GitLab

This allows HTTP server to start with reuseport, reuseaddr or v6only.
The reuseport allows running HTTP module on all forks, not just the main one.

It's probably slightly safer to use NULL than end-array pointer,
so let's use it in this case.  Significantly adapted by Vlada
from original Marek's change, after master fixed the corruption.

ci/Dockerfile.debian: use new respdiff git repo

See merge request !602

daemon/tls: session resumption with tickets (client & server side)

See merge request !585

There is no GnuTLS version which would make this safe.
See https://gitlab.com/gnutls/gnutls/issues/477

restrict TLS ciphers

See merge request !601

Otherwise CentOS 7 enables those two "ciphers" by default.
Noticed in #355.

modules.policy: REFUSE, TC - clear AD flag in answers

See merge request !599

ci: make distro:epel-7 easier to debug in typical cases

See merge request !598

daemon/tls: use system CA with TLS_FORWARD policy

Closes #310

See merge request !586

daemon/tls: system CA's are used by default with TLS_FORWARD policy when ca_file parameter is omitted

Policy REFUSE; minot tweak

Closes #337

See merge request !549

For some weird reason kresd crashed on assert(false) if it cannot open
cache even though it handles this case properly without the assert.

Fixes: #337

Allow creating custom endpoints in the HTTP module

See merge request !527

This allows other modules to add or modify custom metrics or labels.

Previously the module was created on configuration time, so it wasn't
possible to inject custom endpoints to the default interface.

The AD indicates validation request (but not request for DNSSEC records).
If the response can't be validated, resolver flips the AD to 0.

distro: packaging updates

See merge request !567