upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 00:00:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
5515 commits 23 branches 209 tags 123 MiB
Commit graph

135 commits

Author SHA1 Message Date
W.C.A. Wijngaards
e13dfc743d For incoming ssl context with verifypem != NULL, we can set 
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
 2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
5b61afd38c Return 0 when ssl authentication is not available 2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457 dnstap io, fix to compile without ssl. 2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
Ralph Dolmans
88a706acf8 - Add extra dnamelen checks to ipdnametoaddr and netblockdnametoaddr 2020-01-29 15:16:44 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
Ralph Dolmans
627285af23 - Fix faulty assert 2020-01-15 23:19:24 +01:00
Ralph Dolmans
344f12dd99 - fix compiler warnings 2020-01-15 23:03:44 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00
Ralph Dolmans
2b5cd8e9b4 Merge remote-tracking branch 'ralph/feature/rpz' into rpz 2019-09-09 17:11:26 +02:00
W.C.A. Wijngaards
1089fd6dc1 - squelch DNS over TLS errors 'ssl handshake failed crypto error' 
on low verbosity, they show on verbosity 3 (query details), because
  there is a high volume and the operator cannot do anything for the
  remote failure.  Specifically filters the high volume errors.
 2019-09-03 09:47:27 +02:00
W.C.A. Wijngaards
c94e13220b - Fix #49: Set no renegotiation on the SSL context to stop client 
session renegotiation.
 2019-07-19 08:18:06 +02:00
Ralph Dolmans
a8d6147ae4 - Added RPZ response IP support 2019-07-16 18:43:16 +02:00
Ralph Dolmans
395d83cfc8 Procedures to parse RPZ ip address notation. 2019-06-24 16:01:01 +02:00
Wouter Wijngaards
bd3c02bd59 - Fix to wipe ssl ticket keys from memory with explicit_bzero, 
if available.


git-svn-id: file:///svn/unbound/trunk@5153 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-04-08 14:42:08 +00:00
Wouter Wijngaards
78adebf8ec - Fix crash if tls-servic-pem not filled in when necessary. 
git-svn-id: file:///svn/unbound/trunk@5141 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-03-25 08:51:17 +00:00
Wouter Wijngaards
281030d576 - Wipe TLS session key data from memory on exit. 
git-svn-id: file:///svn/unbound/trunk@5098 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 15:25:27 +00:00
Wouter Wijngaards
df8f236b62 - For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks, 
still supports the set_id_callback previous API.  And for 1.1.0
  no locking callbacks are needed.


git-svn-id: file:///svn/unbound/trunk@5094 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-31 11:31:55 +00:00
Wouter Wijngaards
062c2cacfc - remove compile warnings from libnettle compile. 
git-svn-id: file:///svn/unbound/trunk@5077 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-25 12:58:06 +00:00
Wouter Wijngaards
707e5a915b Neater spaces 
git-svn-id: file:///svn/unbound/trunk@5067 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 14:18:24 +00:00
Wouter Wijngaards
cc9fb69911 fix lint and clang analysis errors 
git-svn-id: file:///svn/unbound/trunk@5063 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:23:02 +00:00
Wouter Wijngaards
d3f397c686 More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. 
git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 10:19:04 +00:00
Wouter Wijngaards
011a7d8830 - Fixes for patch (includes, declarations, warnings). 
git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:43:47 +00:00
Wouter Wijngaards
510606dd1c - Patch for TLS session resumption from Manabu Sonoda, 
enable with tls-session-ticket-keys in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9
 2019-01-23 09:35:52 +00:00
Wouter Wijngaards
2ad55ba791 - log-tag-queryreply: yes in unbound.conf tags the log-queries and 
log-replies in the log file for easier log filter maintenance.


git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-11-30 09:45:37 +00:00
Wouter Wijngaards
d3ff7a9333 - log port number with err_addr logs. 
git-svn-id: file:///svn/unbound/trunk@4761 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-06-29 08:34:41 +00:00
Wouter Wijngaards
5a726fb61f - Add routine from getdns to add windows cert store to the SSL_CTX. 
git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-05-28 13:22:10 +00:00
Wouter Wijngaards
5bee11a6d3 - removed free from failed parse case. 
git-svn-id: file:///svn/unbound/trunk@4640 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-20 14:10:55 +00:00
Wouter Wijngaards
f39e39ed47 - For addr with #authname and no @port notation, the default is 853. 
git-svn-id: file:///svn/unbound/trunk@4637 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 14:23:14 +00:00
Wouter Wijngaards
23656b2b0e fix lint 
git-svn-id: file:///svn/unbound/trunk@4633 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:18:00 +00:00
Wouter Wijngaards
9d28279475 - Can set tls authentication with forward-addr: IP#tls.auth.name 
And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem".


git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-19 12:10:05 +00:00
Wouter Wijngaards
4691979679 - Fix auth zone target lookup iterator. 
- notify with prefix


git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-04-16 13:14:24 +00:00
Wouter Wijngaards
10e165c574 fix lint warning 
git-svn-id: file:///svn/unbound/trunk@4514 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-06 11:17:29 +00:00
Wouter Wijngaards
3b87862c8a auth zone work. 
git-svn-id: file:///svn/unbound/trunk@4512 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-02-06 09:32:41 +00:00
Wouter Wijngaards
621b1c57a3 - Fix #2362: TLS1.3/openssl-1.1.1 not working. 
git-svn-id: file:///svn/unbound/trunk@4396 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-11-03 07:40:36 +00:00
Wouter Wijngaards
d8960d2c55 - Fix #1402: squelch invalid argument error for fd_set_block on windows. 
git-svn-id: file:///svn/unbound/trunk@4306 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-21 14:15:32 +00:00
Wouter Wijngaards
36eeb92391 remove warning 
git-svn-id: file:///svn/unbound/trunk@4282 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:53:11 +00:00
Wouter Wijngaards
b7d9b59aa9 - Fix compile with libnettle 
git-svn-id: file:///svn/unbound/trunk@4281 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:52:20 +00:00
Wouter Wijngaards
962fea87d3 lint fix and check errcode. 
git-svn-id: file:///svn/unbound/trunk@4256 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:53:21 +00:00
Wouter Wijngaards
08a3461810 - enhancement for hardened-tls for DNS over TLS. Removed duplicated 
security settings.


git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-29 11:45:43 +00:00
Wouter Wijngaards
ff1b857f90 compile fix 
git-svn-id: file:///svn/unbound/trunk@3990 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 11:34:21 +00:00