From 519af2e5323d739b26555ff076f19a4b4c290a0a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 27 Feb 2018 07:54:28 +0100 Subject: [PATCH] Revert "Allow -test 0" This reverts commit 1e2c175e19f8d5db9f49d64c215469a058d18dc0. Revert "Don't bind any sockets when using -test" This reverts commit 982f341de8f396a55957102455be0ad1a62fab6c. Revert "Implement -test to check certificates expiration" This reverts commit 2158674d17133b712efd1a70c2bdfde688bb1691. --- dnscrypt-proxy/config.go | 6 ------ dnscrypt-proxy/dnscrypt_certs.go | 6 ------ dnscrypt-proxy/proxy.go | 10 ---------- dnscrypt-proxy/serversInfo.go | 6 ------ 4 files changed, 28 deletions(-) diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go index 7f50690a..c93dd72c 100644 --- a/dnscrypt-proxy/config.go +++ b/dnscrypt-proxy/config.go @@ -136,7 +136,6 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error { listAll := flag.Bool("list-all", false, "print the complete list of available resolvers, ignoring filters") jsonOutput := flag.Bool("json", false, "output list as JSON") check := flag.Bool("check", false, "check the configuration file and exit") - testGracePeriod := flag.Int("test", -1, "test that certificates of chosen servers are not going to expire before that number of minutes") flag.Parse() if *svcFlag == "stop" || *svcFlag == "uninstall" { return nil @@ -269,11 +268,6 @@ func ConfigLoad(proxy *Proxy, svcFlag *string) error { } proxy.allWeeklyRanges = allWeeklyRanges - if testGracePeriod != nil && *testGracePeriod >= 0 { - proxy.testGracePeriod = testGracePeriod - proxy.listenAddresses = nil - } - if *listAll { config.ServerNames = nil config.SourceRequireDNSSEC = false diff --git a/dnscrypt-proxy/dnscrypt_certs.go b/dnscrypt-proxy/dnscrypt_certs.go index 8434fa49..34109b3c 100644 --- a/dnscrypt-proxy/dnscrypt_certs.go +++ b/dnscrypt-proxy/dnscrypt_certs.go @@ -95,12 +95,6 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk } else { certInfo.ForwardSecurity = true } - if proxy.testGracePeriod != nil { - if remaining := (tsEnd - now) / 60; uint32(*proxy.testGracePeriod) > remaining { - dlog.Fatalf("Certificate for [%v] is going to expire in %d minutes, before the grace period", - providerName, remaining) - } - } if !proxy.certIgnoreTimestamp { if now > tsEnd || now < tsBegin { dlog.Debugf("[%v] Certificate not valid at the current date", providerName) diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go index 7cc8cdf7..054f6ca6 100644 --- a/dnscrypt-proxy/proxy.go +++ b/dnscrypt-proxy/proxy.go @@ -6,7 +6,6 @@ import ( "math/rand" "net" "net/http" - "os" "sync/atomic" "time" @@ -53,7 +52,6 @@ type Proxy struct { maxClients uint32 xTransport *XTransport allWeeklyRanges *map[string]WeeklyRanges - testGracePeriod *int } func (proxy *Proxy) StartProxy() { @@ -85,14 +83,6 @@ func (proxy *Proxy) StartProxy() { dlog.Fatal(err) } liveServers, err := proxy.serversInfo.refresh(proxy) - if proxy.testGracePeriod != nil { - if liveServers > 0 { - dlog.Noticef("%d certificates successfully checked", liveServers) - os.Exit(0) - } else { - dlog.Fatal("Unable to check servers certificates") - } - } if liveServers > 0 { dlog.Noticef("dnscrypt-proxy is ready - live servers: %d", liveServers) SystemDNotify() diff --git a/dnscrypt-proxy/serversInfo.go b/dnscrypt-proxy/serversInfo.go index 02e1ed66..3cf68720 100644 --- a/dnscrypt-proxy/serversInfo.go +++ b/dnscrypt-proxy/serversInfo.go @@ -286,7 +286,6 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st showCerts := len(os.Getenv("SHOW_CERTS")) > 0 found := false var wantedHash [32]byte - now := time.Now() for _, cert := range tls.PeerCertificates { h := sha256.Sum256(cert.RawTBSCertificate) if showCerts { @@ -294,11 +293,6 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st } else { dlog.Debugf("Advertised cert: [%s] [%x]", cert.Subject, h) } - if proxy.testGracePeriod != nil { - if remaining := int(cert.NotAfter.Sub(now).Minutes()); *proxy.testGracePeriod > remaining { - dlog.Fatalf("Certificate [%s] for [%s] is going to expire before the grace period, in %d minutes", cert.Subject, name, remaining) - } - } for _, hash := range stamp.hashes { if len(hash) == len(wantedHash) { copy(wantedHash[:], hash)