Skip to content
Snippets Groups Projects
Select Git revision
  • separate-library
  • restore-cache-ops
  • anb/cache-stats
  • scan-fixes
  • master default
  • tmpfiles-create-cache
  • additional-path-fixes
  • ci-enable-infer
  • query-trace
  • cache-aggr-wip
  • marek/staging-changes
  • http-allow-reuseport
  • dnssec-by-default
  • keyfile-arg
  • vendor-ljdns
  • time-travel-detection
  • add-version-in-lua
  • zzz_archive_allow-separate-udp-tcp
  • packaging-docs
  • monotonic-time2
  • v1.5.1
  • v1.5.0
  • v1.99.1-alpha
  • v1.4.0
  • v1.3.3
  • v1.3.2
  • v1.3.1
  • v1.3.0
  • 1.3.0-rc1
  • v1.2.6
  • v1.2.5
  • v1.2.4
  • v1.2.3
  • v1.2.2
  • v1.2.1
  • v1.2.0
  • v1.2.0-rc3
  • v1.2.0-rc2
  • v1.2.0-rc1
  • v1.1.1
40 results
Search by author
  • Any Author
  • Aleš Mrázek Aleš Mrázek amrazek
  • Anbang Wen Anbang Wen anb
  • Daniel Salzman Daniel Salzman dsalzman
  • David Vasek David Vasek dvasek
  • Frantisek Tobias Frantisek Tobias ftobias
  • Hynek Šabacký Hynek Šabacký hsabacky
  • Jakub Ružička Jakub Ružička jruzicka
  • Jan Hák Jan Hák jhak
  • Ladislav Lhotka Ladislav Lhotka llhotka
  • Libor Peltan Libor Peltan lpeltan
  • Lukáš Ondráček Lukáš Ondráček londracek
  • Štěpán Balážik Štěpán Balážik sbalazik
  • Tomas Krizek Tomas Krizek tkrizek
  • Vaclav Sraier Vaclav Sraier vsraier
  • Vladimír Čunát Vladimír Čunát vcunat
15 authors
  1. Aug 11, 2016
  3. Aug 10, 2016
  5. Aug 09, 2016
  7. Aug 08, 2016
    • Marek Vavrusa's avatar
      Merge branch 'tls-listen' into 'master' · 27d97a89
      Marek Vavrusa authored 
      DNS over TLS and TCP out-of-order processing

Refresh !18

I merged few bits from @dkg branch, but there are two notable things missing:
- watch for on-disk chang of credentials - not sure if this is really needed, I would suggest a separate MR, where we can discuss benefits of doing so.
- ephemeral key generation from `net.tls_servicename` - this is fine, but instead of setting `tls_servicename`, let's make it an explicit generator e.g. net.generate_certificate("name") instead of setting `tls_servicename` in the `struct network`. Again I would suggest a separate MR.

To test the TLS listen, you can use a dns-over-tls branch from Knot DNS:
```
./daemon/kresd --tls=127.0.0.1\#5353
net.tls("cert", "key")
```

```
$ ./src/kdig +tls -p 5353 www.cmu.edu @127.0.0.1
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 9741
;; Flags: qr rd ra; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 0

;; QUESTION SECTION:
;; www.cmu.edu.        		IN	A

;; ANSWER SECTION:
www.cmu.edu.        	86400	IN	CNAME	www-cmu-prod-vip.andrew.cmu.edu.
www-cmu-prod-vip.andrew.cmu.edu. 21600	IN	A	128.2.42.52

;; Received 107 B
;; Time 2016-08-05 11:52:25 CEST
;; From 127.0.0.1@5353(TCP) in 2146.1 ms
;; TLS session info: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)
```


See merge request !41
      27d97a89
  9. Aug 06, 2016
    • Marek Vavrusa's avatar
      Merge branch 'unbuffer-kr_log_info' into 'master' · 4f49430c
      Marek Vavrusa authored 
      Ensure that kr_log_info() gets sent promptly to stdout

If stdout is buffered, kr_log_info() might take ages to show up in the
output stream.  Since this stream could be interleaved with stderr
(e.g. kr_log_error()), it would be good to be able to see the messages
in the order in which they are generated.

See merge request !40
      4f49430c
  11. Aug 05, 2016