... by setting FILE* properties and replace the explicit flushes.
Explicit flushing couldn't be well done e.g. for lua's error() function.
In particular, we had problems with journald not getting logs timely.

modules/policy.RPZ: log libzonefile errors as well

See merge request !780

lua event.socket(): remove a hacky workaround

See merge request !778

It should be fixed in quite old libuv versions already:
https://github.com/libuv/libuv/issues/883

Add ca-certificates to runtime on Dockerfile

See merge request !779

Splitting port from IP address

See merge request !776

and deduplicate the parsing logic.

After 83539eb7 it was a bit complicated.  It allowed to save a memcpy
of the address in case no port was specified, but we only need to do the
split when changing configuration, so it was overzealous optimization.

policy.TLS_FORWARD: send SNI on wire if configured

See merge request !762

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It's mainly about the way we parse and validate them.

Almost all of the parts of validation that were being done
in modules/policy/policy.lua and daemon/tls.c got moved
to daemon/bindings/net.c, so it's easier to follow that.
Also more checks are being done now, e.g. contents of .pin_sha256
and .hostname strings.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

In https world it's standard to do that, and it's relied on.
Real-life example: 8.8.8.8#853 over TLSv1.3 won't send a certificate
if we don't send SNI (no idea why; also they do send it with TLSv1.2).

As a consequence, we no longer allow multiple hostnames per
address-port tuple, but that didn't seem useful.

Tomas Krizek authored 6 years ago and Vladimír Čunát committed 6 years ago

Make sure gcc doesn't produce unused func/var warnings when using
optional compilation. This fixes three such issues on CentOS 7.

doc/flowcharts: use underscores instead of spaces in filename

See merge request !772

doc: attempt on documenting of some kresd algorithms

See merge request !731

smaller changes, mainly around lua error handling

See merge request !768

We use a function that's not in lua 5.1,
but it's been present in luajit since 2.0.0:
https://github.com/LuaJIT/LuaJIT/commit/fcddd5a3a

It's often a bit shorter, and it provides us with location.

Now we don't rewrite the port-splitters in command line by zero bytes.
That was confusing the output of some SW showing the command-line
of running kresd.

split code and docs for lua bindings into smaller files

See merge request !765

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It's now a directory, one C file for each lua table of functions.
We get more total lines due to per-file copyright headers,
but the original file was just too long (nearing 2k lines).
The layout was inspired by the lib/cache/ split.

Disadvantage: git operations (e.g. blame) will stumble on this commit.

During the move, rename the "str" and "xstr" macros, too.
Otherwise there are no real changes, as they would be hard to spot.