NULL if there is no pkt (pkt is NULL too).
  * @return number of characters (except null) needed to print.
  */
 int gldns_wire2str_dname_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
 
 /**
  * Scan wireformat rr type to string, with user buffers.
@@ -358,6 +370,22 @@ int gldns_wire2str_edns_option_code_print(char** str, size_t* str_len,
 int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
 	size_t str_len);
 
+/**
+ * Convert question RR to string presentation format, on one line.  User buffer.
+ * @param rr: wireformat RR data
+ * @param rr_len: length of the rr wire data.
+ * @param str: the string buffer to write to.
+ * 	If you pass NULL as the str, the return value of the function is
+ * 	the str_len you need for the entire packet.  It does not include
+ * 	the 0 byte at the end.
+ * @param str_len: the size of the string buffer.  If more is needed, it'll
+ * 	silently truncate the output to fit in the buffer.
+ * @return the number of characters for this element, excluding zerobyte.
+ * 	Is larger or equal than str_len if output was truncated.
+ */
+int gldns_wire2str_rrquestion_buf(uint8_t* rr, size_t rr_len, char* str,
+	size_t str_len);
+
 /**
  * 3597 printout of an RR in unknown rr format.
  * There are more format and comment options available for printout
@@ -466,6 +494,18 @@ int gldns_wire2str_opcode_buf(int opcode, char* str, size_t len);
 int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
 	size_t len);
 
+/**
+ * Convert wire SVCB to a string with user buffer.
+ * @param d: the SVCB data in uncompressed wireformat.
+ * @param dlen: length of the SVCB data.
+ * @param s: the string to write to.
+ * @param slen: length of string.
+ * @return the number of characters for this element, excluding zerobyte.
+ * 	Is larger or equal than str_len if output was truncated.
+ */
+int gldns_wire2str_svcparam_scan(uint8_t** d, size_t* dlen, char** s,
+	size_t* slen);
+
 /**
  * Scan wireformat rdf field to string, with user buffers.
  * It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
@@ -476,11 +516,13 @@ int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
  * @param rdftype: the type of the rdata field, enum gldns_rdf_type.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  * 	Can return -1 on failure.
  */
 int gldns_wire2str_rdf_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, int rdftype, uint8_t* pkt, size_t pktlen,
+	int* comprloop);
 
 /**
  * Scan wireformat int8 field to string, with user buffers.
@@ -777,11 +819,12 @@ int gldns_wire2str_atma_scan(uint8_t** data, size_t* data_len, char** str,
  * @param str_len: length of string buffer.
  * @param pkt: packet for decompression, if NULL no decompression.
  * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
  * @return number of characters (except null) needed to print.
  * 	Can return -1 on failure.
  */
 int gldns_wire2str_ipseckey_scan(uint8_t** data, size_t* data_len, char** str,
-	size_t* str_len, uint8_t* pkt, size_t pktlen);
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
 
 /**
  * Scan wireformat HIP (algo, HIT, pubkey) field to string, with user buffers.
@@ -900,6 +943,22 @@ int gldns_wire2str_tag_scan(uint8_t** data, size_t* data_len, char** str,
 int gldns_wire2str_long_str_scan(uint8_t** data, size_t* data_len, char** str,
 	size_t* str_len);
 
+/**
+ * Scan wireformat AMTRELAY field to string, with user buffers.
+ * It shifts the arguments to move along (see gldns_wire2str_pkt_scan).
+ * @param data: wireformat data.
+ * @param data_len: length of data buffer.
+ * @param str: string buffer.
+ * @param str_len: length of string buffer.
+ * @param pkt: packet for decompression, if NULL no decompression.
+ * @param pktlen: length of packet buffer.
+ * @param comprloop: if pkt, bool detects compression loops.
+ * @return number of characters (except null) needed to print.
+ * 	Can return -1 on failure.
+ */
+int gldns_wire2str_amtrelay_scan(uint8_t** data, size_t* data_len, char** str,
+	size_t* str_len, uint8_t* pkt, size_t pktlen, int* comprloop);
+
 /**
  * Print EDNS LLQ option data to string.  User buffers, moves string pointers.
  * @param str: string buffer.

src/gnutls/keyraw-internal.c

@@ -0,0 +1,15 @@
+/*
+ * keyraw.c - raw key operations and conversions - OpenSSL version
+ *
+ * (c) NLnet Labs, 2004-2008
+ *
+ * See the file LICENSE for the license
+ */
+/**
+ * \file
+ * Implementation of raw DNSKEY functions (work on wire rdata).
+ */
+
+#include "config.h"
+#include "gldns/keyraw.h"
+#include "gldns/rrdef.h"

src/gnutls/keyraw-internal.h

@@ -0,0 +1,31 @@
+/*
+ * keyraw.h -- raw key and signature access and conversion - OpenSSL
+ *
+ * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
+ *
+ * See LICENSE for the license.
+ *
+ */
+
+/**
+ * \file
+ *
+ * raw key and signature access and conversion
+ *
+ * Since those functions heavily rely op cryptographic operations,
+ * this module is dependent on openssl.
+ * 
+ */
+ 
+#ifndef GLDNS_KEYRAW_INTERNAL_H
+#define GLDNS_KEYRAW_INTERNAL_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GLDNS_KEYRAW_INTERNAL_H */

src/gnutls/pubkey-pinning-internal.c

@@ -0,0 +1,59 @@
+/**
+ *
+ * /brief functions for dealing with pubkey pinsets
+ *
+ */
+
+/*
+ * Copyright (c) 2015 ACLU
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "context.h"
+#include <nettle/base64.h>
+
+#include "types-internal.h"
+
+#include "pubkey-pinning.h"
+
+/**
+ ** Interfaces from pubkey-pinning.h
+ **/
+
+getdns_return_t _getdns_decode_base64(const char* str, uint8_t* res, size_t res_size)
+{
+	struct base64_decode_ctx ctx;
+	uint8_t* lim = res + res_size;
+
+	base64_decode_init(&ctx);
+
+	for(; *str != '\0' && res < lim; ++str) {
+		int r = base64_decode_single(&ctx, res, *str);
+		if (r == -1 )
+			return GETDNS_RETURN_GENERIC_ERROR;
+		res += r;
+	}
+	return (res == lim) ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR;
+}

src/gnutls/tls-internal.h

@@ -0,0 +1,97 @@
+/**
+ *
+ * \file tls-internal.h
+ * @brief getdns TLS implementation-specific items
+ */
+
+/*
+ * Copyright (c) 2018-2019, NLnet Labs
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _GETDNS_TLS_INTERNAL_H
+#define _GETDNS_TLS_INTERNAL_H
+
+#include <stdbool.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+#include <gnutls/dane.h>
+
+#include "getdns/getdns.h"
+
+#define SHA_DIGEST_LENGTH	20
+#define SHA224_DIGEST_LENGTH	28
+#define SHA256_DIGEST_LENGTH	32
+#define SHA384_DIGEST_LENGTH	48
+#define SHA512_DIGEST_LENGTH	64
+
+#define GETDNS_TLS_MAX_DIGEST_LENGTH	(SHA512_DIGEST_LENGTH)
+
+#define HAVE_TLS_CTX_CURVES_LIST	0
+#define HAVE_TLS_CONN_CURVES_LIST	0
+
+/* Forward declare type. */
+struct getdns_log_config;
+
+typedef struct _getdns_tls_context {
+	struct mem_funcs* mfs;
+	char* cipher_list;
+	char* cipher_suites;
+	char* curve_list;
+	gnutls_protocol_t min_tls;
+	gnutls_protocol_t max_tls;
+	char* ca_trust_file;
+	char* ca_trust_path;
+	const struct getdns_log_config* log;
+} _getdns_tls_context;
+
+typedef struct _getdns_tls_connection {
+	gnutls_session_t tls;
+	gnutls_certificate_credentials_t cred;
+	int shutdown;
+	_getdns_tls_context* ctx;
+	struct mem_funcs* mfs;
+	char* cipher_list;
+	char* cipher_suites;
+	char* curve_list;
+	gnutls_protocol_t min_tls;
+	gnutls_protocol_t max_tls;
+	dane_query_t dane_query;
+	dane_state_t dane_state;
+	char* tlsa;
+	const struct getdns_log_config* log;
+} _getdns_tls_connection;
+
+typedef struct _getdns_tls_session {
+	gnutls_datum_t tls;
+} _getdns_tls_session;
+
+typedef struct _getdns_tls_x509
+{
+	gnutls_datum_t tls;
+} _getdns_tls_x509;
+
+#endif /* _GETDNS_TLS_INTERNAL_H */

src/gnutls/tls.c

@@ -0,0 +1,894 @@
+/**
+ *
+ * \file tls.c
+ * @brief getdns TLS functions
+ */
+
+/*
+ * Copyright (c) 2018-2020, NLnet Labs
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+ * * Neither the names of the copyright holders nor the
+ *   names of its contributors may be used to endorse or promote products
+ *   derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL Verisign, Inc. BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <gnutls/x509.h>
+
+#include "config.h"
+
+#include "debug.h"
+#include "context.h"
+
+#include "tls.h"
+
+/*
+ * Cipher suites recommended in RFC7525.
+ *
+ * The following strings generate a list with the same ciphers that are
+ * generated by the equivalent string in the OpenSSL version of this file.
+ */
+static char const * const _getdns_tls_context_default_cipher_list =
+	"+ECDHE-RSA:+ECDHE-ECDSA:+AEAD";
+
+static char const * const _getdns_tls_context_default_cipher_suites =
+	"+AES-256-GCM:+AES-128-GCM:+CHACHA20-POLY1305";
+
+static char const * const _getdns_tls_connection_opportunistic_cipher_list =
+	"NORMAL";
+
+static char const * const _getdns_tls_priorities[] = {
+	NULL,			/* No protocol */
+	NULL,		/* SSL3 - no available keyword. */
+	"+VERS-TLS1.0",	/* TLS1.0 */
+	"+VERS-TLS1.1",	/* TLS1.1 */
+	"+VERS-TLS1.2",	/* TLS1.2 */
+	"+VERS-TLS1.3",	/* TLS1.3 */
+};
+
+static char* getdns_strdup(struct mem_funcs* mfs, const char* s)
+{
+	char* res;
+
+	if (!s)
+		return NULL;
+
+	res = GETDNS_XMALLOC(*mfs, char, strlen(s) + 1);
+	if (!res)
+		return NULL;
+	strcpy(res, s);
+	return res;
+}
+
+static char* getdns_priappend(struct mem_funcs* mfs, char* s1, const char* s2)
+{
+	char* res;
+
+	if (!s1)
+		return getdns_strdup(mfs, s2);
+	if (!s2)
+		return s1;
+
+	res = GETDNS_XMALLOC(*mfs, char, strlen(s1) + strlen(s2) + 2);
+	if (!res)
+		return NULL;
+	strcpy(res, s1);
+	strcat(res, ":");
+	strcat(res, s2);
+	GETDNS_FREE(*mfs, s1);
+	return res;
+}
+
+static int set_connection_ciphers(_getdns_tls_connection* conn)
+{
+	char* pri = NULL;
+	int res;
+
+	pri = getdns_priappend(conn->mfs, pri, "NONE:+COMP-ALL:+SIGN-ALL"
+	    /* Remove all the weak ones */
+	    ":-SIGN-RSA-MD5"
+	    ":-SIGN-RSA-SHA1:-SIGN-RSA-SHA224:-SIGN-RSA-SHA256"
+	    ":-SIGN-DSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256"
+#if GNUTLS_VERSION_NUMBER >= 0x030505
+	    ":-SIGN-ECDSA-SHA1:-SIGN-ECDSA-SHA224:-SIGN-ECDSA-SHA256"
+#endif
+#if GNUTLS_VERSION_NUMBER >= 0x030601
+	    ":-SIGN-RSA-PSS-SHA256"
+#endif
+	);
+
+	if (conn->cipher_suites)
+		pri = getdns_priappend(conn->mfs, pri, conn->cipher_suites);
+	else if (conn->ctx->cipher_suites)
+		pri = getdns_priappend(conn->mfs, pri, conn->ctx->cipher_suites);
+
+	if (conn->cipher_list)
+		pri = getdns_priappend(conn->mfs, pri, conn->cipher_list);
+	else if (conn->ctx->cipher_list)
+		pri = getdns_priappend(conn->mfs, pri, conn->ctx->cipher_list);
+
+	if (conn->curve_list)
+		pri = getdns_priappend(conn->mfs, pri, conn->curve_list);
+	else if (conn->ctx->curve_list)
+		pri = getdns_priappend(conn->mfs, pri, conn->ctx->curve_list);
+	else
+#if GNUTLS_VERSION_NUMBER >= 0x030605
+		pri = getdns_priappend(conn->mfs, pri, "+GROUP-EC-ALL");
+#else
+		pri = getdns_priappend(conn->mfs, pri, "+CURVE-ALL");
+#endif
+
+	gnutls_protocol_t min = conn->min_tls;
+	gnutls_protocol_t max = conn->max_tls;
+	if (!min) min = conn->ctx->min_tls;
+	if (!max) max = conn->ctx->max_tls;
+
+	if (!min && !max) {
+		pri = getdns_priappend(conn->mfs, pri, "+VERS-TLS-ALL");
+	} else {
+		if (!max) max = GNUTLS_TLS_VERSION_MAX;
+
+		for (gnutls_protocol_t i = min; i <= max; ++i)
+			pri = getdns_priappend(conn->mfs, pri, _getdns_tls_priorities[i]);
+	}
+	if (pri) {
+		res = gnutls_priority_set_direct(conn->tls, pri, NULL);
+		_getdns_log(conn->log
+			    , GETDNS_LOG_UPSTREAM_STATS
+			    , (res == GNUTLS_E_SUCCESS ? GETDNS_LOG_DEBUG : GETDNS_LOG_ERR)
+			    , "%s: %s %s (%s)\n"
+			    , STUB_DEBUG_SETUP_TLS
+			    , "Configuring TLS connection with "
+			    , pri
+			    , gnutls_strerror(res));
+	}
+	else
+		res = gnutls_set_default_priority(conn->tls);
+	GETDNS_FREE(*conn->mfs, pri);
+
+	return res;
+}
+
+static getdns_return_t error_may_want_read_write(_getdns_tls_connection* conn, int err)
+{
+	switch (err) {
+	case GNUTLS_E_INTERRUPTED:
+	case GNUTLS_E_AGAIN:
+	case GNUTLS_E_WARNING_ALERT_RECEIVED:
+	case GNUTLS_E_GOT_APPLICATION_DATA:
+		if (gnutls_record_get_direction(conn->tls) == 0)
+			return GETDNS_RETURN_TLS_WANT_READ;
+		else
+			return GETDNS_RETURN_TLS_WANT_WRITE;
+	case GNUTLS_E_FATAL_ALERT_RECEIVED:
+		_getdns_log( conn->log
+		           , GETDNS_LOG_UPSTREAM_STATS, GETDNS_LOG_ERR
+		           , "%s %s %d (%s)\n"
+		           , STUB_DEBUG_SETUP_TLS
+		           , "Error in TLS handshake"
+		           , (int)gnutls_alert_get(conn->tls)
+			   , gnutls_alert_get_name(gnutls_alert_get(conn->tls))
+			   );
+		/* fallthrough */
+	default:
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+}
+
+static getdns_return_t get_gnu_mac_algorithm(int algorithm, gnutls_mac_algorithm_t* gnualg)
+{
+	switch (algorithm) {
+	case GETDNS_HMAC_MD5   : *gnualg = GNUTLS_MAC_MD5   ; break;
+	case GETDNS_HMAC_SHA1  : *gnualg = GNUTLS_MAC_SHA1  ; break;
+	case GETDNS_HMAC_SHA224: *gnualg = GNUTLS_MAC_SHA224; break;
+	case GETDNS_HMAC_SHA256: *gnualg = GNUTLS_MAC_SHA256; break;
+	case GETDNS_HMAC_SHA384: *gnualg = GNUTLS_MAC_SHA384; break;
+	case GETDNS_HMAC_SHA512: *gnualg = GNUTLS_MAC_SHA512; break;
+	default                : return GETDNS_RETURN_GENERIC_ERROR;
+	}
+
+	return GETDNS_RETURN_GOOD;
+}
+
+static gnutls_protocol_t _getdns_tls_version2gnutls_version(getdns_tls_version_t v)
+{
+	switch (v) {
+	case GETDNS_SSL3  : return GNUTLS_SSL3;
+	case GETDNS_TLS1  : return GNUTLS_TLS1;
+	case GETDNS_TLS1_1: return GNUTLS_TLS1_1;
+	case GETDNS_TLS1_2: return GNUTLS_TLS1_2;
+#if GNUTLS_VERSION_NUMBER >= 0x030605
+	case GETDNS_TLS1_3: return GNUTLS_TLS1_3;
+#endif
+	default           : return GNUTLS_TLS_VERSION_MAX;
+	}
+}
+
+static _getdns_tls_x509* _getdns_tls_x509_new(struct mem_funcs* mfs, gnutls_datum_t cert)
+{
+	_getdns_tls_x509* res;
+
+	res = GETDNS_MALLOC(*mfs, _getdns_tls_x509);
+	if (res)
+		res->tls = cert;
+
+	return res;
+}
+
+void _getdns_tls_init()
+{
+	gnutls_global_init();
+}
+
+_getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs, const getdns_log_config* log)
+{
+	_getdns_tls_context* res;
+
+	if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_context)))
+		return NULL;
+
+	res->mfs = mfs;
+	res->cipher_list = res->cipher_suites = res->curve_list = NULL;
+	res->min_tls = res->max_tls = 0;
+	res->ca_trust_file = NULL;
+	res->ca_trust_path = NULL;
+	res->log = log;
+
+	return res;
+}
+
+getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_context* ctx)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	GETDNS_FREE(*mfs, ctx->ca_trust_path);
+	GETDNS_FREE(*mfs, ctx->ca_trust_file);
+	GETDNS_FREE(*mfs, ctx->curve_list);
+	GETDNS_FREE(*mfs, ctx->cipher_suites);
+	GETDNS_FREE(*mfs, ctx->cipher_list);
+	GETDNS_FREE(*mfs, ctx);
+	return GETDNS_RETURN_GOOD;
+}
+
+void _getdns_tls_context_pinset_init(_getdns_tls_context* ctx)
+{
+	(void) ctx; /* unused parameter */
+}
+
+getdns_return_t _getdns_tls_context_set_min_max_tls_version(_getdns_tls_context* ctx, getdns_tls_version_t min, getdns_tls_version_t max)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+	ctx->min_tls = _getdns_tls_version2gnutls_version(min);
+	ctx->max_tls = _getdns_tls_version2gnutls_version(max);
+	return GETDNS_RETURN_GOOD;
+}
+
+const char* _getdns_tls_context_get_default_cipher_list()
+{
+	return _getdns_tls_context_default_cipher_list;
+}
+
+getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, const char* list)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (!list)
+		list = _getdns_tls_context_default_cipher_list;
+
+	GETDNS_FREE(*ctx->mfs, ctx->cipher_list);
+	ctx->cipher_list = getdns_strdup(ctx->mfs, list);
+	return GETDNS_RETURN_GOOD;
+}
+
+const char* _getdns_tls_context_get_default_cipher_suites()
+{
+	return _getdns_tls_context_default_cipher_suites;
+}
+
+getdns_return_t _getdns_tls_context_set_cipher_suites(_getdns_tls_context* ctx, const char* list)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (!list)
+		list = _getdns_tls_context_default_cipher_suites;
+
+	GETDNS_FREE(*ctx->mfs, ctx->cipher_suites);
+	ctx->cipher_suites = getdns_strdup(ctx->mfs, list);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	GETDNS_FREE(*ctx->mfs, ctx->curve_list);
+	ctx->curve_list = getdns_strdup(ctx->mfs, list);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_context_set_ca(_getdns_tls_context* ctx, const char* file, const char* path)
+{
+	if (!ctx)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	GETDNS_FREE(*ctx->mfs, ctx->ca_trust_file);
+	ctx->ca_trust_file = getdns_strdup(ctx->mfs, file);
+	GETDNS_FREE(*ctx->mfs, ctx->ca_trust_path);
+	ctx->ca_trust_path = getdns_strdup(ctx->mfs, path);
+	return GETDNS_RETURN_GOOD;
+}
+
+void _getdns_gnutls_stub_log(int level, const char *msg)
+{
+	DEBUG_STUB("GnuTLS log (%.2d): %s", level, msg);
+}
+
+_getdns_tls_connection* _getdns_tls_connection_new(struct mem_funcs* mfs, _getdns_tls_context* ctx, int fd, const getdns_log_config* log)
+{
+	_getdns_tls_connection* res;
+
+	if (!ctx)
+		return NULL;
+
+	if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_connection)))
+		return NULL;
+
+	res->shutdown = 0;
+	res->ctx = ctx;
+	res->mfs = mfs;
+	res->cred = NULL;
+	res->tls = NULL;
+	res->cipher_list = res->cipher_suites = res->curve_list = NULL;
+	res->min_tls = res->max_tls = 0;
+	res->dane_state = NULL;
+	res->dane_query = NULL;
+	res->tlsa = NULL;
+	res->log = log;
+
+	if (gnutls_certificate_allocate_credentials(&res->cred) != GNUTLS_E_SUCCESS)
+		goto failed;
+
+	if (!ctx->ca_trust_file && !ctx->ca_trust_path)
+		gnutls_certificate_set_x509_system_trust(res->cred);
+	else {
+		if (ctx->ca_trust_file)
+			gnutls_certificate_set_x509_trust_file(res->cred, ctx->ca_trust_file, GNUTLS_X509_FMT_PEM);
+		if (ctx->ca_trust_path)
+			gnutls_certificate_set_x509_trust_dir(res->cred, ctx->ca_trust_path, GNUTLS_X509_FMT_PEM);
+	}
+
+	gnutls_global_set_log_level(99);
+	gnutls_global_set_log_function(_getdns_gnutls_stub_log);
+	if (gnutls_init(&res->tls, GNUTLS_CLIENT | GNUTLS_NONBLOCK | GNUTLS_NO_SIGNAL) != GNUTLS_E_SUCCESS)
+		goto failed;
+	if (set_connection_ciphers(res) != GNUTLS_E_SUCCESS) {
+
+		goto failed;
+	}
+	if (gnutls_credentials_set(res->tls, GNUTLS_CRD_CERTIFICATE, res->cred) != GNUTLS_E_SUCCESS)
+		goto failed;
+	if (dane_state_init(&res->dane_state, DANE_F_IGNORE_DNSSEC) != DANE_E_SUCCESS)
+		goto failed;
+
+	gnutls_datum_t proto;
+	proto.data = (unsigned char *)"dot";
+	proto.size = 3;
+	if (gnutls_alpn_set_protocols(res->tls, &proto, 1, 0) != GNUTLS_E_SUCCESS)
+		goto failed;
+
+	gnutls_transport_set_int(res->tls, fd);
+	return res;
+
+failed:
+	_getdns_tls_connection_free(mfs, res);
+	return NULL;
+}
+
+getdns_return_t _getdns_tls_connection_free(struct mem_funcs* mfs, _getdns_tls_connection* conn)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (conn->dane_query)
+		dane_query_deinit(conn->dane_query);
+	if (conn->dane_state)
+		dane_state_deinit(conn->dane_state);
+	if (conn->tls)
+		gnutls_deinit(conn->tls);
+	if (conn->cred)
+		gnutls_certificate_free_credentials(conn->cred);
+	GETDNS_FREE(*mfs, conn->tlsa);
+	GETDNS_FREE(*mfs, conn->curve_list);
+	GETDNS_FREE(*mfs, conn->cipher_suites);
+	GETDNS_FREE(*mfs, conn->cipher_list);
+	GETDNS_FREE(*mfs, conn);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_connection_shutdown(_getdns_tls_connection* conn)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (conn->shutdown == 0) {
+		gnutls_bye(conn->tls, GNUTLS_SHUT_WR);
+		conn->shutdown++;
+	} else {
+		gnutls_bye(conn->tls, GNUTLS_SHUT_RDWR);
+		conn->shutdown++;
+	}
+
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_connection_set_min_max_tls_version(_getdns_tls_connection* conn, getdns_tls_version_t min, getdns_tls_version_t max)
+{
+	if (!conn)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+	conn->min_tls = _getdns_tls_version2gnutls_version(min);
+	conn->max_tls = _getdns_tls_version2gnutls_version(max);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_connection_set_cipher_list(_getdns_tls_connection* conn, const char* list)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (!list)
+		list = _getdns_tls_connection_opportunistic_cipher_list;
+
+	GETDNS_FREE(*conn->mfs, conn->cipher_list);
+	conn->cipher_list = getdns_strdup(conn->mfs, list);
+	if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
+		return GETDNS_RETURN_GOOD;
+	else
+		return GETDNS_RETURN_GENERIC_ERROR;
+}
+
+getdns_return_t _getdns_tls_connection_set_cipher_suites(_getdns_tls_connection* conn, const char* list)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	GETDNS_FREE(*conn->mfs, conn->cipher_list);
+	conn->cipher_suites = getdns_strdup(conn->mfs, list);
+	if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
+		return GETDNS_RETURN_GOOD;
+	else
+		return GETDNS_RETURN_GENERIC_ERROR;
+}
+
+getdns_return_t _getdns_tls_connection_set_curves_list(_getdns_tls_connection* conn, const char* list)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	GETDNS_FREE(*conn->mfs, conn->curve_list);
+	conn->curve_list = getdns_strdup(conn->mfs, list);
+	if (set_connection_ciphers(conn) == GNUTLS_E_SUCCESS)
+		return GETDNS_RETURN_GOOD;
+	else
+		return GETDNS_RETURN_GENERIC_ERROR;
+}
+
+getdns_return_t _getdns_tls_connection_set_session(_getdns_tls_connection* conn, _getdns_tls_session* s)
+{
+	int r;
+
+	if (!conn || !conn->tls || !s)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	r = gnutls_session_set_data(conn->tls, s->tls.data, s->tls.size);
+	if (r != GNUTLS_E_SUCCESS)
+		return GETDNS_RETURN_GENERIC_ERROR;
+	return GETDNS_RETURN_GOOD;
+}
+
+_getdns_tls_session* _getdns_tls_connection_get_session(struct mem_funcs* mfs, _getdns_tls_connection* conn)
+{
+	_getdns_tls_session* res;
+	int r;
+
+	if (!conn || !conn->tls)
+		return NULL;
+
+	if (!(res = GETDNS_MALLOC(*mfs, struct _getdns_tls_session)))
+		return NULL;
+
+	r = gnutls_session_get_data2(conn->tls, &res->tls);
+	if (r != GNUTLS_E_SUCCESS) {
+		GETDNS_FREE(*mfs, res);
+		return NULL;
+	}
+
+	return res;
+}
+
+const char* _getdns_tls_connection_get_version(_getdns_tls_connection* conn)
+{
+	if (!conn || !conn->tls)
+		return NULL;
+
+	return gnutls_protocol_get_name(gnutls_protocol_get_version(conn->tls));
+}
+
+getdns_return_t _getdns_tls_connection_do_handshake(_getdns_tls_connection* conn)
+{
+	int r;
+
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	r = gnutls_handshake(conn->tls);
+	if (r == GNUTLS_E_SUCCESS) {
+		return GETDNS_RETURN_GOOD;
+	}
+	else
+		return error_may_want_read_write(conn, r);
+}
+
+_getdns_tls_x509* _getdns_tls_connection_get_peer_certificate(struct mem_funcs* mfs, _getdns_tls_connection* conn)
+{
+	const gnutls_datum_t *cert_list;
+	unsigned int cert_list_size;
+
+	if (!conn || !conn->tls)
+		return NULL;
+
+	cert_list = gnutls_certificate_get_peers(conn->tls, &cert_list_size);
+	if (cert_list == NULL)
+		return NULL;
+
+	return _getdns_tls_x509_new(mfs, *cert_list);
+}
+
+getdns_return_t _getdns_tls_connection_is_session_reused(_getdns_tls_connection* conn)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	if (gnutls_session_is_resumed(conn->tls) != 0)
+		return GETDNS_RETURN_GOOD;
+	else
+		return GETDNS_RETURN_TLS_CONNECTION_FRESH;
+}
+
+getdns_return_t _getdns_tls_connection_setup_hostname_auth(_getdns_tls_connection* conn, const char* auth_name)
+{
+	int r;
+
+	if (!conn || !conn->tls || !auth_name)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	r = gnutls_server_name_set(conn->tls, GNUTLS_NAME_DNS, auth_name, strlen(auth_name));
+	if (r != GNUTLS_E_SUCCESS)
+		return GETDNS_RETURN_GENERIC_ERROR;
+
+	gnutls_session_set_verify_cert(conn->tls, auth_name, 0);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_connection_set_host_pinset(_getdns_tls_connection* conn, const char* auth_name, const sha256_pin_t* pinset)
+{
+	int r;
+
+	if (!conn || !conn->tls || !auth_name)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	size_t npins = 0;
+	for (const sha256_pin_t* pin = pinset; pin; pin = pin->next)
+		npins++;
+
+	GETDNS_FREE(*conn->mfs, conn->tlsa);
+	conn->tlsa = GETDNS_XMALLOC(*conn->mfs, char, npins * (SHA256_DIGEST_LENGTH + 3) * 2);
+	if (!conn->tlsa)
+		return GETDNS_RETURN_GENERIC_ERROR;
+
+	char** dane_data = GETDNS_XMALLOC(*conn->mfs, char*, npins * 2 + 1);
+	if (!dane_data)
+		return GETDNS_RETURN_GENERIC_ERROR;
+	int* dane_data_len = GETDNS_XMALLOC(*conn->mfs, int, npins * 2 + 1);
+	if (!dane_data_len) {
+		GETDNS_FREE(*conn->mfs, dane_data);
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+
+	char** dane_p = dane_data;
+	int* dane_len_p = dane_data_len;
+	char* p = conn->tlsa;
+	for (const sha256_pin_t* pin = pinset; pin; pin = pin->next) {
+		*dane_p++ = p;
+		*dane_len_p++ = SHA256_DIGEST_LENGTH + 3;
+		p[0] = DANE_CERT_USAGE_LOCAL_CA;
+		p[1] = DANE_CERT_PK;
+		p[2] = DANE_MATCH_SHA2_256;
+		memcpy(&p[3], pin->pin, SHA256_DIGEST_LENGTH);
+		p += SHA256_DIGEST_LENGTH + 3;
+
+		*dane_p++ = p;
+		*dane_len_p++ = SHA256_DIGEST_LENGTH + 3;
+		p[0] = DANE_CERT_USAGE_LOCAL_EE;
+		p[1] = DANE_CERT_PK;
+		p[2] = DANE_MATCH_SHA2_256;
+		memcpy(&p[3], pin->pin, SHA256_DIGEST_LENGTH);
+		p += SHA256_DIGEST_LENGTH + 3;
+	}
+	*dane_p = NULL;
+
+	if (conn->dane_query)
+		dane_query_deinit(conn->dane_query);
+	r = dane_raw_tlsa(conn->dane_state, &conn->dane_query, dane_data, dane_data_len, 0, 0);
+	GETDNS_FREE(*conn->mfs, dane_data_len);
+	GETDNS_FREE(*conn->mfs, dane_data);
+
+	return (r == DANE_E_SUCCESS) ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR;
+}
+
+getdns_return_t _getdns_tls_connection_certificate_verify(_getdns_tls_connection* conn, long* errnum, const char** errmsg)
+{
+	if (!conn || !conn->tls)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	/* If no pinset, no DANE info to check. */
+	if (!conn->dane_query)
+		return GETDNS_RETURN_GOOD;
+
+	/* Most of the internals of dane_verify_session_crt() */
+
+	const gnutls_datum_t* cert_list;
+	unsigned int cert_list_size = 0;
+	unsigned int type;
+	int ret;
+	const gnutls_datum_t* cl;
+	gnutls_datum_t* new_cert_list = NULL;
+	int clsize;
+	unsigned int verify;
+
+	cert_list = gnutls_certificate_get_peers(conn->tls, &cert_list_size);
+	if (cert_list_size == 0) {
+		*errnum = 1;
+		*errmsg = "No peer certificate";
+		return GETDNS_RETURN_GENERIC_ERROR;
+        }
+	cl = cert_list;
+
+        type = gnutls_certificate_type_get(conn->tls);
+
+        /* this list may be incomplete, try to get the self-signed CA if any */
+        if (cert_list_size > 0) {
+                gnutls_x509_crt_t crt, ca;
+                gnutls_certificate_credentials_t sc;
+
+                ret = gnutls_x509_crt_init(&crt);
+                if (ret < 0)
+                        goto failsafe;
+
+                ret = gnutls_x509_crt_import(crt, &cert_list[cert_list_size-1], GNUTLS_X509_FMT_DER);
+                if (ret < 0) {
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+
+                /* if it is already self signed continue normally */
+                ret = gnutls_x509_crt_check_issuer(crt, crt);
+                if (ret != 0) {
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+
+                /* chain does not finish in a self signed cert, try to obtain the issuer */
+                ret = gnutls_credentials_get(conn->tls, GNUTLS_CRD_CERTIFICATE, (void**)&sc);
+                if (ret < 0) {
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+
+                ret = gnutls_certificate_get_issuer(sc, crt, &ca, 0);
+                if (ret < 0) {
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+
+                /* make the new list */
+                new_cert_list = GETDNS_XMALLOC(*conn->mfs, gnutls_datum_t, cert_list_size + 1);
+                if (new_cert_list == NULL) {
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+
+                memcpy(new_cert_list, cert_list, cert_list_size*sizeof(gnutls_datum_t));
+		cl = new_cert_list;
+
+                ret = gnutls_x509_crt_export2(ca, GNUTLS_X509_FMT_DER, &new_cert_list[cert_list_size]);
+                if (ret < 0) {
+                        GETDNS_FREE(*conn->mfs, new_cert_list);
+                        gnutls_x509_crt_deinit(crt);
+                        goto failsafe;
+                }
+	}
+
+failsafe:
+
+	clsize = cert_list_size;
+	if (cl == new_cert_list)
+		clsize += 1;
+
+	ret = dane_verify_crt_raw(conn->dane_state, cl, clsize, type, conn->dane_query, 0, 0, &verify);
+
+	if (new_cert_list) {
+		gnutls_free(new_cert_list[cert_list_size].data);
+		GETDNS_FREE(*conn->mfs, new_cert_list);
+	}
+
+	if (ret != DANE_E_SUCCESS) {
+		*errnum = ret;
+		*errmsg = dane_strerror(ret);
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+
+	if (verify != 0) {
+		if (verify & DANE_VERIFY_CERT_DIFFERS) {
+			*errnum = 3;
+			*errmsg = "Pinset validation: Certificate differs";
+		} else if (verify &  DANE_VERIFY_CA_CONSTRAINTS_VIOLATED) {
+			*errnum = 2;
+			*errmsg = "Pinset validation: CA constraints violated";
+		} else {
+			*errnum = 4;
+			*errmsg = "Pinset validation: Unknown DANE info";
+		}
+		return GETDNS_RETURN_GENERIC_ERROR;
+	}
+
+	return GETDNS_RETURN_GOOD;
+}
+
+
+getdns_return_t _getdns_tls_connection_read(_getdns_tls_connection* conn, uint8_t* buf, size_t to_read, size_t* read)
+{
+	ssize_t sread;
+
+	if (!conn || !conn->tls || !read)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	sread = gnutls_record_recv(conn->tls, buf, to_read);
+	if (sread < 0)
+		return error_may_want_read_write(conn, sread);
+
+	*read = sread;
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_connection_write(_getdns_tls_connection* conn, uint8_t* buf, size_t to_write, size_t* written)
+{
+	int swritten;
+
+	if (!conn || !conn->tls || !written)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+
+	swritten = gnutls_record_send(conn->tls, buf, to_write);
+	if (swritten < 0)
+		return error_may_want_read_write(conn, swritten);
+
+	*written = swritten;
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_session_free(struct mem_funcs* mfs, _getdns_tls_session* s)
+{
+	if (!s)
+		return GETDNS_RETURN_INVALID_PARAMETER;
+	if (s->tls.data)
+		gnutls_free(s->tls.data);
+	GETDNS_FREE(*mfs, s);
+	return GETDNS_RETURN_GOOD;
+}
+
+getdns_return_t _getdns_tls_get_api_information(getdns_dict* dict)
+{
+	if (! getdns_dict_set_int(
+	    dict, "gnutls_version_number", GNUTLS_VERSION_NUMBER)
+
+	    && ! getdns_dict_util_set_string(
+	    dict, "gnutls_version_string", GNUTLS_VERSION)
+		)
+		return GETDNS_RETURN_GOOD;
+	return GETDNS_RETURN_GENERIC_ERROR;
+}
+
+void _getdns_tls_x509_free(struct mem_funcs* mfs, _getdns_tls_x509* cert)
+{
+	if (cert)
+		GETDNS_FREE(*mfs, cert);
+}
+
+int _getdns_tls_x509_to_der(struct mem_funcs* mfs, _getdns_tls_x509* cert, getdns_bindata* bindata)
+{
+	gnutls_x509_crt_t crt;
+	size_t s;
+
+	if (!cert || gnutls_x509_crt_init(&crt) != GNUTLS_E_SUCCESS)
+		return 0;
+
+	gnutls_x509_crt_import(crt, &cert->tls, GNUTLS_X509_FMT_DER);
+	gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, NULL, &s);
+
+	if (!bindata) {
+		gnutls_x509_crt_deinit(crt);
+		return s;
+	}
+
+	bindata->data = GETDNS_XMALLOC(*mfs, uint8_t, s);
+	if (!bindata->data) {
+		gnutls_x509_crt_deinit(crt);
+		return 0;
+	}
+
+	gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_DER, bindata->data, &s);
+	bindata->size = s;
+	gnutls_x509_crt_deinit(crt);
+	return s;
+}
+
+unsigned char* _getdns_tls_hmac_hash(struct mem_funcs* mfs, int algorithm, const void* key, size_t key_size, const void* data, size_t data_size, size_t* output_size)
+{
+	gnutls_mac_algorithm_t alg;
+	unsigned int md_len;
+	unsigned char* res;
+
+	if (get_gnu_mac_algorithm(algorithm, &alg) != GETDNS_RETURN_GOOD)
+		return NULL;
+
+	md_len = gnutls_hmac_get_len(alg);
+	res = (unsigned char*) GETDNS_XMALLOC(*mfs, unsigned char, md_len);
+	if (!res)
+		return NULL;
+
+	(void) gnutls_hmac_fast(alg, key, key_size, data, data_size, res);
+
+	if (output_size)
+		*output_size = md_len;
+	return res;
+}
+
+void _getdns_tls_sha1(const void* data, size_t data_size, unsigned char* buf)
+{
+	gnutls_hash_fast(GNUTLS_DIG_SHA1, data, data_size, buf);
+}
+
+void _getdns_tls_cookie_sha256(uint32_t secret, void* addr, size_t addrlen, unsigned char* buf, size_t* buflen)
+{
+	gnutls_hash_hd_t digest;
+
+	gnutls_hash_init(&digest, GNUTLS_DIG_SHA256);
+	gnutls_hash(digest, &secret, sizeof(secret));
+	gnutls_hash(digest, addr, addrlen);
+	gnutls_hash_deinit(digest, buf);
+	*buflen = gnutls_hash_get_len(GNUTLS_DIG_SHA256);
+}
+
+/* tls.c */