miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add an undocumented option to ignore cert timestamps

This commit is contained in:
Frank Denis 2018-01-21 18:10:38 +01:00
parent 05e07e8b69
commit 8bcba92f97
4 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -4,7 +4,7 @@
A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt). A flexible DNS proxy, with support for encrypted DNS protocols such as [DNSCrypt](https://github.com/DNSCrypt/dnscrypt-protocol/blob/master/DNSCRYPT-V2-PROTOCOL.txt).
## [dnscrypt-proxy 2.0.0beta6 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest) ## [dnscrypt-proxy 2.0.0beta7 is available for download!](https://github.com/jedisct1/dnscrypt-proxy/releases/latest)
## Installation ## Installation

2
dnscrypt-proxy/certs.go
View File

@ -87,10 +87,12 @@ func FetchCurrentCert(proxy *Proxy, serverName *string, proto string, pk ed25519
} else { } else {
certInfo.ForwardSecurity = true certInfo.ForwardSecurity = true
} }
if !proxy.certIgnoreTimestamp {
if now > tsEnd || now < tsBegin { if now > tsEnd || now < tsBegin {
dlog.Debugf("[%v] Certificate not valid at the current date", providerName) dlog.Debugf("[%v] Certificate not valid at the current date", providerName)
continue continue
} }
}
if serial < highestSerial { if serial < highestSerial {
dlog.Debugf("[%v] Superseded by a previous certificate", providerName) dlog.Debugf("[%v] Superseded by a previous certificate", providerName)
continue continue

3
dnscrypt-proxy/config.go
View File

@ -22,6 +22,7 @@ type Config struct {
ForceTCP bool `toml:"force_tcp"` ForceTCP bool `toml:"force_tcp"`
Timeout int `toml:"timeout_ms"` Timeout int `toml:"timeout_ms"`
CertRefreshDelay int `toml:"cert_refresh_delay"` CertRefreshDelay int `toml:"cert_refresh_delay"`
CertIgnoreTimestamp bool `toml:"cert_ignore_timestamp"`
BlockIPv6 bool `toml:"block_ipv6"` BlockIPv6 bool `toml:"block_ipv6"`
Cache bool Cache bool
CacheSize int `toml:"cache_size"` CacheSize int `toml:"cache_size"`
@ -47,6 +48,7 @@ func newConfig() Config {
ListenAddresses: []string{"127.0.0.1:53"}, ListenAddresses: []string{"127.0.0.1:53"},
Timeout: 2500, Timeout: 2500,
CertRefreshDelay: 30, CertRefreshDelay: 30,
CertIgnoreTimestamp: false,
Cache: true, Cache: true,
CacheSize: 256, CacheSize: 256,
CacheNegTTL: 60, CacheNegTTL: 60,
@ -139,6 +141,7 @@ func ConfigLoad(proxy *Proxy, svcFlag *string, config_file string) error {
} }
proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute proxy.certRefreshDelay = time.Duration(config.CertRefreshDelay) * time.Minute
proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second) proxy.certRefreshDelayAfterFailure = time.Duration(10 * time.Second)
proxy.certIgnoreTimestamp = config.CertIgnoreTimestamp
if len(config.ListenAddresses) == 0 { if len(config.ListenAddresses) == 0 {
return errors.New("No local IP/port configured") return errors.New("No local IP/port configured")
} }

3
dnscrypt-proxy/main.go
View File

@ -16,7 +16,7 @@ import (
"golang.org/x/crypto/curve25519" "golang.org/x/crypto/curve25519"
) )
const AppVersion = "2.0.0beta6" const AppVersion = "2.0.0beta7"
type Proxy struct { type Proxy struct {
proxyPublicKey [32]byte proxyPublicKey [32]byte
@ -26,6 +26,7 @@ type Proxy struct {
timeout time.Duration timeout time.Duration
certRefreshDelay time.Duration certRefreshDelay time.Duration
certRefreshDelayAfterFailure time.Duration certRefreshDelayAfterFailure time.Duration
certIgnoreTimestamp bool
mainProto string mainProto string
listenAddresses []string listenAddresses []string
daemonize bool daemonize bool