Ralph Dolmans
eb799026ff
Replace edns-client-tag with edns-client-string option
2020-09-30 23:17:53 +02:00
Ralph Dolmans
7da369e85a
- Add edns-client-tag-opcode option
2020-09-23 12:09:48 +02:00
W.C.A. Wijngaards
47a5dc8cae
- Refactor to use sock_strerr shorthand function.
2020-08-31 09:12:01 +02:00
W.C.A. Wijngaards
a6dc0743b4
- Merge PR #293 : Add missing prototype. Also refactor to use the new
...
shorthand function to clean up the code.
2020-08-31 08:41:34 +02:00
Ralph Dolmans
2fe398f4bf
EDNS client tags - insert configured tags into tree
2020-07-24 16:00:13 +02:00
Ralph Dolmans
16029281a8
Start of EDNS client tags implementation.
2020-07-23 17:17:44 +02:00
gthess
334498d9b9
Merge pull request #221 from NLnetLabs/more-SNI
...
More SNI support on TLS
2020-04-17 11:37:47 +02:00
George Thessalonikefs
e430e95d30
- Add SNI support on more TLS connections ( fixes #193 ).
...
- Add SNI support to unbound-anchor.
2020-04-16 14:39:05 +02:00
George Thessalonikefs
e18ab07c62
- Add doxygen documentation for DSCP.
2020-04-16 13:58:35 +02:00
Yaroslav K
cfddbcb5be
add setting IP DiffServ Codepoint (DSCP, previously TOS) on sockets
2020-03-23 19:37:43 +00:00
Ralph Dolmans
87474563ff
Merge branch 'kernel-random-port' of https://github.com/fobser/unbound into fobser-kernel-random-port
2020-03-19 15:48:12 +01:00
Florian Obser
5aaa5e253d
Allow the kernel to provide random source ports.
...
On some operating systems, for example OpenBSD since some decades, the
kernel binds to a random source port if asked for any port (port
number 0). There is no need to replicate this functionality in
userland.
2020-02-20 14:54:06 +01:00
W.C.A. Wijngaards
184f26355a
Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and
...
Merge branch 'master' into framestreams
2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
6accd3d681
- protect X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS with ifdef for
...
different openssl versions.
2020-02-18 08:31:38 +01:00
W.C.A. Wijngaards
b4f055effc
Merge branch 'master' into framestreams
2020-02-17 15:25:47 +01:00
George Thessalonikefs
4b354d38c1
- Remove unused variable.
2020-02-17 12:56:20 +01:00
W.C.A. Wijngaards
465af58457
dnstap io, fix to compile without ssl.
2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
ad180402ea
dnstap io, set tls auth name in outgoing ssl
2020-02-05 16:17:21 +01:00
Ralph Dolmans
810862dc65
- Stop working on socket when socket() call returns an error.
...
- Check malloc return values in TLS session ticket code
2020-01-30 19:15:58 +01:00
W.C.A. Wijngaards
554e4a939c
- Fix fix for #78 to also free service callback struct.
2019-09-19 10:03:47 +02:00
W.C.A. Wijngaards
1a4eaaabc5
- Fix #78 : Memory leak in outside_network.c.
2019-09-19 09:11:23 +02:00
Wouter Wijngaards
f5a197f96e
Update services/outside_network.c
...
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
2019-04-29 11:25:45 +02:00
Wouter Wijngaards
a9c8d00d63
Update services/outside_network.c
...
Co-Authored-By: wtoorop <willem@nlnetlabs.nl>
2019-04-29 11:25:04 +02:00
W.C.A. Wijngaards
6ce60bcb61
Fixup fd pass.
2019-04-29 10:40:12 +02:00
W.C.A. Wijngaards
af11b54071
Review changes for the XoT branch
...
With doc, SSL setup function, and function parameter doc.
2019-04-29 10:25:19 +02:00
Willem Toorop
92121f7878
Report XoT failure as XoT failure, not https
2019-04-03 12:41:14 +02:00
Willem Toorop
48ad6477eb
AXFR over TLS
...
Enable by specifying an auth name, like this:
```
auth-zone:
name: nlnetlabs.nl
master: 185.49.140.60#ns.nlnetlabs.nl
```
2019-03-24 10:43:57 +01:00
Wouter Wijngaards
bb5251da66
- Add log message, at verbosity 4, that says the query is encrypted
...
with TLS, if that is enabled for the query.
git-svn-id: file:///svn/unbound/trunk@5136 be551aaa-1e26-0410-a405-d3ace91eadb9
2019-03-18 08:41:39 +00:00
Ralph Dolmans
723845b350
- Fix case in which query timeout can result in marking delegation as
...
edns_lame_known.
git-svn-id: file:///svn/unbound/trunk@5089 be551aaa-1e26-0410-a405-d3ace91eadb9
2019-01-30 13:44:19 +00:00
Ralph Dolmans
f30fe71395
- Get ready for the DNS flag day: remove EDNS lame procedure, do not re-query
...
without EDNS after timeout.
git-svn-id: file:///svn/unbound/trunk@5037 be551aaa-1e26-0410-a405-d3ace91eadb9
2019-01-16 10:23:13 +00:00
Wouter Wijngaards
1b72e814e7
- Fixup openssl 1.0.2 compile
...
git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-12-10 14:36:43 +00:00
Wouter Wijngaards
71b078611f
- Fix #4206 : support openssl 1.0.2 for TLS hostname verification,
...
alongside the 1.1.0 and later support that is already there.
git-svn-id: file:///svn/unbound/trunk@5018 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-12-10 14:27:24 +00:00
Wouter Wijngaards
b23c373f4d
- Refuse to start with no ports.
...
git-svn-id: file:///svn/unbound/trunk@4997 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-11-29 14:26:16 +00:00
Wouter Wijngaards
2d28fba3bf
- Squelch log of failed to tcp initiate after TCP Fastopen failure.
...
git-svn-id: file:///svn/unbound/trunk@4937 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-10-08 13:27:53 +00:00
Wouter Wijngaards
377d5b426a
- Add SSL cleanup for tcp timeout.
...
git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-09-25 09:01:13 +00:00
Wouter Wijngaards
f82a128909
- Perform TLS SNI indication of the host that is being contacted
...
for DNS over TLS service. It sets the configured tls auth name.
This is useful for hosts that apart from the DNS over TLS services
also provide other (web) services.
git-svn-id: file:///svn/unbound/trunk@4914 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-09-25 08:31:42 +00:00
Wouter Wijngaards
9b6caf5a5b
- Fix that with harden-below-nxdomain and qname minisation enabled
...
some iterator states for nonresponsive domains can get into a
state where they waited for an empty list.
- Stop UDP to TCP failover after timeouts that causes the ping count
to be reset by the TCP time measurement (that exists for TLS),
because that causes the UDP part to not be measured as timeout.
git-svn-id: file:///svn/unbound/trunk@4912 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-09-17 11:25:52 +00:00
Wouter Wijngaards
4bf9d12419
- Fix for 4126 that the #define for UNKNOWN_SERVER_NICENESS can be more
...
easily changed to adjust default rtt assumptions.
git-svn-id: file:///svn/unbound/trunk@4779 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-07-12 14:15:03 +00:00
Wouter Wijngaards
5d298ed474
- Fix permission denied printed for auth zone probe random port nrs.
...
git-svn-id: file:///svn/unbound/trunk@4769 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-07-03 13:58:49 +00:00
Wouter Wijngaards
23f475bccc
- Tentative fix for permission denied on IPv6 address on FreeBSD.
...
git-svn-id: file:///svn/unbound/trunk@4754 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-06-26 08:01:44 +00:00
Wouter Wijngaards
b9607297e9
- For TCP and TLS connections that don't establish, perform address
...
update in infra cache, so future selections can exclude them.
git-svn-id: file:///svn/unbound/trunk@4693 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-25 06:21:39 +00:00
Wouter Wijngaards
6fefbb4115
- Fix fail to reject dead peers in forward-zone, with ssl-upstream.
...
git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-05-02 06:36:02 +00:00
Wouter Wijngaards
9d28279475
- Can set tls authentication with forward-addr: IP#tls.auth.name
...
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".
git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-04-19 12:10:05 +00:00
Wouter Wijngaards
5c8819f1ac
- Fix for windows compile.
...
git-svn-id: file:///svn/unbound/trunk@4563 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-03-06 09:18:53 +00:00
Wouter Wijngaards
54bd1fdd62
- tls-cert-bundle option in unbound.conf enables TLS authentication.
...
git-svn-id: file:///svn/unbound/trunk@4532 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-13 10:35:09 +00:00
Wouter Wijngaards
ad89368b4e
auth zone work.
...
git-svn-id: file:///svn/unbound/trunk@4521 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-08 11:59:30 +00:00
Wouter Wijngaards
75eb720ab5
auth zone work on http feature.
...
git-svn-id: file:///svn/unbound/trunk@4517 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-07 16:10:31 +00:00
Wouter Wijngaards
cc9a0671f3
auth zone socket creation fix.
...
git-svn-id: file:///svn/unbound/trunk@4489 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-02-01 15:43:00 +00:00
Wouter Wijngaards
84e819dc31
auth zone move file descriptor functionality to outside network
...
for the unit test
git-svn-id: file:///svn/unbound/trunk@4482 be551aaa-1e26-0410-a405-d3ace91eadb9
2018-01-31 14:59:17 +00:00
Wouter Wijngaards
30da6bde6f
- authzone work, transfer connect.
...
git-svn-id: file:///svn/unbound/trunk@4420 be551aaa-1e26-0410-a405-d3ace91eadb9
2017-12-12 15:39:45 +00:00