Skip to content
Snippets Groups Projects
Select Git revision
  • separate-library
  • restore-cache-ops
  • anb/cache-stats
  • scan-fixes
  • master default
  • tmpfiles-create-cache
  • additional-path-fixes
  • ci-enable-infer
  • query-trace
  • cache-aggr-wip
  • marek/staging-changes
  • http-allow-reuseport
  • dnssec-by-default
  • keyfile-arg
  • vendor-ljdns
  • time-travel-detection
  • add-version-in-lua
  • zzz_archive_allow-separate-udp-tcp
  • packaging-docs
  • monotonic-time2
  • v1.5.1
  • v1.5.0
  • v1.99.1-alpha
  • v1.4.0
  • v1.3.3
  • v1.3.2
  • v1.3.1
  • v1.3.0
  • 1.3.0-rc1
  • v1.2.6
  • v1.2.5
  • v1.2.4
  • v1.2.3
  • v1.2.2
  • v1.2.1
  • v1.2.0
  • v1.2.0-rc3
  • v1.2.0-rc2
  • v1.2.0-rc1
  • v1.1.1
40 results
Search by author
  • Any Author
  • Aleš Mrázek Aleš Mrázek amrazek
  • Anbang Wen Anbang Wen anb
  • Daniel Salzman Daniel Salzman dsalzman
  • David Vasek David Vasek dvasek
  • Frantisek Tobias Frantisek Tobias ftobias
  • Hynek Šabacký Hynek Šabacký hsabacky
  • Jakub Ružička Jakub Ružička jruzicka
  • Jan Hák Jan Hák jhak
  • Ladislav Lhotka Ladislav Lhotka llhotka
  • Libor Peltan Libor Peltan lpeltan
  • Lukáš Ondráček Lukáš Ondráček londracek
  • Štěpán Balážik Štěpán Balážik sbalazik
  • Tomas Krizek Tomas Krizek tkrizek
  • Vaclav Sraier Vaclav Sraier vsraier
  • Vladimír Čunát Vladimír Čunát vcunat
15 authors
  1. Aug 10, 2016
  3. Aug 09, 2016
  5. Aug 08, 2016
    • Marek Vavrusa's avatar
      Merge branch 'tls-listen' into 'master' · 27d97a89
      Marek Vavrusa authored 
      DNS over TLS and TCP out-of-order processing

Refresh !18

I merged few bits from @dkg branch, but there are two notable things missing:
- watch for on-disk chang of credentials - not sure if this is really needed, I would suggest a separate MR, where we can discuss benefits of doing so.
- ephemeral key generation from `net.tls_servicename` - this is fine, but instead of setting `tls_servicename`, let's make it an explicit generator e.g. net.generate_certificate("name") instead of setting `tls_servicename` in the `struct network`. Again I would suggest a separate MR.

To test the TLS listen, you can use a dns-over-tls branch from Knot DNS:
```
./daemon/kresd --tls=127.0.0.1\#5353
net.tls("cert", "key")
```

```
$ ./src/kdig +tls -p 5353 www.cmu.edu @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 9741
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; www.cmu.edu.        		IN	A

;; ANSWER SECTION:
www.cmu.edu.        	86400	IN	CNAME	www-cmu-prod-vip.andrew.cmu.edu.
www-cmu-prod-vip.andrew.cmu.edu. 21600	IN	A	128.2.42.52

;; Received 107 B
;; Time 2016-08-05 11:52:25 CEST
;; From 127.0.0.1@5353(TCP) in 2146.1 ms
;; TLS session info: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
```


See merge request !41
      27d97a89
  7. Aug 06, 2016
    • Marek Vavrusa's avatar
      Merge branch 'unbuffer-kr_log_info' into 'master' · 4f49430c
      Marek Vavrusa authored 
      Ensure that kr_log_info() gets sent promptly to stdout

If stdout is buffered, kr_log_info() might take ages to show up in the
output stream.  Since this stream could be interleaved with stderr
(e.g. kr_log_error()), it would be good to be able to see the messages
in the order in which they are generated.

See merge request !40
      4f49430c
  9. Aug 05, 2016
  11. Aug 04, 2016
  13. Jul 29, 2016
  15. Jul 28, 2016