Add an undocumented option to ignore cert timestamps

This commit is contained in:
Frank Denis 2018-01-21 18:10:38 +01:00
parent 05e07e8b69
commit 8bcba92f97
4 changed files with 23 additions and 17 deletions

View File

@ -4,7 +4,7 @@
A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt).
## [dnscrypt-proxy 2.0.0beta6 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
## [dnscrypt-proxy 2.0.0beta7 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
## Installation

View File

@ -87,9 +87,11 @@ func FetchCurrentCert(proxy *Proxy, serverName *string, proto string, pk ed25519
} else {
certInfo.ForwardSecurity = true
}
if now > tsEnd || now < tsBegin {
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
continue
if !proxy.certIgnoreTimestamp {
if now > tsEnd || now < tsBegin {
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
continue
}
}
if serial < highestSerial {
dlog.Debugf("[%v] Superseded by a previous certificate", providerName)

View File

@ -22,6 +22,7 @@ type Config struct {
ForceTCP bool `toml:"force_tcp"`
Timeout int `toml:"timeout_ms"`
CertRefreshDelay int `toml:"cert_refresh_delay"`
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
BlockIPv6 bool `toml:"block_ipv6"`
Cache bool
CacheSize int `toml:"cache_size"`
@ -43,18 +44,19 @@ type Config struct {
func newConfig() Config {
return Config{
LogLevel: int(dlog.LogLevel()),
ListenAddresses: []string{"127.0.0.1:53"},
Timeout: 2500,
CertRefreshDelay: 30,
Cache: true,
CacheSize: 256,
CacheNegTTL: 60,
CacheMinTTL: 60,
CacheMaxTTL: 8600,
SourceRequireNoLog: true,
SourceIPv4: true,
SourceIPv6: false,
LogLevel: int(dlog.LogLevel()),
ListenAddresses: []string{"127.0.0.1:53"},
Timeout: 2500,
CertRefreshDelay: 30,
CertIgnoreTimestamp: false,
Cache: true,
CacheSize: 256,
CacheNegTTL: 60,
CacheMinTTL: 60,
CacheMaxTTL: 8600,
SourceRequireNoLog: true,
SourceIPv4: true,
SourceIPv6: false,
}
}
@ -139,6 +141,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
}
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
if len(config.ListenAddresses) == 0 {
return errors.New("No local IP/port configured")
}

View File

@ -16,7 +16,7 @@ import (
"golang.org/x/crypto/curve25519"
)
const AppVersion = "2.0.0beta6"
const AppVersion = "2.0.0beta7"
type Proxy struct {
proxyPublicKey [32]byte
@ -26,6 +26,7 @@ type Proxy struct {
timeout time.Duration
certRefreshDelay time.Duration
certRefreshDelayAfterFailure time.Duration
certIgnoreTimestamp bool
mainProto string
listenAddresses []string
daemonize bool