Florian Obser
bdd245ff7d
Make log_ident_revert_to_default() a proper prototype.
...
Pointed out by clang with -Wstrict-prototypes.
2020-03-20 11:44:38 +01:00
Ralph Dolmans
4504dd3737
- Log warning when using outgoing-port-permit and outgoing-port-avoid
...
while explicit port randomisation is disabled.
2020-03-19 17:34:46 +01:00
Ralph Dolmans
2c03028fa3
- Fix #158 : open tls-session-ticket-keys as binary, for Windows. By Daisuke
...
HIGASHI.
2020-03-19 14:00:33 +01:00
Jeffrey Walton
6ab0db6e25
Fix NetBSD compile (GH #189 )
2020-03-11 03:35:28 -04:00
W.C.A. Wijngaards
614ed2717b
Merge branch 'master' into framestreams
...
Fixed bison and flex conflicts by regenerating the files.
2020-02-28 14:31:24 +01:00
W.C.A. Wijngaards
e13dfc743d
For incoming ssl context with verifypem != NULL, we can set
...
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
b63032b4dd
dnstap io, fixup fptr_wlist for unbound_dnstap_socket tool.
2020-02-28 08:55:10 +01:00
W.C.A. Wijngaards
5b61afd38c
Return 0 when ssl authentication is not available
2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145
Fixup ssl authentication not available with check for it.
2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
f03245c362
Document log check functions.
2020-02-27 16:28:36 +01:00
W.C.A. Wijngaards
f469049198
- iana portlist updated.
2020-02-26 14:32:14 +01:00
W.C.A. Wijngaards
6a51e9e037
Add dnstap io callbacks to fptr whitelist event.
2020-02-26 12:14:52 +01:00
W.C.A. Wijngaards
318d4e91cc
- Fix #165 : Add prefer-ip4: yesno config option to prefer ipv4 for
...
using ipv4 filters, because the hosts ip6 netblock /64 is not owned
by one operator, and thus reputation is shared.
2020-02-25 09:55:59 +01:00
W.C.A. Wijngaards
184f26355a
Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and
...
Merge branch 'master' into framestreams
2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457
dnstap io, fix to compile without ssl.
2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
6d1b4e050d
dnstap io, dnstap tls default is yes, and man page documentation.
2020-02-14 10:01:37 +01:00
W.C.A. Wijngaards
00700bbe13
dnstap io, config entries parse and lex.
2020-02-14 09:40:37 +01:00
W.C.A. Wijngaards
78e6060858
dnstap io, example.conf example, config_file entries for tcp and tls.
2020-02-14 09:03:09 +01:00
W.C.A. Wijngaards
25a88d6d54
dnstap io, check peer verification in dtstream dtio_ssl_handshake.
2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
e5e72eb398
Merge branch 'master' into framestreams
2020-02-12 11:58:01 +01:00
W.C.A. Wijngaards
2916cfb3b0
- Fix with libnettle make test with dsa disabled.
2020-02-12 11:15:24 +01:00
George Thessalonikefs
da2bda6f4d
- Clean debug comments.
2020-02-10 15:54:41 +01:00
George Thessalonikefs
adda4f6ace
- Fix use after free on log-identity after a reload; Fixes #163 .
2020-02-10 13:56:22 +01:00
W.C.A. Wijngaards
ad180402ea
dnstap io, set tls auth name in outgoing ssl
2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
58fdcf06e8
Merge branch 'master' into framestreams
2020-02-05 14:25:47 +01:00
gthess
f7fe95ad7b
Serve stale ( #159 )
...
- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes #107 .
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
2020-02-05 14:20:27 +01:00
W.C.A. Wijngaards
dc31cf3652
dnstap unbound-dnstap-sock, read from TLS.
2020-01-31 14:03:28 +01:00
W.C.A. Wijngaards
7495b25f94
- Fix fclose on error in TLS session ticket code.
2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65
- Stop working on socket when socket() call returns an error.
...
- Check malloc return values in TLS session ticket code
2020-01-30 19:15:58 +01:00
Ralph Dolmans
056176ec9a
Merge branch 'master' into rpz
2020-01-30 15:57:34 +01:00
Ralph Dolmans
88a706acf8
- Add extra dnamelen checks to ipdnametoaddr and netblockdnametoaddr
2020-01-29 15:16:44 +01:00
Ralph Dolmans
1d9185229e
- Make dname_has_label's dnamelen check work with 0 length
2020-01-29 11:30:22 +01:00
W.C.A. Wijngaards
6c0a863584
- Fix to silence the tls handshake errors for broken pipe and reset
...
by peer, unless verbosity is set to 2 or higher.
2020-01-28 14:32:06 +01:00
W.C.A. Wijngaards
f6287fc718
- iana portlist updated.
2020-01-28 12:25:37 +01:00
Steven Chamberlain
f6b4f2a149
Allow use of libbsd functions with configure option --with-libbsd
...
Add a new configure option `--with-libbsd', which allows to use libbsd's
portable implementations of:
strlcpy strlcat arc4random arc4random_uniform reallocarray
instead of the embedded code copies in contrib/, which will be
difficult to maintain in the long term.
Also patch util/random.c so that, when building with libbsd and without
OpenSSL, arc4random can still be used as the PRNG. Otherwise, building
with libnettle would need a kernel-specific getentropy implementation,
and libbsd does not export one.
[edmonds@debian.org: Imported patch description from BTS, refreshed
patch against Unbound 1.9.6.]
2020-01-26 19:09:43 -05:00
Ralph Dolmans
bda4c4a375
- improve dname_has_label(), add unit test
2020-01-16 17:50:44 +01:00
Ralph Dolmans
72c4c6b30c
- Fix the dname_has_label fix
2020-01-16 01:36:07 +01:00
Ralph Dolmans
9877e52161
Merge branch 'master' of github.com:NLnetLabs/unbound into rpz
2020-01-15 23:44:10 +01:00
Ralph Dolmans
627285af23
- Fix faulty assert
2020-01-15 23:19:24 +01:00
Ralph Dolmans
344f12dd99
- fix compiler warnings
2020-01-15 23:03:44 +01:00
Ralph Dolmans
14913d75c0
- processed RPZ review feedback
...
- fix potential locking issue
- add extra out of bound checks
2020-01-15 22:45:29 +01:00
W.C.A. Wijngaards
ea26e5038e
- Fix for memory leak when edns subnet config options are read when
...
compiled without edns subnet support.
2020-01-14 15:48:27 +01:00
W.C.A. Wijngaards
e149bc7046
- Fix unreachable code in ssl set options code.
2020-01-10 11:28:01 +01:00
Ralph Dolmans
2abaca7a49
- Fix dname_has_label() code review changes
2019-12-23 17:35:11 +01:00
Ralph Dolmans
ae4f6a259b
Proccess more review feedback
2019-12-23 16:02:43 +01:00
Florian Obser
0a499ec2ee
Fix typo to let serve-expired-ttl work with ub_ctx_set_option().
2019-12-10 18:03:24 +01:00
W.C.A. Wijngaards
6c3a0b54ed
- Fix Out of Bound Write Compressed Names in rdata_copy(),
...
reported by X41 D-Sec.
2019-12-03 16:18:47 +01:00
W.C.A. Wijngaards
2d444a5037
- Fix Insufficient Handling of Compressed Names in dname_pkt_copy(),
...
reported by X41 D-Sec.
2019-12-03 16:17:03 +01:00
W.C.A. Wijngaards
d2eb78e871
- Fix Assert Causing DoS in dname_pkt_copy(),
...
reported by X41 D-Sec.
2019-12-03 15:20:48 +01:00
Wouter Wijngaards
4edb16296b
Merge pull request #124 from rmetrich/basic_loglock
...
Changed log lock from 'quick' to 'basic' because this is an I/O lock.
2019-12-03 10:03:24 +01:00