RFC 6761 mandates functionality implemented by policy module, so it is
now loaded by default. Users with special needs can still unload the
module.

daemon/worker: worker_process_tcp: cleanup; there are no need in special processing for qr_task_step return code

gnutls-3.3.26-9.el7.x86_64 and libgnutls30-3.5.8-5+deb9u3 do not support
@SYSTEM keyword and CentOS 7 has problem with -VERS-DTLS-ALL.

We do not configure DTLS sockets so it should be harmless to delete
the DTLS keyword.

@SYSTEM is replaced by NORMAL, oh well.

fixup! TLS client: enforce minimal TLS version and no compression

Same change as in a625a0ea1ce03b0707fd421633f21c0aacb786da but for
client.

Server side now enforces security requirements from
draft-ietf-dprive-dtls-and-tls-profiles-11 section 9

GnuTLS manual for some functions do not declare that error return code
must be negative, so we should use constants to avoid potential
problems.

gnutls_certificate_set_x509_trust_file could theoretically return 0
to indicate nothing was read, so we need to check for this as well.

this helps avoid false positive leaks caused by combination of
cleanup functions and goto

refs #291

attribute cleanup (auto_free) gets called when variable goes out of
scope, not on longjmp (in lua_error), so the variable never gets freed

this checks things such as inconsistent declarations and definitions

Tomas Krizek authored 7 years ago and Petr Špaček committed 7 years ago

The /run directory is non-persistent. Use /var/cache/knot-resolver
as a persistent cache.

Vladimír Čunát authored 7 years ago and Petr Špaček committed 7 years ago

nitpick: pre-allocate table sizes

Grigorii Demidov authored 7 years ago and Petr Špaček committed 7 years ago

daemon: bugfix; resolver fails on assertion if TLS over outbound connection is used  and upstream closes connection after each query