Frank Denis
65f42918a1
Bump
2020-06-11 17:10:33 +02:00
Frank Denis
d55421df96
Don't bind listening sockets with the -list/-list-all options
...
Fixes https://github.com/Homebrew/homebrew-core/pull/55998
2020-06-11 11:41:17 +02:00
Frank Denis
9cce77cc53
No need to import the dnsstamps package twice
2020-06-11 11:13:41 +02:00
Frank Denis
4f47cd0f4f
Avoid implicit memory aliasing in for loop
2020-06-11 11:10:33 +02:00
Frank Denis
de6afd5a4c
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Create shiftleft-analysis.yml
Create codeql-analysis.yml
Revert "Fix unit tests on Win10 (attempts 1 and 2)"
sources_test: set bit 16 of the port instead of adding zeros (#1358 )
Fix unit tests on Win10 (attempt 2)
2020-06-11 11:03:30 +02:00
Frank Denis
9f9a17ed6b
doh_client_x509_auth: don't ignore errors
2020-06-11 11:03:17 +02:00
William Elwood
2018945fdf
Revert "Fix unit tests on Win10 (attempts 1 and 2)"
...
This reverts commit 92dda0d55a
.
This reverts commit 5a1fdc8cd6
.
2020-06-10 19:45:11 +01:00
Frank Denis
f4d519092b
sources_test: set bit 16 of the port instead of adding zeros ( #1358 )
...
Ok @welwood08
2020-06-10 20:24:41 +02:00
William Elwood
92dda0d55a
Fix unit tests on Win10 (attempt 2)
...
Thanks to @lifenjoiner for testing! Windows 10 behaves even more unexpectedly.
After it parses the "ip:port" string as a hostname, it attempts to upgrade from
http to https by appending `:443` and parsing that new URL again.
This seems to happen concurrently with the doomed DNS lookup and we see the
error from whichever fails first.
2020-06-10 12:10:51 +01:00
Frank Denis
5416891056
Temporarily parse [tls_client_auth] for backward compatibility
...
Document the change.
Fixes #1355
2020-06-10 11:37:03 +02:00
Frank Denis
d7f16f6be4
Uncomment sections for consistency
2020-06-10 11:04:50 +02:00
Frank Denis
adcdcffdec
Skip netprobe & listeners when -show-cert or -check are used
...
Fixes #1354
2020-06-10 11:01:59 +02:00
William Elwood
5a1fdc8cd6
Fix unit tests on Win10
...
Untested attempt to fix unit tests that fail on Windows 10 build 1909.
From the test output mentioned in #1332 , it looks like this version of Windows
doesn't report an "invalid port" error when asked to connect to an invalid port,
instead it treats the port as part of the host name and attempts a DNS lookup.
Naturally, this fails because the colon character is not valid in a host name.
This change simply makes this inexplicable error an expected result since the
outcome is the same and we can't fix Windows.
2020-06-09 15:51:23 +01:00
Frank Denis
506f727f1f
Another place worth force GC'ing
2020-06-09 09:52:59 +02:00
Frank Denis
b794d47a76
Force GC where it seems to matter most
2020-06-09 09:42:09 +02:00
Frank Denis
8945cb1b90
Add log_file_latest
2020-06-08 22:31:03 +02:00
Frank Denis
87c161ab76
Clarify what log_file is
2020-06-08 20:07:24 +02:00
Frank Denis
9c5cf611a4
Preliminary ChangeLog
2020-06-08 19:20:55 +02:00
Frank Denis
b32ffbb807
Discourage from blindly using dns64
2020-06-08 18:59:39 +02:00
s-s
f48b13f7b8
Add DNS64 support
2020-06-08 18:42:54 +02:00
Frank Denis
d766dc8bf7
doh_client_x509_auth: make it clear that root_ca is optional
2020-06-08 18:09:37 +02:00
Kevin O'Sullivan
5db4365540
Adding support for additional root CAs for DoH TLS Auth ( #1281 )
2020-06-08 18:01:40 +02:00
Frank Denis
68ccd1410f
Support multiple stamps per resolver
...
For now, a single stamp is randomly chosen in order to spread the load,
but we may eventually want to also use this for failover mechanisms.
2020-06-08 17:54:49 +02:00
Frank Denis
b0e883ebc6
Android: use getprop persist.sys.timezone to get and set the time zone
...
Untested. Maybe
fixes #1351
2020-06-06 15:32:27 +02:00
Frank Denis
45628702b6
Add SANS lists
2020-06-02 13:03:41 +02:00
Frank Denis
1f6d8cc53c
Nits
2020-05-31 13:46:44 +02:00
Frank Denis
8ddd5fe36e
Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy
...
* 'master' of github.com:jedisct1/dnscrypt-proxy:
Fallback to cache_file avoiding termination for not offline_mode (#1332 )
Minor update to GH Actions workflow (#1341 )
2020-05-31 13:27:28 +02:00
Frank Denis
d59d9427b3
Don't wait for the whole server list before accepting connections
...
Blocking until all servers have been checked is safe, but significantly
increases startup times.
OTOH, we shouldn't accept connections unless we have at least one live
server.
So, a better approach may be to add the ability for `serversInfo.refresh()`
to write to a channel after a live server has been found, and block on
that channel in the main thread before accepting client connections.
2020-05-31 13:24:35 +02:00
lifenjoiner
c4a13d25ce
Fallback to cache_file avoiding termination for not offline_mode ( #1332 )
...
Ignore downloading error from `NewSource` when startup (cache loaded).
2020-05-30 07:38:04 +01:00
Frank Denis
7e2404ffef
Use domain lists for energized.pro
2020-05-20 16:01:25 +02:00
Frank Denis
82f78ef4fa
s/BrokenQueryPadding/FragmentsBlocked/
...
Maybe
fixes #1323
2020-05-19 15:57:56 +02:00
Frank Denis
3e264b9da9
Rename tls_client_auth to doh_client_x509_auth
...
Maybe improves clarity? I can never remember what tls_client_auth does.
2020-04-26 21:21:00 +02:00
Frank Denis
3775d59217
Add some comments for an obscure feature
2020-04-26 21:05:23 +02:00
Frank Denis
c6b32e0590
Another example of an IP blocklist
2020-04-26 19:42:42 +02:00
Frank Denis
80b95b1ba6
Use accessors for systemd things, too
2020-04-26 17:08:24 +02:00
Frank Denis
436bce9edf
Define functions to register socket handles, to improve clarity
2020-04-26 16:52:50 +02:00
Frank Denis
38cfa437db
Repair Local DoH; should fix CI tests
2020-04-26 16:34:26 +02:00
Frank Denis
12219c7490
listener->pc
...
Spotted by @welwood08
2020-04-26 16:19:49 +02:00
Frank Denis
52f87aee8e
Accept data from systemd sockets at the same time as everything else
2020-04-26 15:00:39 +02:00
Frank Denis
4029d3d4f3
proxy.dropPrivilege() doesn't return on success
2020-04-26 14:49:43 +02:00
Frank Denis
3c510b74bb
Start listeners as goroutines
2020-04-26 14:26:40 +02:00
Frank Denis
4a50736457
Only start accepting connections after everyting has been initialized
...
Fixes #1295
And more. The estimator, key and servers list were not initialized either.
2020-04-26 12:52:55 +02:00
Frank Denis
9519472bbe
Don't print the proxy version in the child
2020-04-20 12:34:59 +02:00
Frank Denis
6f2dcb900a
Drop privileges early
...
Fixes #1265
2020-04-20 12:27:53 +02:00
Frank Denis
b6b7ed3a67
Dropping privileges doesn't work reliably on MacOS
2020-04-20 11:50:27 +02:00
29f
f71244ed74
use global 'timeout' option for forwarding queries ( #1284 )
...
* Update plugins.go
* Update plugin_forward.go
2020-04-17 20:57:23 +02:00
Frank Denis
527764aba7
Upper case
2020-04-05 20:50:28 +02:00
Kiril Angov
d2602fd142
Respect proxy.mainProto in forward plugin ( #1259 )
...
* Respect proxy.mainProto in forward plugin
* Make the serverProtocol part of pluginsState instead
2020-04-05 20:49:30 +02:00
Frank Denis
f4631b9121
Remove unreachable code
...
Spotted by @komapa
2020-04-05 20:48:00 +02:00
kimw
4ce28473f4
Update example-ip-blacklist.txt ( #1264 )
...
fix https://github.com/DNSCrypt/dnscrypt-proxy/issues/1261 . remove `[` & `]`.
2020-04-02 14:55:18 +02:00