Frank Denis
|
083fa0ad3c
|
Add an extra retry since ODoH servers are currently unstable
|
2021-06-07 13:49:37 +02:00 |
|
Frank Denis
|
f5a69c3bdc
|
Reduce delay
|
2021-06-07 13:46:44 +02:00 |
|
Frank Denis
|
9e96bbc20b
|
Continue, don't return
|
2021-06-07 13:44:08 +02:00 |
|
Frank Denis
|
a181a23263
|
Send a dummy initial query before RTT measurement in ODoH
|
2021-06-07 13:42:33 +02:00 |
|
Frank Denis
|
fad415f05a
|
Update example documentation
|
2021-06-07 13:37:08 +02:00 |
|
Frank Denis
|
29613096da
|
ODoH servers should not require a static configuration
|
2021-06-07 13:21:58 +02:00 |
|
Frank Denis
|
7980af6f46
|
Error propagation
|
2021-06-07 12:38:36 +02:00 |
|
Frank Denis
|
94151f9f96
|
Use ODoH relays in probes
|
2021-06-07 12:23:26 +02:00 |
|
Frank Denis
|
a11da2d4fb
|
ODoH: check certificate hashes
|
2021-06-07 12:09:27 +02:00 |
|
Frank Denis
|
e0483bbb27
|
Pretend not to always use the first ODoH config
|
2021-06-07 12:06:36 +02:00 |
|
Frank Denis
|
b35e27bd51
|
Shuffle ODoH target configs and use different NX queries
|
2021-06-07 12:05:42 +02:00 |
|
Frank Denis
|
4a4f69edb7
|
ODoH: only store working configurations
Actually, we only store the first one right now.
We should at least randomize them.
|
2021-06-07 12:02:21 +02:00 |
|
Frank Denis
|
96b05e57ca
|
Preliminary propoer ODoH initialization
|
2021-06-07 11:47:11 +02:00 |
|
Frank Denis
|
56f2e9adcc
|
server_name is ignored for x509 certs
|
2021-06-07 11:27:33 +02:00 |
|
Frank Denis
|
dc99f1bc2c
|
If you need this, implement it
|
2021-06-07 11:26:37 +02:00 |
|
Frank Denis
|
0d81fa2796
|
Remove doh_client_x509_auth stuf from fetchServerInfo
It doesn't belong there, and that feature doesn't do what it's
documented to do. It sets client certificates globally instead of
doing it per server.
|
2021-06-07 11:23:48 +02:00 |
|
Frank Denis
|
402860e2a6
|
ODoH broke DNSCrypt relays with wildcards - repair
|
2021-06-07 11:06:41 +02:00 |
|
Frank Denis
|
cd45f64c18
|
ODoH: until relay auto selection is implemented, pick random ones
|
2021-06-07 11:00:21 +02:00 |
|
Frank Denis
|
27a82c54c8
|
ODoH: handle relay IP addresses
|
2021-06-07 10:46:01 +02:00 |
|
Frank Denis
|
dce4db4c86
|
Construct net.URL directly
|
2021-06-07 10:08:55 +02:00 |
|
Frank Denis
|
525927e797
|
Don't use net/http
|
2021-06-07 10:05:20 +02:00 |
|
Frank Denis
|
3159bc3191
|
CI: use odoh-crypto-sx and odohrelay-fastly for testing ODoH
|
2021-06-06 22:42:33 +02:00 |
|
Frank Denis
|
e57d5173e9
|
Support GET in ODoH targets
|
2021-06-06 01:22:48 +02:00 |
|
Frank Denis
|
f542edacaa
|
ODoH: until detection is in place, without a relay, prefer GET
|
2021-06-06 01:15:28 +02:00 |
|
Frank Denis
|
92792f0e8b
|
Prevent remotely triggerable crash in ODoH config parser
|
2021-06-06 01:05:14 +02:00 |
|
Frank Denis
|
1cdb71cd7c
|
Avoid double slashes in ODoH relay URLs
|
2021-06-06 01:01:39 +02:00 |
|
Frank Denis
|
d2947cad75
|
Unbreak compilation
|
2021-06-06 00:14:56 +02:00 |
|
Frank Denis
|
3cf5c1ab8e
|
Limit the number of ODoH target configs
|
2021-06-05 18:35:45 +02:00 |
|
Frank Denis
|
06135b6141
|
Reduce MaxHTTPBodyLength
|
2021-06-05 18:29:13 +02:00 |
|
Frank Denis
|
44f3db31ee
|
Just a safeguard
|
2021-06-05 17:57:48 +02:00 |
|
Frank Denis
|
0a1d3b725c
|
Rename ODoHTarget to ODoHTargetConfig for clarity
|
2021-06-05 17:49:19 +02:00 |
|
Frank Denis
|
2cf29f9fab
|
CI: check the tests after running them
The ODoH tests don't seem to pass.
|
2021-06-05 17:04:35 +02:00 |
|
Frank Denis
|
e27419f73d
|
x509.SystemCertPool() may fail
|
2021-06-03 20:59:05 +02:00 |
|
Frank Denis
|
ddcc40c954
|
Hardcode Let's Encrypt ISRG X1 cert
Some operating systems don't include it yet.
Thanks to @rs for the heads up
|
2021-06-03 12:48:33 +02:00 |
|
Frank Denis
|
14ef11447e
|
Pasto, thanks to @lifenjoiner
|
2021-05-13 10:30:57 +02:00 |
|
Frank Denis
|
6e8628f796
|
Print an error if a block/allow rule contains more than a pattern
... and it is not a time range.
|
2021-05-12 17:43:13 +02:00 |
|
Frank Denis
|
31f4d7aa03
|
Do not ignore ODoH encryption errors
|
2021-05-09 16:16:38 +02:00 |
|
Frank Denis
|
f9cecd1215
|
Update miekg/dns
|
2021-05-07 20:28:25 +02:00 |
|
Frank Denis
|
30779a40a6
|
Remove sysctl list, which is now updated any more
Fixes #1694
|
2021-05-01 01:16:35 +02:00 |
|
Frank Denis
|
367b5062ec
|
Add another IP block list
|
2021-04-30 20:51:22 +02:00 |
|
Frank Denis
|
d751781996
|
Update deps
|
2021-04-27 14:28:39 +02:00 |
|
Frank Denis
|
58e1410e66
|
Nits
|
2021-04-17 16:42:18 +02:00 |
|
Frank Denis
|
e2e32406fb
|
Improve ODoH log messages
|
2021-04-17 16:41:10 +02:00 |
|
Christopher Wood
|
23588733ae
|
Synchronously update the target configuration upon failure. (#1671)
* Synchronously update the target configuration upon failure.
* Notice a serverInfo failure when key updates fail.
* Add server name to debug logs.
|
2021-04-17 16:35:55 +02:00 |
|
Frank Denis
|
9759dd90a2
|
Limit the number of dependabot pull requests
|
2021-04-14 18:26:38 +02:00 |
|
milgradesec
|
754c2bdb93
|
Create dependabot.yml (#1670)
|
2021-04-14 18:25:51 +02:00 |
|
Alison Winters
|
eda8dd5181
|
replace TrimFunc(s, IsSpace) with TrimSpace for ASCII optimization (#1663)
|
2021-04-05 11:46:57 +02:00 |
|
Christopher Wood
|
03413eae2f
|
Add ODoH test files. (#1656)
|
2021-03-30 15:11:09 +02:00 |
|
Frank Denis
|
81692a3a80
|
Update xsecretbox again
|
2021-03-30 13:38:50 +02:00 |
|
Frank Denis
|
8213a96cd5
|
Revert "Remove the need for two chacha20 implementations"
This reverts commit 8e8a4bd024 .
|
2021-03-30 12:29:07 +02:00 |
|