upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 15:50:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7773 commits 23 branches 209 tags 123 MiB
Commit graph

176 commits

Author SHA1 Message Date
Wouter Wijngaards
ad21dbd1c2
Cookie secret file (#1090) 
* - cookie-secret-file, define struct.

* - cookie-secret-file, add config option, create, read and delete struct.

* - cookie-secret-file, check cookie secrets for cookie validation.

* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
  activate_cookie_secret and print_cookie_secrets.

* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
  staging cookies get a fresh cookie and spelling in error message.

* - cookie-secret-file, remove unused variable from cookie file unit test.

* Remove unshare and faketime dependencies for cookie_file test; documentation nits.

---------

Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
 2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards
08050dc939 - Fix #1091: Build fails with OpenSSL >= 3.0 built with 
OPENSSL_NO_DEPRECATED.
 2024-06-17 12:28:45 +02:00
W.C.A. Wijngaards
95669855fb - Fix to squelch udp connect errors in the log at low verbosity about 
invalid argument for IPv6 link local addresses.
 2024-05-08 16:40:41 +02:00
Yorgos Thessalonikefs
91e8e0e511 - Fix #1035: Potential Bug while parsing port from the "stub-host" 
string; also affected forward-zones and remote-control host
  directives.
 2024-04-03 13:37:57 +02:00
W.C.A. Wijngaards
e1aeabde44 - Fix for crypto related failures to have a better error string. 2024-03-28 09:58:57 +01:00
W.C.A. Wijngaards
c4d17dd231 - Fix compilation without openssl, remove unused function warning. 2023-11-01 17:09:37 +01:00
W.C.A. Wijngaards
5f78f67e39 - Fix SSL compile failure for other missing definitions in 
log_crypto_err_io_code_arg.
 2023-11-01 14:20:52 +01:00
W.C.A. Wijngaards
b1d99bb6b6 - Fix SSL compile failure for definition in log_crypto_err_io_code_arg. 2023-11-01 14:14:02 +01:00
W.C.A. Wijngaards
35d0a8a843 - Fix to print detailed errors when an SSL IO routine fails via 
SSL_get_error.
 2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards
31218166fc - Fix to remove two c99 notations. 2023-09-15 13:30:30 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
George Thessalonikefs
d7e7761141 - Fix #812, fix #846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option 
to ignore the unexpected eof while reading in openssl >= 3.
 2023-03-17 14:39:37 +01:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
a30286502c - Fix for correct openssl error when adding windows CA certificates to 
the openssl trust store.
 2022-07-03 22:41:39 +02:00
Petr Mensik
0abfddd279 Allow using system certificates not only on Windows 
OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
 2022-05-12 16:07:41 +02:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
W.C.A. Wijngaards
4efbee08b5 - Fix compile warning for if_nametoindex on windows 64bit. 2021-12-03 10:44:47 +01:00
gthess
43615e98b5
Merge pull request #522 from sibeream/net_help_RESOURCE_LEAK 
- memory management violations fixed
 2021-12-01 03:59:32 +01:00
Florian Obser
8756f1e4c7 Allow interface names as scope-id in IPv6 link-local addresses. 
For example, this makes
forward-zone:
    name: "."
    forward-addr: fe80::20d:b9ff:fe46:c7f4%vio0
    forward-first: yes

work instead of fe80::20d:b9ff:fe46:c7f4%1.
 2021-10-24 16:06:55 +02:00
W.C.A. Wijngaards
d88f554503 - Fix #527: not sending quad9 cert to syslog (and may be more). 2021-08-17 13:03:33 +02:00
W.C.A. Wijngaards
de31bcdf2e - Support using system-wide crypto policies. 2021-08-13 09:21:47 +02:00
Artem Egorenkov
0d8dd6ec33 - memory management violations fixed 2021-08-06 14:11:12 +02:00
W.C.A. Wijngaards
25425d9aa7 - Fix #468: OpenSSL 1.0.1 can no longer build Unbound. 2021-04-22 09:00:15 +02:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr 
DNSTAP log local address
 2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
3a19ceaae6 - Fix to use correct type for label count in ipdnametoaddr rpz routine. 2021-01-28 09:14:19 +01:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
7167153db5 configure test for struct sockaddr_in6 sin6_len member 2020-12-09 11:41:07 +01:00
W.C.A. Wijngaards
31cedb47cb Remove unused whitespace, add missing header change, make it compile 2020-12-09 11:13:58 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
Ralph Dolmans
31f81adadb - Check for existence 'EVP_MAC_CTX_set_params' function (openssl >= 
3.0.0-alpha5)
 2020-08-10 17:29:06 +02:00
Vitezslav Cizek
61100b6463 net_help: Rename EVP_MAC_set_ctx_params to EVP_MAC_CTX_set_params 
This fixes build with OpenSSL 3.0.0 Alpha 5.
EVP_MAC_set_ctx_params got renamed back to EVP_MAC_CTX_set_params
in https://github.com/openssl/openssl/pull/12186
 2020-07-31 14:48:44 +02:00
W.C.A. Wijngaards
e855d5779a - Fix doxygen comment for no ssl for tls session ticket key callback 
routine.
 2020-07-31 09:10:40 +02:00
W.C.A. Wijngaards
7d4445c03d - Fix libnettle compile for session ticket key callback function 
changes.
 2020-07-17 16:53:52 +02:00
W.C.A. Wijngaards
e99b5046eb - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
 2020-07-08 16:22:39 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Ralph Dolmans
2c03028fa3 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke 
HIGASHI.
 2020-03-19 14:00:33 +01:00
W.C.A. Wijngaards
e13dfc743d For incoming ssl context with verifypem != NULL, we can set 
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
 2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
5b61afd38c Return 0 when ssl authentication is not available 2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457 dnstap io, fix to compile without ssl. 2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00