Anbang Wen authored 6 years ago and Petr Špaček committed 6 years ago

Since there is already a bundled JSON library, expose it to lua for
modules to use.

daemon/worker: separate counter for TLS sendings

See merge request !557

root zone import implementation

See merge request !511

luasec internally calls SSL_CTX_load_verify_locations() which has
non-intuituve behavior for directories. Given that we already use path
to certificate file for TLS_FORWARD it is better to use consistent and
intuitive interface.

Default values would cause confusion when we introduce support for
non-root zones.

Only root zone can be imported (for now) but we want to
avoid changing syntax when support for other zones is added.

Delaying import would leak bunch of queries from the resolver between
moment of start and import.

The original prefill module did not import zone data after daemon
restart unless the file TTL was expired. The module now reuses data
on disk as long as TTL is not expired, and imports the zone after module
load.

An attempt to rename/move temporary file to its final destination will
fail if /tmp and working directory belong to different filesystems.

It seems that temporary file is not required so it easier to get rid of
it altogether.

ca_path parameter is now required so the module does not do anything
until its config() method is called.

Grigorii Demidov authored 7 years ago and Petr Špaček committed 6 years ago

The old kr_rrkey() was used only on one place (and incorrectly) so now
we are replacing both copies with single implementation for general
resolver and root zone import.
It should not make any practical difference.

worker: fixed infinite loop on send failure

See merge request !559

The problem here is when qr_task_send() returns an error, the
following error handler will attempt to cancel all tasks that were
started on the same connection, but that will only work for the first
task (which is finished), the qr_task_on_send() will have no effect
on tasks in progress as the passed handle is NULL, and the task->finished
is false, thus looping infinitely.

The solution here is to let the rest of the tasks complete, even though
sending answer back will fail (which is fine).

tls_client logging and doc improvements

See merge request !536

It just feels more consistent with the rest.

improve TLS error handling

Closes #340

See merge request !555

... and migrate kr_zonecut to it.

Needed for followup commits.  The trie_* names aren't ideal for global
namespace, but ATM I can't see a better way.