Add an undocumented option to ignore cert timestamps
This commit is contained in:
parent
05e07e8b69
commit
8bcba92f97
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt).
|
A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt).
|
||||||
|
|
||||||
## [dnscrypt-proxy 2.0.0beta6 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
|
## [dnscrypt-proxy 2.0.0beta7 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
|
|
|
@ -87,10 +87,12 @@ func FetchCurrentCert(proxy *Proxy, serverName *string, proto string, pk ed25519
|
||||||
} else {
|
} else {
|
||||||
certInfo.ForwardSecurity = true
|
certInfo.ForwardSecurity = true
|
||||||
}
|
}
|
||||||
|
if !proxy.certIgnoreTimestamp {
|
||||||
if now > tsEnd || now < tsBegin {
|
if now > tsEnd || now < tsBegin {
|
||||||
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
|
dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if serial < highestSerial {
|
if serial < highestSerial {
|
||||||
dlog.Debugf("[%v] Superseded by a previous certificate", providerName)
|
dlog.Debugf("[%v] Superseded by a previous certificate", providerName)
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -22,6 +22,7 @@ type Config struct {
|
||||||
ForceTCP bool `toml:"force_tcp"`
|
ForceTCP bool `toml:"force_tcp"`
|
||||||
Timeout int `toml:"timeout_ms"`
|
Timeout int `toml:"timeout_ms"`
|
||||||
CertRefreshDelay int `toml:"cert_refresh_delay"`
|
CertRefreshDelay int `toml:"cert_refresh_delay"`
|
||||||
|
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
|
||||||
BlockIPv6 bool `toml:"block_ipv6"`
|
BlockIPv6 bool `toml:"block_ipv6"`
|
||||||
Cache bool
|
Cache bool
|
||||||
CacheSize int `toml:"cache_size"`
|
CacheSize int `toml:"cache_size"`
|
||||||
|
@ -47,6 +48,7 @@ func newConfig() Config {
|
||||||
ListenAddresses: []string{"127.0.0.1:53"},
|
ListenAddresses: []string{"127.0.0.1:53"},
|
||||||
Timeout: 2500,
|
Timeout: 2500,
|
||||||
CertRefreshDelay: 30,
|
CertRefreshDelay: 30,
|
||||||
|
CertIgnoreTimestamp: false,
|
||||||
Cache: true,
|
Cache: true,
|
||||||
CacheSize: 256,
|
CacheSize: 256,
|
||||||
CacheNegTTL: 60,
|
CacheNegTTL: 60,
|
||||||
|
@ -139,6 +141,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
|
||||||
}
|
}
|
||||||
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
|
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
|
||||||
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
|
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
|
||||||
|
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
|
||||||
if len(config.ListenAddresses) == 0 {
|
if len(config.ListenAddresses) == 0 {
|
||||||
return errors.New("No local IP/port configured")
|
return errors.New("No local IP/port configured")
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,7 +16,7 @@ import (
|
||||||
"golang.org/x/crypto/curve25519"
|
"golang.org/x/crypto/curve25519"
|
||||||
)
|
)
|
||||||
|
|
||||||
const AppVersion = "2.0.0beta6"
|
const AppVersion = "2.0.0beta7"
|
||||||
|
|
||||||
type Proxy struct {
|
type Proxy struct {
|
||||||
proxyPublicKey [32]byte
|
proxyPublicKey [32]byte
|
||||||
|
@ -26,6 +26,7 @@ type Proxy struct {
|
||||||
timeout time.Duration
|
timeout time.Duration
|
||||||
certRefreshDelay time.Duration
|
certRefreshDelay time.Duration
|
||||||
certRefreshDelayAfterFailure time.Duration
|
certRefreshDelayAfterFailure time.Duration
|
||||||
|
certIgnoreTimestamp bool
|
||||||
mainProto string
|
mainProto string
|
||||||
listenAddresses []string
|
listenAddresses []string
|
||||||
daemonize bool
|
daemonize bool
|
||||||
|
|
Loading…
Reference in New Issue