unbound

mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-18 18:25:10 -05:00

Author	SHA1	Message	Date
Petr Mensik	7e9d9b03a4	Update path to tls-cert-bundle on reload We need potentially higher privileges when reading key file, but not for reading cert bundle. Try to update also TLS cert path configured for remote TLS servers on reload command.	2025-01-13 18:08:34 +01:00
Yorgos Thessalonikefs	61d7250b96	Create the SSL_CTX for QUIC before chroot and privilege drop (#1187 ) Fixes #1185 by creating the SSL_CTX for QUIC before chroot and privilege drop, just like the other SSL_CTX creations. --------- Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>	2024-12-03 14:20:33 +01:00
W.C.A. Wijngaards	9a63db344e	- Fix #1154 : Tag Incorrectly Applying for Other Interfaces Using the Same IP. This fix is not for 1.22.0.	2024-10-16 15:56:33 +02:00
Wouter Wijngaards	ad21dbd1c2	Cookie secret file (#1090 ) * - cookie-secret-file, define struct. * - cookie-secret-file, add config option, create, read and delete struct. * - cookie-secret-file, check cookie secrets for cookie validation. * - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret, activate_cookie_secret and print_cookie_secrets. * - cookie-secret-file, test and fix locks, renew writes a fresh cookie, staging cookies get a fresh cookie and spelling in error message. * - cookie-secret-file, remove unused variable from cookie file unit test. * Remove unshare and faketime dependencies for cookie_file test; documentation nits. --------- Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>	2024-08-02 13:32:08 +02:00
W.C.A. Wijngaards	95669855fb	- Fix to squelch udp connect errors in the log at low verbosity about invalid argument for IPv6 link local addresses.	2024-05-08 16:40:41 +02:00
W.C.A. Wijngaards	35d0a8a843	- Fix to print detailed errors when an SSL IO routine fails via SSL_get_error.	2023-10-19 11:17:32 +02:00
W.C.A. Wijngaards	b2cba7b707	- Fix doxygen in addr_to_nat64 header definition.	2023-05-04 15:53:05 +02:00
George Thessalonikefs	adb4aeb609	- For #722 : Minor fixes, formatting and refactoring.	2023-05-01 18:23:13 +02:00
George Thessalonikefs	c30bdff939	Initial commit for interface based ACL.	2022-09-11 20:21:32 +02:00
W.C.A. Wijngaards	10a5a5880a	- Patch from Vadim Fedorenko that adds MSG_DONTWAIT to receive operations, so that instruction reordering does not cause mistakenly blocking socket operations.	2022-08-31 10:11:25 +02:00
W.C.A. Wijngaards	e656be63f9	- Fix header comment for doxygen for authextstrtoaddr.	2022-02-02 13:20:46 +01:00
George Thessalonikefs	814a234876	- Update stub/forward-host notation to accept port and tls-auth-name. Fixes #546.	2022-02-01 14:44:29 +01:00
George Thessalonikefs	ff6b527184	- Fix for #411 , #439 , #469 : Reset the DNS message ID when moving queries between TCP streams. - Refactor for uniform way to produce random DNS message IDs.	2021-05-19 15:07:32 +02:00
André Cruz	e07f973938	Allow configuration of TCP timeout while waiting for response This allows us to configure how long Unbound will wait for a response on a TCP connection.	2021-04-28 16:20:46 +01:00
W.C.A. Wijngaards	a6dc0743b4	- Merge PR #293 : Add missing prototype. Also refactor to use the new shorthand function to clean up the code.	2020-08-31 08:41:34 +02:00
W.C.A. Wijngaards	e99b5046eb	- Fix to use SSL_CTX_set_tlsext_ticket_key_evp_cb in OpenSSL 3.0.0-alpha4. - Longer keys for the test set, this avoids weak crypto errors.	2020-07-08 16:22:39 +02:00
George Thessalonikefs	e430e95d30	- Add SNI support on more TLS connections (fixes #193 ). - Add SNI support to unbound-anchor.	2020-04-16 14:39:05 +02:00
W.C.A. Wijngaards	398e260145	Fixup ssl authentication not available with check for it.	2020-02-27 16:57:24 +01:00
W.C.A. Wijngaards	25a88d6d54	dnstap io, check peer verification in dtstream dtio_ssl_handshake.	2020-02-12 15:23:58 +01:00
W.C.A. Wijngaards	ad180402ea	dnstap io, set tls auth name in outgoing ssl	2020-02-05 16:17:21 +01:00
Ralph Dolmans	14913d75c0	- processed RPZ review feedback - fix potential locking issue - add extra out of bound checks	2020-01-15 22:45:29 +01:00
Ralph Dolmans	ae4f6a259b	Proccess more review feedback	2019-12-23 16:02:43 +01:00
Ralph Dolmans	9843b836ee	Merge branch 'master' into rpz	2019-09-09 17:17:43 +02:00
W.C.A. Wijngaards	1089fd6dc1	- squelch DNS over TLS errors 'ssl handshake failed crypto error' on low verbosity, they show on verbosity 3 (query details), because there is a high volume and the operator cannot do anything for the remote failure. Specifically filters the high volume errors.	2019-09-03 09:47:27 +02:00
Ralph Dolmans	9ce7045413	- Fix doxygen issue - Fix memory leak - IANA ports update - merge littlehash ASAN changes	2019-07-16 19:45:49 +02:00
Ralph Dolmans	395d83cfc8	Procedures to parse RPZ ip address notation.	2019-06-24 16:01:01 +02:00
Wouter Wijngaards	d3f397c686	More fixes, statistic counter at end of struct for backwards compatibility, man page, free at exit, indent. git-svn-id: file:///svn/unbound/trunk@5062 be551aaa-1e26-0410-a405-d3ace91eadb9	2019-01-23 10:19:04 +00:00
Wouter Wijngaards	011a7d8830	- Fixes for patch (includes, declarations, warnings). git-svn-id: file:///svn/unbound/trunk@5060 be551aaa-1e26-0410-a405-d3ace91eadb9	2019-01-23 09:43:47 +00:00
Wouter Wijngaards	510606dd1c	- Patch for TLS session resumption from Manabu Sonoda, enable with tls-session-ticket-keys in unbound.conf. git-svn-id: file:///svn/unbound/trunk@5059 be551aaa-1e26-0410-a405-d3ace91eadb9	2019-01-23 09:35:52 +00:00
Wouter Wijngaards	2ad55ba791	- log-tag-queryreply: yes in unbound.conf tags the log-queries and log-replies in the log file for easier log filter maintenance. git-svn-id: file:///svn/unbound/trunk@5000 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-11-30 09:45:37 +00:00
Wouter Wijngaards	5a726fb61f	- Add routine from getdns to add windows cert store to the SSL_CTX. git-svn-id: file:///svn/unbound/trunk@4697 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-05-28 13:22:10 +00:00
Wouter Wijngaards	6fefbb4115	- Fix fail to reject dead peers in forward-zone, with ssl-upstream. git-svn-id: file:///svn/unbound/trunk@4670 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-05-02 06:36:02 +00:00
Wouter Wijngaards	9d28279475	- Can set tls authentication with forward-addr: IP#tls.auth.name And put the public cert bundle in tls-cert-bundle: "ca-bundle.pem". git-svn-id: file:///svn/unbound/trunk@4631 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-04-19 12:10:05 +00:00
Wouter Wijngaards	4691979679	- Fix auth zone target lookup iterator. - notify with prefix git-svn-id: file:///svn/unbound/trunk@4624 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-04-16 13:14:24 +00:00
Wouter Wijngaards	3b87862c8a	auth zone work. git-svn-id: file:///svn/unbound/trunk@4512 be551aaa-1e26-0410-a405-d3ace91eadb9	2018-02-06 09:32:41 +00:00
Wouter Wijngaards	08a3461810	- enhancement for hardened-tls for DNS over TLS. Removed duplicated security settings. git-svn-id: file:///svn/unbound/trunk@4255 be551aaa-1e26-0410-a405-d3ace91eadb9	2017-06-29 11:45:43 +00:00
Wouter Wijngaards	c19f818c52	- Fix #545 : improved logging, the ip address of the error is printed on the same log-line as the error. git-svn-id: file:///svn/unbound/trunk@3112 be551aaa-1e26-0410-a405-d3ace91eadb9	2014-04-10 14:40:20 +00:00
Wouter Wijngaards	2b90f38a70	And fix #551 REGENT to COPYRIGHT HOLDER in license in file headings. git-svn-id: file:///svn/unbound/trunk@3079 be551aaa-1e26-0410-a405-d3ace91eadb9	2014-02-07 13:28:39 +00:00
Wouter Wijngaards	f9762ba453	- Fix openssl race condition, initializes openssl locks, reported by Einar Lonn and Patrik Wallstrom. git-svn-id: file:///svn/unbound/trunk@2733 be551aaa-1e26-0410-a405-d3ace91eadb9	2012-08-01 11:31:29 +00:00
Wouter Wijngaards	cf147df593	- Applied patch from Daisuke HIGASHI for rrset-roundrobin and minimal-responses features. git-svn-id: file:///svn/unbound/trunk@2658 be551aaa-1e26-0410-a405-d3ace91eadb9	2012-04-10 09:16:39 +00:00
Wouter Wijngaards	aa0536dcb5	- dns over ssl support, ssl-service-pem and ssl-service-key files can be given and then TCP queries are serviced wrapped in SSL. git-svn-id: file:///svn/unbound/trunk@2530 be551aaa-1e26-0410-a405-d3ace91eadb9	2011-10-31 14:48:48 +00:00
Wouter Wijngaards	bc54fa3e58	addr_is_any git-svn-id: file:///svn/unbound/trunk@2279 be551aaa-1e26-0410-a405-d3ace91eadb9	2010-10-13 07:59:55 +00:00
Wouter Wijngaards	9d66b48885	- openbsd-lint fixes: acl_list_get_mem used if debug-alloc enabled. iterator get_mem includes priv_get_mem. delegpt nodup removed. listen_pushback, query_info_allocqname, write_socket, send_packet, comm_point_set_cb_arg and listen_resume removed. git-svn-id: file:///svn/unbound/trunk@2222 be551aaa-1e26-0410-a405-d3ace91eadb9	2010-08-20 13:30:41 +00:00
Wouter Wijngaards	40f8fe2815	add and fix doxygen comments for doxygen-1.7.1. (which reports lots of spurious items as well, by the way). git-svn-id: file:///svn/unbound/trunk@2211 be551aaa-1e26-0410-a405-d3ace91eadb9	2010-08-13 08:41:49 +00:00
Wouter Wijngaards	109fbe2350	- Squelch log message: sendto failed permission denied for 255.255.255.255, it is visible in VERB_DETAIL (verbosity 2). git-svn-id: file:///svn/unbound/trunk@2088 be551aaa-1e26-0410-a405-d3ace91eadb9	2010-04-23 06:48:49 +00:00
Wouter Wijngaards	5b66f07e38	edns-buffer-size option. git-svn-id: file:///svn/unbound/trunk@1881 be551aaa-1e26-0410-a405-d3ace91eadb9	2009-10-29 10:37:44 +00:00
Wouter Wijngaards	5d2e8e8e97	Retry mode, DS and prime. git-svn-id: file:///svn/unbound/trunk@1860 be551aaa-1e26-0410-a405-d3ace91eadb9	2009-10-07 07:52:02 +00:00
Wouter Wijngaards	455c3d130d	Data retry on validation failure. git-svn-id: file:///svn/unbound/trunk@1859 be551aaa-1e26-0410-a405-d3ace91eadb9	2009-10-06 08:31:47 +00:00
Wouter Wijngaards	c6da8de517	suppress ipv4mapped errors from logs. git-svn-id: file:///svn/unbound/trunk@1570 be551aaa-1e26-0410-a405-d3ace91eadb9	2009-04-01 10:01:43 +00:00
Wouter Wijngaards	a2dcd9c019	forward command for unbound-control. git-svn-id: file:///svn/unbound/trunk@1482 be551aaa-1e26-0410-a405-d3ace91eadb9	2009-02-13 15:26:37 +00:00

1 2

86 commits