Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

engine_cmd() doesn't print the error() exceptions thrown from lua;
it only leaves the message on lua stack.

(cherry picked from commit a316b9f7)

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

This does NOT change the module API/ABI in any way.

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

- docs: fix cache.current_* since long ago d5272b4b
- don't allow "cache.foo = 'bar'" for abitrary foo
- restore cache['nic.cz'] after b31bad2ccf while not breaking completion
- #cache won't work on lua 5.1, so remove it

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

These shouldn't make any problems:
- the verbose messages don't print any scope, and
- reputation cache doesn't consider scope.

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

... and perform extra checks when converting from the floating-point
number.

Ondřej Surý authored 8 years ago and Ondřej Surý committed 8 years ago

trust anchor fixes

Closes #151

See merge request !193

Mangling of keyfile_dir and allocation of keyfile_path led to rare
crashes (and Valgrind complaints).

The error was introduced in 21f3a6b9.

Fixes #147.

I believe it was unused, so no risk was caused, but better remove it.
There's the complication that its signature has changed since libknot-2.4.0.
Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/146

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

On standard 64-bit: 24 -> 16 bytes per element.

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/76

If the ephemeral X.509 certificate is due for renewal in less than a
week, regenerate it automatically.

If kresd is configured to listen using TLS, but it has no credentials,
it should fall back to generating ephemeral credentials and using
them.

It stores the ephemerally-generated secret key in the same directory
as the cache, using the name "ephemeral_key.pem".  If the cache
persists, then the key will too, even if the daemon dies.  This means
that any set of daemons that share a cache will also share an
ephemeral secret key.

The ephemeral X.509 certificate that corresponds to the key will be
automatically generated (self-signed), will have a lifetime of about
90 days (matching Let's Encrypt policy).  The ephemeral cert is
never written to disk; it is always dynamically-generated by kresd.

This should make it very easy to get DNS-over-TLS working in
opportunistic mode.

This can be useful for scheduling checks in the future, for logging
when we're using an expired cert, requesting a new cert, refreshing an
ephemeral cert, etc.