miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,468 Commits 5 Branches 89 Tags 58 MiB
Commit Graph

964 Commits

Author SHA1 Message Date
Frank Denis 65f42918a1 Bump 2020-06-11 17:10:33 +02:00
Frank Denis d55421df96 Don't bind listening sockets with the -list/-list-all options 
Fixes https://github.com/Homebrew/homebrew-core/pull/55998
 2020-06-11 11:41:17 +02:00
Frank Denis 9cce77cc53 No need to import the dnsstamps package twice 2020-06-11 11:13:41 +02:00
Frank Denis 4f47cd0f4f Avoid implicit memory aliasing in for loop 2020-06-11 11:10:33 +02:00
Frank Denis de6afd5a4c Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy 
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Create shiftleft-analysis.yml
  Create codeql-analysis.yml
  Revert "Fix unit tests on Win10 (attempts 1 and 2)"
  sources_test: set bit 16 of the port instead of adding zeros (#1358)
  Fix unit tests on Win10 (attempt 2)
 2020-06-11 11:03:30 +02:00
Frank Denis 9f9a17ed6b doh_client_x509_auth: don't ignore errors 2020-06-11 11:03:17 +02:00
William Elwood 2018945fdf Revert "Fix unit tests on Win10 (attempts 1 and 2)" 
This reverts commit 92dda0d55a.
This reverts commit 5a1fdc8cd6.
 2020-06-10 19:45:11 +01:00
Frank Denis f4d519092b
sources_test: set bit 16 of the port instead of adding zeros (#1358) 
Ok @welwood08
 2020-06-10 20:24:41 +02:00
William Elwood 92dda0d55a Fix unit tests on Win10 (attempt 2) 
Thanks to @lifenjoiner for testing! Windows 10 behaves even more unexpectedly.
After it parses the "ip:port" string as a hostname, it attempts to upgrade from
http to https by appending `:443` and parsing that new URL again.
This seems to happen concurrently with the doomed DNS lookup and we see the
error from whichever fails first.
 2020-06-10 12:10:51 +01:00
Frank Denis 5416891056 Temporarily parse [tls_client_auth] for backward compatibility 
Document the change.

Fixes #1355
 2020-06-10 11:37:03 +02:00
Frank Denis d7f16f6be4 Uncomment sections for consistency 2020-06-10 11:04:50 +02:00
Frank Denis adcdcffdec Skip netprobe & listeners when -show-cert or -check are used 
Fixes #1354
 2020-06-10 11:01:59 +02:00
William Elwood 5a1fdc8cd6 Fix unit tests on Win10 
Untested attempt to fix unit tests that fail on Windows 10 build 1909.
From the test output mentioned in #1332, it looks like this version of Windows
doesn't report an "invalid port" error when asked to connect to an invalid port,
instead it treats the port as part of the host name and attempts a DNS lookup.
Naturally, this fails because the colon character is not valid in a host name.
This change simply makes this inexplicable error an expected result since the
outcome is the same and we can't fix Windows.
 2020-06-09 15:51:23 +01:00
Frank Denis 506f727f1f Another place worth force GC'ing 2020-06-09 09:52:59 +02:00
Frank Denis b794d47a76 Force GC where it seems to matter most 2020-06-09 09:42:09 +02:00
Frank Denis 8945cb1b90 Add log_file_latest 2020-06-08 22:31:03 +02:00
Frank Denis 87c161ab76 Clarify what log_file is 2020-06-08 20:07:24 +02:00
Frank Denis 9c5cf611a4 Preliminary ChangeLog 2020-06-08 19:20:55 +02:00
Frank Denis b32ffbb807 Discourage from blindly using dns64 2020-06-08 18:59:39 +02:00
s-s f48b13f7b8 Add DNS64 support 2020-06-08 18:42:54 +02:00
Frank Denis d766dc8bf7 doh_client_x509_auth: make it clear that root_ca is optional 2020-06-08 18:09:37 +02:00
Kevin O'Sullivan 5db4365540
Adding support for additional root CAs for DoH TLS Auth (#1281) 2020-06-08 18:01:40 +02:00
Frank Denis 68ccd1410f Support multiple stamps per resolver 
For now, a single stamp is randomly chosen in order to spread the load,
but we may eventually want to also use this for failover mechanisms.
 2020-06-08 17:54:49 +02:00
Frank Denis b0e883ebc6 Android: use getprop persist.sys.timezone to get and set the time zone 
Untested. Maybe
fixes #1351
 2020-06-06 15:32:27 +02:00
Frank Denis 45628702b6 Add SANS lists 2020-06-02 13:03:41 +02:00
Frank Denis 1f6d8cc53c Nits 2020-05-31 13:46:44 +02:00
Frank Denis 8ddd5fe36e Merge branch 'master' of github.com:jedisct1/dnscrypt-proxy 
* 'master' of github.com:jedisct1/dnscrypt-proxy:
  Fallback to cache_file avoiding termination for not offline_mode (#1332)
  Minor update to GH Actions workflow (#1341)
 2020-05-31 13:27:28 +02:00
Frank Denis d59d9427b3 Don't wait for the whole server list before accepting connections 
Blocking until all servers have been checked is safe, but significantly
increases startup times.

OTOH, we shouldn't accept connections unless we have at least one live
server.

So, a better approach may be to add the ability for `serversInfo.refresh()`
to write to a channel after a live server has been found, and block on
that channel in the main thread before accepting client connections.
 2020-05-31 13:24:35 +02:00
lifenjoiner c4a13d25ce
Fallback to cache_file avoiding termination for not offline_mode (#1332) 
Ignore downloading error from `NewSource` when startup (cache loaded).
 2020-05-30 07:38:04 +01:00
Frank Denis 7e2404ffef Use domain lists for energized.pro 2020-05-20 16:01:25 +02:00
Frank Denis 82f78ef4fa s/BrokenQueryPadding/FragmentsBlocked/ 
Maybe
fixes #1323
 2020-05-19 15:57:56 +02:00
Frank Denis 3e264b9da9 Rename tls_client_auth to doh_client_x509_auth 
Maybe improves clarity? I can never remember what tls_client_auth does.
 2020-04-26 21:21:00 +02:00
Frank Denis 3775d59217 Add some comments for an obscure feature 2020-04-26 21:05:23 +02:00
Frank Denis c6b32e0590 Another example of an IP blocklist 2020-04-26 19:42:42 +02:00
Frank Denis 80b95b1ba6 Use accessors for systemd things, too 2020-04-26 17:08:24 +02:00
Frank Denis 436bce9edf Define functions to register socket handles, to improve clarity 2020-04-26 16:52:50 +02:00
Frank Denis 38cfa437db Repair Local DoH; should fix CI tests 2020-04-26 16:34:26 +02:00
Frank Denis 12219c7490 listener->pc 
Spotted by @welwood08
 2020-04-26 16:19:49 +02:00
Frank Denis 52f87aee8e Accept data from systemd sockets at the same time as everything else 2020-04-26 15:00:39 +02:00
Frank Denis 4029d3d4f3 proxy.dropPrivilege() doesn't return on success 2020-04-26 14:49:43 +02:00
Frank Denis 3c510b74bb Start listeners as goroutines 2020-04-26 14:26:40 +02:00
Frank Denis 4a50736457 Only start accepting connections after everyting has been initialized 
Fixes #1295

And more. The estimator, key and servers list were not initialized either.
 2020-04-26 12:52:55 +02:00
Frank Denis 9519472bbe Don't print the proxy version in the child 2020-04-20 12:34:59 +02:00
Frank Denis 6f2dcb900a Drop privileges early 
Fixes #1265
 2020-04-20 12:27:53 +02:00
Frank Denis b6b7ed3a67 Dropping privileges doesn't work reliably on MacOS 2020-04-20 11:50:27 +02:00
29f f71244ed74
use global 'timeout' option for forwarding queries (#1284) 
* Update plugins.go

* Update plugin_forward.go
 2020-04-17 20:57:23 +02:00
Frank Denis 527764aba7 Upper case 2020-04-05 20:50:28 +02:00
Kiril Angov d2602fd142
Respect proxy.mainProto in forward plugin (#1259) 
* Respect proxy.mainProto in forward plugin

* Make the serverProtocol part of pluginsState instead
 2020-04-05 20:49:30 +02:00
Frank Denis f4631b9121 Remove unreachable code 
Spotted by @komapa
 2020-04-05 20:48:00 +02:00
kimw 4ce28473f4
Update example-ip-blacklist.txt (#1264) 
fix https://github.com/DNSCrypt/dnscrypt-proxy/issues/1261. remove `[` & `]`.
 2020-04-02 14:55:18 +02:00