]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7537430) | patch
Refactor TLSDNS module to work with libuv/ssl directly
authorOndřej Surý <ondrej@sury.org>
Thu, 17 Dec 2020 10:40:29 +0000 (11:40 +0100)
committerOndřej Surý <ondrej@isc.org>
Fri, 26 Feb 2021 15:14:50 +0000 (16:14 +0100)
commiteffe3ee595cdf9e392514849fa29340ae6d4b107
treea75cf6cc166a1c497e0158739ddf00aee2525068tree | snapshot
parent753743084748ab1891ce8ac85ee46f7db0790b6fcommit | diff
Refactor TLSDNS module to work with libuv/ssl directly

* Following the example set in 634bdfb16d8, the tlsdns netmgr
  module now uses libuv and SSL primitives directly, rather than
  opening a TLS socket which opens a TCP socket, as the previous
  model was difficult to debug.  Closes #2335.

* Remove the netmgr tls layer (we will have to re-add it for DoH)

* Add isc_tls API to wrap the OpenSSL SSL_CTX object into libisc
  library; move the OpenSSL initialization/deinitialization from dstapi
  needed for OpenSSL 1.0.x to the isc_tls_{initialize,destroy}()

* Add couple of new shims needed for OpenSSL 1.0.x

* When LibreSSL is used, require at least version 2.7.0 that
  has the best OpenSSL 1.1.x compatibility and auto init/deinit

* Enforce OpenSSL 1.1.x usage on Windows

(cherry picked from commit e493e04c0fe94b24182832c89342869c55181748)
27 files changed:
config.h.in diff | blob | blame | history
config.h.win32 diff | blob | blame | history
configure diff | blob | blame | history
configure.ac diff | blob | blame | history
lib/dns/openssl_link.c diff | blob | blame | history
lib/isc/Makefile.in diff | blob | blame | history
lib/isc/include/isc/Makefile.in diff | blob | blame | history
lib/isc/include/isc/netmgr.h diff | blob | blame | history
lib/isc/include/isc/tls.h [new file with mode: 0644] blob
lib/isc/netmgr/Makefile.in diff | blob | blame | history
lib/isc/netmgr/netmgr-int.h diff | blob | blame | history
lib/isc/netmgr/netmgr.c diff | blob | blame | history
lib/isc/netmgr/tcpdns.c diff | blob | blame | history
lib/isc/netmgr/tls.c [deleted file] blob | blame | history
lib/isc/netmgr/tlsdns.c diff | blob | blame | history
lib/isc/openssl_shim.c diff | blob | blame | history
lib/isc/openssl_shim.h diff | blob | blame | history
lib/isc/tests/Kyuafile diff | blob | blame | history
lib/isc/tests/Makefile.in diff | blob | blame | history
lib/isc/tests/tlsdns_test.c [new file with mode: 0644] blob
lib/isc/tls.c [new file with mode: 0644] blob
lib/isc/win32/libisc.def.in diff | blob | blame | history
lib/isc/win32/libisc.vcxproj.filters.in diff | blob | blame | history
lib/isc/win32/libisc.vcxproj.in diff | blob | blame | history
lib/ns/tests/nstest.h diff | blob | blame | history
util/copyrights diff | blob | blame | history
win32utils/Configure diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git