upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-22 07:41:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
7435 commits 23 branches 209 tags 123 MiB
Commit graph

167 commits

Author SHA1 Message Date
W.C.A. Wijngaards
31218166fc - Fix to remove two c99 notations. 2023-09-15 13:30:30 +02:00
George Thessalonikefs
adb4aeb609 - For #722: Minor fixes, formatting and refactoring. 2023-05-01 18:23:13 +02:00
George Thessalonikefs
d7e7761141 - Fix #812, fix #846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option 
to ignore the unexpected eof while reading in openssl >= 3.
 2023-03-17 14:39:37 +01:00
George Thessalonikefs
c30bdff939 Initial commit for interface based ACL. 2022-09-11 20:21:32 +02:00
George Thessalonikefs
a30286502c - Fix for correct openssl error when adding windows CA certificates to 
the openssl trust store.
 2022-07-03 22:41:39 +02:00
Petr Mensik
0abfddd279 Allow using system certificates not only on Windows 
OpenSSL has a way to load default file. That file might contain usable
certificates to verify common connections. Allow similar trust as on
windows and leave it on openssl package to provide sane defaults.

Also provide use-system-cert alias, because it is not windows specific
anymore.
 2022-05-12 16:07:41 +02:00
George Thessalonikefs
814a234876 - Update stub/forward-host notation to accept port and tls-auth-name. 
Fixes #546.
 2022-02-01 14:44:29 +01:00
W.C.A. Wijngaards
4efbee08b5 - Fix compile warning for if_nametoindex on windows 64bit. 2021-12-03 10:44:47 +01:00
gthess
43615e98b5
Merge pull request #522 from sibeream/net_help_RESOURCE_LEAK 
- memory management violations fixed
 2021-12-01 03:59:32 +01:00
Florian Obser
8756f1e4c7 Allow interface names as scope-id in IPv6 link-local addresses. 
For example, this makes
forward-zone:
    name: "."
    forward-addr: fe80::20d:b9ff:fe46:c7f4%vio0
    forward-first: yes

work instead of fe80::20d:b9ff:fe46:c7f4%1.
 2021-10-24 16:06:55 +02:00
W.C.A. Wijngaards
d88f554503 - Fix #527: not sending quad9 cert to syslog (and may be more). 2021-08-17 13:03:33 +02:00
W.C.A. Wijngaards
de31bcdf2e - Support using system-wide crypto policies. 2021-08-13 09:21:47 +02:00
Artem Egorenkov
0d8dd6ec33 - memory management violations fixed 2021-08-06 14:11:12 +02:00
W.C.A. Wijngaards
25425d9aa7 - Fix #468: OpenSSL 1.0.1 can no longer build Unbound. 2021-04-22 09:00:15 +02:00
Wouter Wijngaards
209dc32624
Merge pull request #367 from NLnetLabs/dnstap-log-local-addr 
DNSTAP log local address
 2021-02-25 11:58:36 +01:00
W.C.A. Wijngaards
3a19ceaae6 - Fix to use correct type for label count in ipdnametoaddr rpz routine. 2021-01-28 09:14:19 +01:00
W.C.A. Wijngaards
6bf1293bcd No need for mk_local_addr, can pass the sockaddr structure. 2020-12-09 11:56:35 +01:00
W.C.A. Wijngaards
7167153db5 configure test for struct sockaddr_in6 sin6_len member 2020-12-09 11:41:07 +01:00
W.C.A. Wijngaards
31cedb47cb Remove unused whitespace, add missing header change, make it compile 2020-12-09 11:13:58 +01:00
W.C.A. Wijngaards
bdfa65c6ab Import the patches from the files in the tarball in 
issue #365 https://github.com/NLnetLabs/unbound/files/5659923/patches.tar.gz
from iruzanov.  The merge conflicts are fixed, but no changes are made
to the patched code.
 2020-12-09 11:00:51 +01:00
Ralph Dolmans
4ae823fbc2 Merge branch 'master' into doh 2020-09-16 18:38:51 +02:00
W.C.A. Wijngaards
a6dc0743b4 - Merge PR #293: Add missing prototype. Also refactor to use the new 
shorthand function to clean up the code.
 2020-08-31 08:41:34 +02:00
Ralph Dolmans
31f81adadb - Check for existence 'EVP_MAC_CTX_set_params' function (openssl >= 
3.0.0-alpha5)
 2020-08-10 17:29:06 +02:00
Vitezslav Cizek
61100b6463 net_help: Rename EVP_MAC_set_ctx_params to EVP_MAC_CTX_set_params 
This fixes build with OpenSSL 3.0.0 Alpha 5.
EVP_MAC_set_ctx_params got renamed back to EVP_MAC_CTX_set_params
in https://github.com/openssl/openssl/pull/12186
 2020-07-31 14:48:44 +02:00
W.C.A. Wijngaards
e855d5779a - Fix doxygen comment for no ssl for tls session ticket key callback 
routine.
 2020-07-31 09:10:40 +02:00
W.C.A. Wijngaards
7d4445c03d - Fix libnettle compile for session ticket key callback function 
changes.
 2020-07-17 16:53:52 +02:00
W.C.A. Wijngaards
e99b5046eb - Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 
3.0.0-alpha4.
- Longer keys for the test set, this avoids weak crypto errors.
 2020-07-08 16:22:39 +02:00
Ralph Dolmans
e7601870cc Merge branch 'master' into doh 2020-05-07 17:12:26 +02:00
Ralph Dolmans
8dae5d9f81 - Add DNS-over-HTTPS support 2020-05-07 16:36:26 +02:00
George Thessalonikefs
226d66ca92 - Change default value for 'rrset-roundrobin' to yes. 2020-04-21 12:58:48 +02:00
George Thessalonikefs
e430e95d30 - Add SNI support on more TLS connections (fixes #193). 
- Add SNI support to unbound-anchor.
 2020-04-16 14:39:05 +02:00
Ralph Dolmans
2c03028fa3 - Fix #158: open tls-session-ticket-keys as binary, for Windows. By Daisuke 
HIGASHI.
 2020-03-19 14:00:33 +01:00
W.C.A. Wijngaards
e13dfc743d For incoming ssl context with verifypem != NULL, we can set 
SSL_VERIFY_FAIL_IF_NO_PEER_CERT that can reject client
connections without peer cert during the handshake, which is nicer
than just a connection drop to the client (when we then check
for no peer certificate afterwards).
 2020-02-28 11:10:12 +01:00
W.C.A. Wijngaards
5b61afd38c Return 0 when ssl authentication is not available 2020-02-28 08:11:11 +01:00
W.C.A. Wijngaards
398e260145 Fixup ssl authentication not available with check for it. 2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards
184f26355a Fix ifdef of X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS, and 
Merge branch 'master' into framestreams
 2020-02-18 08:33:58 +01:00
W.C.A. Wijngaards
465af58457 dnstap io, fix to compile without ssl. 2020-02-14 13:23:58 +01:00
W.C.A. Wijngaards
25a88d6d54 dnstap io, check peer verification in dtstream dtio_ssl_handshake. 2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards
ad180402ea dnstap io, set tls auth name in outgoing ssl 2020-02-05 16:17:21 +01:00
W.C.A. Wijngaards
7495b25f94 - Fix fclose on error in TLS session ticket code. 2020-01-31 07:49:14 +01:00
Ralph Dolmans
810862dc65 - Stop working on socket when socket() call returns an error. 
- Check malloc return values in TLS session ticket code
 2020-01-30 19:15:58 +01:00
Ralph Dolmans
88a706acf8 - Add extra dnamelen checks to ipdnametoaddr and netblockdnametoaddr 2020-01-29 15:16:44 +01:00
Ralph Dolmans
9877e52161 Merge branch 'master' of github.com:NLnetLabs/unbound into rpz 2020-01-15 23:44:10 +01:00
Ralph Dolmans
627285af23 - Fix faulty assert 2020-01-15 23:19:24 +01:00
Ralph Dolmans
344f12dd99 - fix compiler warnings 2020-01-15 23:03:44 +01:00
Ralph Dolmans
14913d75c0 - processed RPZ review feedback 
- fix potential locking issue
  - add extra out of bound checks
 2020-01-15 22:45:29 +01:00
W.C.A. Wijngaards
e149bc7046 - Fix unreachable code in ssl set options code. 2020-01-10 11:28:01 +01:00
W.C.A. Wijngaards
442e95620e - Portable grep usage for reuseport configure test. 
- Check return type of HMAC_Init_ex for openssl 0.9.8.
 2019-11-18 15:53:47 +01:00
W.C.A. Wijngaards
d05d6b959a - fixes for splint cleanliness, long vs int in SSL set_mode. 2019-11-13 15:16:27 +01:00
Ralph Dolmans
9843b836ee Merge branch 'master' into rpz 2019-09-09 17:17:43 +02:00