upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-24 00:29:58 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
4288 commits 23 branches 209 tags 123 MiB
Commit graph

464 commits

Author SHA1 Message Date
Ralph Dolmans
f4ff97c297 Also use NSEC with longest closest encloser for CNAME responses. 
git-svn-id: file:///svn/unbound/trunk@4463 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-29 14:44:39 +00:00
Ralph Dolmans
b9f4ff6e9f - Use NSEC with longest ce to prove wildcard absence. 
- Only use *.ce to prove wildcard absence, no longer names.


git-svn-id: file:///svn/unbound/trunk@4460 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-29 13:46:57 +00:00
Wouter Wijngaards
2a6250e3fb - patch for CVE-2017-15105: vulnerability in the processing of 
wildcard synthesized NSEC records.


git-svn-id: file:///svn/unbound/trunk@4441 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-19 09:50:35 +00:00
Wouter Wijngaards
21d1989e05 fix oneoff 
git-svn-id: file:///svn/unbound/trunk@4433 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 13:36:17 +00:00
Wouter Wijngaards
fa90bbc07a fixup larger than 2**31 case. 
git-svn-id: file:///svn/unbound/trunk@4432 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 12:43:43 +00:00
Wouter Wijngaards
44eb7bfd25 - Remove clang optimizer disable, 
Fix that expiration date checks don't fail with clang -O2.


git-svn-id: file:///svn/unbound/trunk@4431 be551aaa-1e26-0410-a405-d3ace91eadb9
 2018-01-02 10:48:00 +00:00
Wouter Wijngaards
87edf6497d remove debug output 
git-svn-id: file:///svn/unbound/trunk@4426 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 10:21:38 +00:00
Wouter Wijngaards
6bae276ecb this version of unbound fails when compiled with CC=clang and -O (edit Makefile), or -O2 (default). If you use no optimizing flag, unittest works. 
git-svn-id: file:///svn/unbound/trunk@4425 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-12-15 10:16:06 +00:00
Wouter Wijngaards
7d17a926ac - Spelling fixes, from Phil Porada. 
git-svn-id: file:///svn/unbound/trunk@4344 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-09-15 14:29:28 +00:00
Wouter Wijngaards
fe18bbcb1f - Fix 1416: qname-minimisation breaks TLSA lookups with CNAMEs. 
git-svn-id: file:///svn/unbound/trunk@4322 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-30 13:13:43 +00:00
Wouter Wijngaards
8d1e4b3648 - Fix install of trust anchor when two anchors are present, makes both 
valid.  Checks hash of DS but not signature of new key.  This fixes
  installs between sep11 and oct11 2017.


git-svn-id: file:///svn/unbound/trunk@4302 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-08-21 08:57:44 +00:00
Wouter Wijngaards
6d8a924889 fix type cast. 
git-svn-id: file:///svn/unbound/trunk@4287 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:50:16 +00:00
Wouter Wijngaards
e396684a54 - Fix #1365: Add Ed25519 support using libnettle. 
git-svn-id: file:///svn/unbound/trunk@4286 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 10:44:30 +00:00
Wouter Wijngaards
6f4b0c4fa6 double fallthrough annotation to please gcc parser. 
git-svn-id: file:///svn/unbound/trunk@4284 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:58:00 +00:00
Wouter Wijngaards
cb0e3980d8 annotate fallthrough 
git-svn-id: file:///svn/unbound/trunk@4283 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-07-24 09:54:21 +00:00
Wouter Wijngaards
0992621839 Fixup compile for clean_additional changes 
git-svn-id: file:///svn/unbound/trunk@4211 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 09:24:33 +00:00
Wouter Wijngaards
bfddc0dc64 - Fix that unbound-control can set val_clean_additional and val_permissive_mode. 
git-svn-id: file:///svn/unbound/trunk@4209 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-06-07 06:59:47 +00:00
Wouter Wijngaards
8c4e7ffb14 - Support for openssl EVP_DigestVerify. 
- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).


git-svn-id: file:///svn/unbound/trunk@4198 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-30 12:28:25 +00:00
Wouter Wijngaards
658c759b3d - Fix #1267: Libunbound validator/val_secalgo.c uses obsolete APIs. 
git-svn-id: file:///svn/unbound/trunk@4174 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-18 07:15:16 +00:00
Ralph Dolmans
657948dd0c - Added mesh_add_sub to add detached mesh entries. 
- Use mesh_add_sub for key tag signaling queries.


git-svn-id: file:///svn/unbound/trunk@4144 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-05-02 13:17:56 +00:00
Ralph Dolmans
cb253fafe7 regional_alloc + memcpy to regional_alloc_init 
git-svn-id: file:///svn/unbound/trunk@4136 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 15:03:32 +00:00
Ralph Dolmans
33001c8c4b please lint 
git-svn-id: file:///svn/unbound/trunk@4135 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 13:27:07 +00:00
Ralph Dolmans
a511d5d95e - Implemented trust anchor signaling using key tag query. 
git-svn-id: file:///svn/unbound/trunk@4134 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-26 12:58:13 +00:00
Wouter Wijngaards
4d7d32c846 - harden algo downgrade also makes unbound more lenient about digest 
algorithms in DS records.


git-svn-id: file:///svn/unbound/trunk@4104 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-04-10 13:38:50 +00:00
George Thessalonikefs
1163c6345b - Fix to prevent non-referal query from being cached as referal when the 
no_cache_store flag was set.


git-svn-id: file:///svn/unbound/trunk@4080 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-24 10:51:56 +00:00
Wouter Wijngaards
984c6c33bc prettier size_t and defines. 
git-svn-id: file:///svn/unbound/trunk@4062 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:43:25 +00:00
Wouter Wijngaards
91bafce012 fix for lint 
git-svn-id: file:///svn/unbound/trunk@4060 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:18:10 +00:00
Wouter Wijngaards
cc31f2f6e9 fix layout. 
git-svn-id: file:///svn/unbound/trunk@4058 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:10:08 +00:00
Wouter Wijngaards
a83c7764f5 fix comparison, unsigned does not become negative. 
git-svn-id: file:///svn/unbound/trunk@4057 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:07:34 +00:00
Wouter Wijngaards
f374268521 - trustanchor tags are sorted. reusable routine to fetch taglist. 
git-svn-id: file:///svn/unbound/trunk@4056 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-16 15:04:18 +00:00
Wouter Wijngaards
05215e8e7d - --disable-sha1 disables SHA1 support in RRSIG, so from DNSKEY and 
DS records.  NSEC3 is not disabled.
- fake-sha1 test option; print warning if used.  To make unit tests.


git-svn-id: file:///svn/unbound/trunk@4043 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-03-09 13:18:08 +00:00
Wouter Wijngaards
c010e93d4a - Fix to rename internally used types from _t to _type, because _t 
type names are reserved by POSIX.
- iana portlist update


git-svn-id: file:///svn/unbound/trunk@3989 be551aaa-1e26-0410-a405-d3ace91eadb9
 2017-01-19 10:25:41 +00:00
Ralph Dolmans
4f487cf746 Add DSA support for OpenSSL 1.1 
git-svn-id: file:///svn/unbound/trunk@3954 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-07 12:58:47 +00:00
George Thessalonikefs
7b948b0647 - Added generic EDNS code for registering known EDNS option codes, 
bypassing the cache response stage and uniquifying mesh states. Four EDNS
  option lists were added to module_qstate (module_qstate.edns_opts_*) to
  store EDNS options from/to front/back side.
- Added two flags to module_qstate (no_cache_lookup, no_cache_store) that
  control the modules' cache interactions.
- Added code for registering inplace callback functions. The registered
  functions can be called just before replying with local data or Chaos,
  replying from cache, replying with SERVFAIL, replying with a resolved
  query, sending a query to a nameserver. The functions can inspect the
  available data and maybe change response/query related data (i.e. append
  EDNS options).
- Updated Python module for the above.
- Updated Python documentation.



git-svn-id: file:///svn/unbound/trunk@3947 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-12-06 13:42:51 +00:00
Ralph Dolmans
3e5cf4da0b - Make access-control-tag-data RDATA absolute. This makes the RDATA origin 
consistent between local-data and access-control-tag-data.
- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a subdomain
  of the NSEC owner.



git-svn-id: file:///svn/unbound/trunk@3930 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-11-22 10:10:48 +00:00
Wouter Wijngaards
27182d614b - Fix unit tests for openssl 1.1, with no DSA, by faking DSA, enabled 
with the undocumented switch 'fake-dsa'.  It logs a warning.


git-svn-id: file:///svn/unbound/trunk@3909 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-26 07:38:00 +00:00
Wouter Wijngaards
2785225a43 - Fixup query_info local_alias init. 
git-svn-id: file:///svn/unbound/trunk@3901 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 15:05:30 +00:00
Wouter Wijngaards
cfef4ba047 - Fix DNSSEC validation of query type ANY with DNAME answers. 
git-svn-id: file:///svn/unbound/trunk@3898 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-20 14:27:13 +00:00
Wouter Wijngaards
503df095b2 - Patch that resolves CNAMEs entered in local-data conf statements that 
point to data on the internet, from Jinmei Tatuya (Infoblox).


git-svn-id: file:///svn/unbound/trunk@3885 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-18 13:18:20 +00:00
Ralph Dolmans
0b3138e1bf - Fix #1117: spelling errors, from Robert Edmonds 
git-svn-id: file:///svn/unbound/trunk@3877 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-10-05 09:56:05 +00:00
Wouter Wijngaards
cd842fafb9 - Fix #835: fix --disable-dsa with nettle verify. 
git-svn-id: file:///svn/unbound/trunk@3864 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-20 12:22:07 +00:00
Ralph Dolmans
e2e34ad273 fix potential memory leak in daemon/remote.c and nullpointer dereference in 
validator/autotrust.


git-svn-id: file:///svn/unbound/trunk@3856 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-15 08:39:59 +00:00
Ralph Dolmans
19ebdbf6a6 Take configured minimum TTL into consideration when reducing TTL to original 
TTL from RRSIG.


git-svn-id: file:///svn/unbound/trunk@3849 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-09-05 12:30:46 +00:00
Wouter Wijngaards
ca5eca9567 - Fix #777: OpenSSL 1.1.0 compatibility, patch from Sebastian A. Siewior. 
git-svn-id: file:///svn/unbound/trunk@3837 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-08-29 07:05:19 +00:00
Wouter Wijngaards
eaa6e239f7 - Fix #788 for nettle 3.0: Failed to build with Nettle >= 3.0 and 
--with-libunbound-only --with-nettle.


git-svn-id: file:///svn/unbound/trunk@3810 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 14:00:33 +00:00
Wouter Wijngaards
2a39f48deb Fixup _get_osfhandle calls 
git-svn-id: file:///svn/unbound/trunk@3809 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:46:16 +00:00
Wouter Wijngaards
941b31f90b - Fixes for 64bit windows compile. 
git-svn-id: file:///svn/unbound/trunk@3808 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-07-05 07:40:13 +00:00
Wouter Wijngaards
230ef2110b - Improve threadsafety for openssl 0.9.8 ecdsa dnssec signatures. 
git-svn-id: file:///svn/unbound/trunk@3766 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-07 13:02:02 +00:00
Wouter Wijngaards
8336eab1e1 - Fix distinction between free and CRYPTO_free in dsa and ecdsa alloc. 
git-svn-id: file:///svn/unbound/trunk@3745 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-06-02 08:31:17 +00:00
Wouter Wijngaards
40dd2acfd9 - generic edns option parse and store code. 
git-svn-id: file:///svn/unbound/trunk@3740 be551aaa-1e26-0410-a405-d3ace91eadb9
 2016-05-31 15:08:05 +00:00