Add an undocumented option to ignore cert timestamps
This commit is contained in:
parent
05e07e8b69
commit
8bcba92f97
|
@ -4,7 +4,7 @@
|
|||
|
||||
A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt).
|
||||
|
||||
## [dnscrypt-proxy 2.0.0beta6 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
|
||||
## [dnscrypt-proxy 2.0.0beta7 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
|
@ -87,9 +87,11 @@ func FetchCurrentCert(proxy *Proxy, serverName *string, proto string, pk ed25519
|
|||
} else {
|
||||
certInfo.ForwardSecurity = true
|
||||
}
|
||||
if now > tsEnd || now < tsBegin {
|
||||
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
|
||||
continue
|
||||
if !proxy.certIgnoreTimestamp {
|
||||
if now > tsEnd || now < tsBegin {
|
||||
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
|
||||
continue
|
||||
}
|
||||
}
|
||||
if serial < highestSerial {
|
||||
dlog.Debugf("[%v] Superseded by a previous certificate", providerName)
|
||||
|
|
|
@ -22,6 +22,7 @@ type Config struct {
|
|||
ForceTCP bool `toml:"force_tcp"`
|
||||
Timeout int `toml:"timeout_ms"`
|
||||
CertRefreshDelay int `toml:"cert_refresh_delay"`
|
||||
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
|
||||
BlockIPv6 bool `toml:"block_ipv6"`
|
||||
Cache bool
|
||||
CacheSize int `toml:"cache_size"`
|
||||
|
@ -43,18 +44,19 @@ type Config struct {
|
|||
|
||||
func newConfig() Config {
|
||||
return Config{
|
||||
LogLevel: int(dlog.LogLevel()),
|
||||
ListenAddresses: []string{"127.0.0.1:53"},
|
||||
Timeout: 2500,
|
||||
CertRefreshDelay: 30,
|
||||
Cache: true,
|
||||
CacheSize: 256,
|
||||
CacheNegTTL: 60,
|
||||
CacheMinTTL: 60,
|
||||
CacheMaxTTL: 8600,
|
||||
SourceRequireNoLog: true,
|
||||
SourceIPv4: true,
|
||||
SourceIPv6: false,
|
||||
LogLevel: int(dlog.LogLevel()),
|
||||
ListenAddresses: []string{"127.0.0.1:53"},
|
||||
Timeout: 2500,
|
||||
CertRefreshDelay: 30,
|
||||
CertIgnoreTimestamp: false,
|
||||
Cache: true,
|
||||
CacheSize: 256,
|
||||
CacheNegTTL: 60,
|
||||
CacheMinTTL: 60,
|
||||
CacheMaxTTL: 8600,
|
||||
SourceRequireNoLog: true,
|
||||
SourceIPv4: true,
|
||||
SourceIPv6: false,
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -139,6 +141,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
|||
}
|
||||
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
|
||||
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
|
||||
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
|
||||
if len(config.ListenAddresses) == 0 {
|
||||
return errors.New("No local IP/port configured")
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
"golang.org/x/crypto/curve25519"
|
||||
)
|
||||
|
||||
const AppVersion = "2.0.0beta6"
|
||||
const AppVersion = "2.0.0beta7"
|
||||
|
||||
type Proxy struct {
|
||||
proxyPublicKey [32]byte
|
||||
|
@ -26,6 +26,7 @@ type Proxy struct {
|
|||
timeout time.Duration
|
||||
certRefreshDelay time.Duration
|
||||
certRefreshDelayAfterFailure time.Duration
|
||||
certIgnoreTimestamp bool
|
||||
mainProto string
|
||||
listenAddresses []string
|
||||
daemonize bool
|
||||
|
|
Loading…
Reference in New Issue