Commits · 2bd0722830581b4c0d8eba0028d75e3ba47349e1 · Knot projects / Knot Resolver · GitLab

Snippets Groups Projects

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Jan 19, 2018
- daemon/worker: clean up some unnecessary asserts · 2bd07228
  Grigorii Demidov authored 7 years ago
  
  2bd07228
Jan 18, 2018
- Merge branch 'tls_polish' into 'master' · 5485bd28
  Petr Špaček authored 7 years ago
  
  TLS polish See merge request !447
  5485bd28
- TLS: make GnuTLS priorities compatible with CentOS 7 and Debian 9 · a0c4003f
  Petr Špaček authored 7 years ago
  
  gnutls-3.3.26-9.el7.x86_64 and libgnutls30-3.5.8-5+deb9u3 do not support @SYSTEM keyword and CentOS 7 has problem with -VERS-DTLS-ALL. We do not configure DTLS sockets so it should be harmless to delete the DTLS keyword. @SYSTEM is replaced by NORMAL, oh well. fixup! TLS client: enforce minimal TLS version and no compression
  Verified
  
  a0c4003f
- TLS client: enforce minimal TLS version and no compression · b10fcb34
  Petr Špaček authored 7 years ago
  
  Same change as in a625a0ea1ce03b0707fd421633f21c0aacb786da but for client.
  Verified
  
  b10fcb34
- TLS server: enforce minimal TLS version and no compression · 351a23c3
  Petr Špaček authored 7 years ago
  
  Server side now enforces security requirements from draft-ietf-dprive-dtls-and-tls-profiles-11 section 9
  Verified
  
  351a23c3
- TLS: use constants for GnuTLS return codes · 84ea95de
  Petr Špaček authored 7 years ago
  
  GnuTLS manual for some functions do not declare that error return code must be negative, so we should use constants to avoid potential problems.
  Verified
  
  84ea95de
- TLS client: fix certificate loading from file · 7585e879
  Petr Špaček authored 7 years ago
  
  gnutls_certificate_set_x509_trust_file could theoretically return 0 to indicate nothing was read, so we need to check for this as well.
  Verified
  
  7585e879
- Merge !448 : daemon: tls forwarding; fix IO error processing · 4a0eb512
  Vladimír Čunát authored 7 years ago
  
  4a0eb512
- daemon: tls forwarding; fix erroneus task processing when io errors occur · cc177abc
  Grigorii Demidov authored 7 years ago and Vladimír Čunát committed 7 years ago
  
  Verified
  
  cc177abc
- Merge branch 'tmpfiles-create-cache' into 'master' · e17d1856
  Tomas Krizek authored 7 years ago
  
  tmpfiles: create cache and use proper tmpfiles name See merge request !440
  e17d1856
- tmpfiles: create cache and use proper tmpfiles name · 9368800a
  Tomas Krizek authored 7 years ago
  
  Verified
  
  9368800a
- Merge branch 'tls_tests' into 'master' · 0c1b89cd
  Petr Špaček authored 7 years ago
  
  policy TLS_FORWARD: add checks and documentation See merge request !445
  0c1b89cd
- policy TLS_FORWARDING: rename pin to pin_sha256 · 4336556f
  Petr Špaček authored 7 years ago
  
  The pin parameter contains SHA-256 encoded using Base64, but this is not the only option. Explicit name allows us to add alternative formats later on, and is consistent with GnuTLS naming.
  Verified
  
  4336556f
- policy TLS_FORWARD: documentation improvements · bc25af2b
  Tomas Krizek authored 7 years ago and Petr Špaček committed 7 years ago
  
  Verified
  
  bc25af2b
- policy TLS_FORWARD: add documentation · 4700687d
  Petr Špaček authored 7 years ago
  
  Verified
  
  4700687d
- policy TLS_FORWARD: unify logging format · 6f41aa28
  Petr Špaček authored 7 years ago
  
  Verified
  
  6f41aa28
- policy TLS_FORWARD: fix error reporting from net.tls_client() · 735c6ec4
  Petr Špaček authored 7 years ago
  
  Verified
  
  735c6ec4
- policy TLS_FORWARD: check parameters from user · f9b84134
  Petr Špaček authored 7 years ago
  
  Policy handling was split into smaller functions to allow easier checking. The code needs further refactoring, it seems that net_tls_client is just a thin wrapper around tls_client_params_set in C, which is unnecessary and error prone.
  Verified
  
  f9b84134
- policy TLS_FORWARD: improve error reporting for invalid parameters · 40c64b14
  Petr Špaček authored 7 years ago
  
  Verified
  
  40c64b14
- tests: add config tests for TLS_FORWARD · d3a9dab5
  Petr Špaček authored 7 years ago
  
  Apparently some corner cases are not handled properly. We need to fix these in follow-up patches.
  Verified
  
  d3a9dab5
- Merge branch 'cleanup-errors' into 'master' · 0a86cc08
  Petr Špaček authored 7 years ago
  
  fix some errors found by static analyzer See merge request !446
  0a86cc08
- CI: tweak scan-build configuration · 023c399c
  Petr Špaček authored 7 years ago
  
  Clang right now does not support cleanup attribute which is causing false positives, so the check is now disabled. https://bugs.llvm.org/show_bug.cgi?id=3888 At the same time I've enabled all other checkers to see what happens. We need to go though them and disable them one-by-one if necessary.
  Verified
  
  023c399c
- daemon/main: refactored keyfile initialization from main() · 36731814
  Marek Vavruša authored 7 years ago
  
  this helps avoid false positive leaks caused by combination of cleanup functions and goto refs #291
  36731814
- lib/dnssec: variable declaration close to intended to avoid dead stores · cb52e205
  Marek Vavruša authored 7 years ago
  
  cb52e205
- daemon/worker: fixed missing return value check · 41ecade3
  Marek Vavruša authored 7 years ago
  
  41ecade3
- daemon/engine: fixed missing ret · 42bc634d
  Marek Vavruša authored 7 years ago
  
  42bc634d
- daemon: fixed potential leak - cleanup not being called on longjmp · 584b04bf
  Marek Vavruša authored 7 years ago
  
  attribute cleanup (auto_free) gets called when variable goes out of scope, not on longjmp (in lua_error), so the variable never gets freed
  584b04bf
Jan 17, 2018
- Merge branch 'dockerfile-add-static-analysis-tools' into 'master' · 1286086c
  Petr Špaček authored 7 years ago
  
  Dockerfile: add static analysis tools See merge request !444
  1286086c
- Dockerfile: add static analysis tools · 5bf074fc
  Tomas Krizek authored 7 years ago and Petr Špaček committed 7 years ago
  
  Verified
  
  5bf074fc
Jan 12, 2018
- Merge branch 'tls-hs-timeout' into 'master' · 5f3c4fb7
  Petr Špaček authored 7 years ago
  
  daemon: TLS-handshake timeout timer was not properly activated; fix See merge request !441
  5f3c4fb7
- daemon: TLS-handshake timeout timer was not properly activated; fix · 1c3df827
  Grigorii Demidov authored 7 years ago
  
  1c3df827
- Merge branch 'stricter-ci-build' into 'master' · 0c56aae2
  Petr Špaček authored 7 years ago
  
  ci: add -Werror to CFLAGS, added clang build target See merge request !432
  0c56aae2
- lint: enabled several readability linters and fixed issues · 8b5b7109
  Marek Vavruša authored 7 years ago
  
  this checks things such as inconsistent declarations and definitions
  8b5b7109
- daemon: fixed garbage read when getsockname fails · 61ad51b6
  Marek Vavruša authored 7 years ago
  
  61ad51b6
- lib: fixed possible null pointers passed to nonnull arguments · 894165c9
  Marek Vavruša authored 7 years ago
  
  894165c9
- daemon: fixed minor linter problems · 97449691
  Marek Vavruša authored 7 years ago
  
  97449691
- client: fixed minor linter problems · 48100e84
  Marek Vavruša authored 7 years ago
  
  48100e84
- lib: fixed minor linter issues in lib · 4fa44d12
  Marek Vavruša authored 7 years ago
  
  4fa44d12
- lib/defines: analyzable implementation for kr_error() · 112f9fef
  Marek Vavruša authored 7 years ago
  
  112f9fef
- build: support `make lint-c` with clang-tidy · ad213c47
  Marek Vavruša authored 7 years ago
  
  This supports linting of C code using clang-tidy to fix common security and code quality issues early in the development workflow. The benefit is that less time has to be spent in code reviews to point out obvious problems, and ideally when the outstanding issues are fixed, clang-tidy (and clang-format) can also be used to to automatically fix basic problems and enforce common code style, similarly to `go vet && go fmt` workflow.
  ad213c47