[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40) |
|
Date: |
Thu, 08 Mar 2018 16:43:07 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository gnunet.
from 800d91ce4 rps service: reorder functions in a meaningful way
new 02a56bb50 fix off-by-one in BOX type processing
new b52546aa5 enforce query is primary key
new f2b9c644c enable cache use by default
new 174fbee08 avoid specifying useless DEFAULT values
new da76b1b40 SSL->TLS / X.509 in log messages and comments, remove
unnecessary check
The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/gns/gns.conf.in | 4 +--
src/gns/gnunet-gns-proxy.c | 46 +++++++++++---------------------
src/gns/gnunet-service-gns_resolver.c | 19 +++++++++----
src/namecache/plugin_namecache_sqlite.c | 46 +++++++++++++++++++++-----------
src/namestore/gnunet-service-namestore.c | 2 ++
src/namestore/plugin_namestore_sqlite.c | 10 +++----
6 files changed, 69 insertions(+), 58 deletions(-)
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in
index 6b764904f..d48a213e9 100644
--- a/src/gns/gns.conf.in
+++ b/src/gns/gns.conf.in
@@ -22,8 +22,8 @@ MAX_PARALLEL_BACKGROUND_QUERIES = 1000
# called via NSS or other mechanisms).
INTERCEPT_DNS = YES
-# Using caching or always ask DHT
-# USE_CACHE = YES
+# Using caching (start with namestore), or always ask DHT?
+USE_CACHE = YES
# PREFIX = valgrind --leak-check=full --track-origins=yes
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index ce06ccebe..8b9aa599e 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -88,7 +88,7 @@
#define MAX_PEM_SIZE (10 * 1024)
/**
- * After how long do we clean up unused MHD SSL/TLS instances?
+ * After how long do we clean up unused MHD TLS instances?
*/
#define MHD_CACHE_TIMEOUT GNUNET_TIME_relative_multiply
(GNUNET_TIME_UNIT_MINUTES, 5)
@@ -343,7 +343,7 @@ struct MhdHttpList
struct MhdHttpList *next;
/**
- * the domain name to server (only important for SSL)
+ * the domain name to server (only important for TLS)
*/
char *domain;
@@ -528,7 +528,7 @@ struct Socks5Request
struct MHD_Response *response;
/**
- * the domain name to server (only important for SSL)
+ * the domain name to server (only important for TLS)
*/
char *domain;
@@ -613,7 +613,7 @@ struct Socks5Request
struct HttpResponseHeader *header_tail;
/**
- * SSL Certificate status
+ * X.509 Certificate status
*/
int ssl_checked;
@@ -689,7 +689,7 @@ static struct MhdHttpList *mhd_httpd_head;
static struct MhdHttpList *mhd_httpd_tail;
/**
- * Daemon for HTTP (we have one per SSL certificate, and then one for
+ * Daemon for HTTP (we have one per X.509 certificate, and then one for
* all HTTP connections; this is the one for HTTP, not HTTPS).
*/
static struct MhdHttpList *httpd;
@@ -705,7 +705,7 @@ static struct Socks5Request *s5r_head;
static struct Socks5Request *s5r_tail;
/**
- * The CA for SSL certificate generation
+ * The CA for X.509 certificate generation
*/
static struct ProxyCA proxy_ca;
@@ -877,7 +877,7 @@ mhd_content_cb (void *cls,
/**
- * Check that the website has presented us with a valid SSL certificate.
+ * Check that the website has presented us with a valid X.509 certificate.
* The certificate must either match the domain name or the LEHO name
* (or, if available, the TLSA record).
*
@@ -898,7 +898,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
s5r->ssl_checked = GNUNET_YES;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Checking SSL certificate\n");
+ "Checking X.509 certificate\n");
if (CURLE_OK !=
curl_easy_getinfo (s5r->curl,
CURLINFO_TLS_SESSION,
@@ -907,7 +907,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
if (CURLSSLBACKEND_GNUTLS != tlsinfo->backend)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Unsupported CURL SSL backend %d\n"),
+ _("Unsupported CURL TLS backend %d\n"),
tlsinfo->backend);
return GNUNET_SYSERR;
}
@@ -1015,7 +1015,7 @@ check_ssl_certificate (struct Socks5Request *s5r)
name)))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- _("SSL certificate subject name (%s) does not match
`%s'\n"),
+ _("TLS certificate subject name (%s) does not match
`%s'\n"),
certdn,
name);
gnutls_x509_crt_deinit (x509_cert);
@@ -1068,7 +1068,7 @@ curl_check_hdr (void *buffer,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Receiving HTTP response header from CURL\n");
- /* first, check SSL certificate */
+ /* first, check TLS certificate */
if ( (GNUNET_YES != s5r->ssl_checked) &&
(HTTPS_PORT == s5r->port))
{
@@ -2382,7 +2382,7 @@ generate_gns_certificate (const char *name)
struct ProxyGNSCertificate *pgc;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Generating TLS/SSL certificate for `%s'\n",
+ "Generating x.509 certificate for `%s'\n",
name);
GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_init (&request));
GNUNET_break (GNUTLS_E_SUCCESS == gnutls_x509_crt_set_key (request,
proxy_ca.key));
@@ -2439,9 +2439,9 @@ mhd_error_log_callback (void *cls,
/**
- * Lookup (or create) an SSL MHD instance for a particular domain.
+ * Lookup (or create) an TLS MHD instance for a particular domain.
*
- * @param domain the domain the SSL daemon has to serve
+ * @param domain the domain the TLS daemon has to serve
* @return NULL on error
*/
static struct MhdHttpList *
@@ -2932,14 +2932,6 @@ do_s5r_read (void *cls)
struct sockaddr_in *in;
s5r->port = ntohs (*port);
- if (HTTPS_PORT == s5r->port)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("SSL connection to plain IPv4 address
requested\n"));
- signal_socks_failure (s5r,
-
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
- return;
- }
alen = sizeof (struct in_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
@@ -2961,14 +2953,6 @@ do_s5r_read (void *cls)
struct sockaddr_in6 *in;
s5r->port = ntohs (*port);
- if (HTTPS_PORT == s5r->port)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("SSL connection to plain IPv4 address
requested\n"));
- signal_socks_failure (s5r,
-
SOCKS5_STATUS_CONNECTION_NOT_ALLOWED_BY_RULE);
- return;
- }
alen = sizeof (struct in6_addr);
if (s5r->rbuf_len < sizeof (struct Socks5ClientRequestMessage) +
alen + sizeof (uint16_t))
@@ -3295,7 +3279,7 @@ run (void *cls,
cafile)) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _("Failed to load SSL/TLS key and certificate from `%s'\n"),
+ _("Failed to load X.509 key and certificate from `%s'\n"),
cafile);
gnutls_x509_crt_deinit (proxy_ca.cert);
gnutls_x509_privkey_deinit (proxy_ca.key);
diff --git a/src/gns/gnunet-service-gns_resolver.c
b/src/gns/gnunet-service-gns_resolver.c
index ef191bbb3..0b86ca267 100644
--- a/src/gns/gnunet-service-gns_resolver.c
+++ b/src/gns/gnunet-service-gns_resolver.c
@@ -1497,7 +1497,6 @@ handle_gns_resolution_result (void *cls,
struct GNS_ResolverHandle *rh = cls;
struct AuthorityChain *ac;
struct AuthorityChain *shorten_ac;
- unsigned int i;
char *cname;
struct VpnContext *vpn_ctx;
const struct GNUNET_TUN_GnsVpnRecord *vpn;
@@ -1546,7 +1545,7 @@ handle_gns_resolution_result (void *cls,
if ( (GNUNET_DNSPARSER_TYPE_A == rh->record_type) ||
(GNUNET_DNSPARSER_TYPE_AAAA == rh->record_type) )
{
- for (i=0;i<rd_count;i++)
+ for (unsigned int i=0;i<rd_count;i++)
{
switch (rd[i].record_type)
{
@@ -1617,13 +1616,15 @@ handle_gns_resolution_result (void *cls,
scratch_off = 0;
rd_off = 0;
shorten_ac = rh->ac_tail;
- for (i=0;i<rd_count;i++)
+ for (unsigned int i=0;i<rd_count;i++)
{
+ GNUNET_assert (rd_off <= i);
if ( (0 != rh->protocol) &&
(0 != rh->service) &&
(GNUNET_GNSRECORD_TYPE_BOX != rd[i].record_type) )
continue; /* we _only_ care about boxed records */
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off] = rd[i];
/* Check if the embedded name(s) end in "+", and if so,
replace the "+" with the zone at "ac_tail", changing the name
@@ -1659,6 +1660,7 @@ handle_gns_resolution_result (void *cls,
}
else
{
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off].data = &scratch[scratch_start];
rd_new[rd_off].data_size = scratch_off - scratch_start;
rd_off++;
@@ -1695,6 +1697,7 @@ handle_gns_resolution_result (void *cls,
}
else
{
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off].data = &scratch[scratch_start];
rd_new[rd_off].data_size = scratch_off - scratch_start;
rd_off++;
@@ -1731,6 +1734,7 @@ handle_gns_resolution_result (void *cls,
}
else
{
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off].data = &scratch[scratch_start];
rd_new[rd_off].data_size = scratch_off - scratch_start;
rd_off++;
@@ -1767,6 +1771,7 @@ handle_gns_resolution_result (void *cls,
}
else
{
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off].data = &scratch[scratch_start];
rd_new[rd_off].data_size = scratch_off - scratch_start;
rd_off++;
@@ -1850,6 +1855,7 @@ handle_gns_resolution_result (void *cls,
(ntohs (box->service) == rh->service) )
{
/* Box matches, unbox! */
+ GNUNET_assert (rd_off < rd_count);
rd_new[rd_off].record_type = ntohl (box->record_type);
rd_new[rd_off].data_size -= sizeof (struct
GNUNET_GNSRECORD_BoxRecord);
rd_new[rd_off].data = &box[1];
@@ -1862,6 +1868,7 @@ handle_gns_resolution_result (void *cls,
records (for modern, GNS-enabled applications) */
rd_off++;
}
+ break;
}
default:
rd_off++;
@@ -1882,7 +1889,7 @@ handle_gns_resolution_result (void *cls,
}
do_recurse:
/* need to recurse, check if we can */
- for (i=0;i<rd_count;i++)
+ for (unsigned int i=0;i<rd_count;i++)
{
switch (rd[i].record_type)
{
@@ -2064,7 +2071,9 @@ handle_gns_resolution_result (void *cls,
}
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
_("GNS lookup recursion failed (no delegation record found)\n"));
- rh->proc (rh->proc_cls, 0, NULL);
+ rh->proc (rh->proc_cls,
+ 0,
+ NULL);
GNS_resolver_lookup_cancel (rh);
}
diff --git a/src/namecache/plugin_namecache_sqlite.c
b/src/namecache/plugin_namecache_sqlite.c
index 2f7b2a981..669729f37 100644
--- a/src/namecache/plugin_namecache_sqlite.c
+++ b/src/namecache/plugin_namecache_sqlite.c
@@ -23,7 +23,6 @@
* @brief sqlite-based namecache backend
* @author Christian Grothoff
*/
-
#include "platform.h"
#include "gnunet_sq_lib.h"
#include "gnunet_namecache_plugin.h"
@@ -106,16 +105,23 @@ struct Plugin
* @return 0 on success
*/
static int
-sq_prepare (sqlite3 * dbh, const char *zSql, sqlite3_stmt ** ppStmt)
+sq_prepare (sqlite3 *dbh,
+ const char *zSql,
+ sqlite3_stmt **ppStmt)
{
char *dummy;
int result;
- result =
- sqlite3_prepare_v2 (dbh, zSql, strlen (zSql), ppStmt,
- (const char **) &dummy);
+ result = sqlite3_prepare_v2 (dbh,
+ zSql,
+ strlen (zSql),
+ ppStmt,
+ (const char **) &dummy);
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Prepared `%s' / %p: %d\n", zSql, *ppStmt, result);
+ "Prepared `%s' / %p: %d\n",
+ zSql,
+ *ppStmt,
+ result);
return result;
}
@@ -168,16 +174,21 @@ database_setup (struct Plugin *plugin)
#endif
if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_filename (plugin->cfg, "namecache-sqlite",
- "FILENAME", &afsdir))
+ GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
+ "namecache-sqlite",
+ "FILENAME",
+ &afsdir))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "namecache-sqlite", "FILENAME");
+ "namecache-sqlite",
+ "FILENAME");
return GNUNET_SYSERR;
}
- if (GNUNET_OK != GNUNET_DISK_file_test (afsdir))
+ if (GNUNET_OK !=
+ GNUNET_DISK_file_test (afsdir))
{
- if (GNUNET_OK != GNUNET_DISK_directory_create_for_file (afsdir))
+ if (GNUNET_OK !=
+ GNUNET_DISK_directory_create_for_file (afsdir))
{
GNUNET_break (0);
GNUNET_free (afsdir);
@@ -188,7 +199,8 @@ database_setup (struct Plugin *plugin)
plugin->fn = afsdir;
/* Open database and precompile statements */
- if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK)
+ if (SQLITE_OK !=
+ sqlite3_open (plugin->fn, &plugin->dbh))
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_("Unable to initialize SQLite: %s.\n"),
@@ -229,9 +241,9 @@ database_setup (struct Plugin *plugin)
(sqlite3_exec
(plugin->dbh,
"CREATE TABLE ns096blocks ("
- " query BLOB NOT NULL DEFAULT '',"
- " block BLOB NOT NULL DEFAULT '',"
- " expiration_time INT8 NOT NULL DEFAULT 0"
+ " query BLOB NOT NULL PRIMARY KEY,"
+ " block BLOB NOT NULL,"
+ " expiration_time INT8 NOT NULL"
")",
NULL, NULL, NULL) != SQLITE_OK))
{
@@ -399,6 +411,10 @@ namecache_sqlite_cache_block (void *cls,
GNUNET_CRYPTO_hash (&block->derived_key,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&query);
+ fprintf (stderr,
+ "Caching new version of block %s (expires %llu)\n",
+ GNUNET_h2s (&query),
+ (unsigned long long) expiration.abs_value_us);
expiration = GNUNET_TIME_absolute_ntoh (block->expiration_time);
if (block_size > 64 * 65536)
{
diff --git a/src/namestore/gnunet-service-namestore.c
b/src/namestore/gnunet-service-namestore.c
index dea13b982..f967881ec 100644
--- a/src/namestore/gnunet-service-namestore.c
+++ b/src/namestore/gnunet-service-namestore.c
@@ -260,6 +260,8 @@ cleanup_task (void *cls)
"Stopping namestore service\n");
while (NULL != (cop = cop_head))
{
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Aborting incomplete namecache operation\n");
GNUNET_NAMECACHE_cancel (cop->qe);
GNUNET_CONTAINER_DLL_remove (cop_head,
cop_tail,
diff --git a/src/namestore/plugin_namestore_sqlite.c
b/src/namestore/plugin_namestore_sqlite.c
index eb2378ed4..168c52c11 100644
--- a/src/namestore/plugin_namestore_sqlite.c
+++ b/src/namestore/plugin_namestore_sqlite.c
@@ -266,12 +266,12 @@ database_setup (struct Plugin *plugin)
(sqlite3_exec
(plugin->dbh,
"CREATE TABLE ns097records ("
- " zone_private_key BLOB NOT NULL DEFAULT '',"
+ " zone_private_key BLOB NOT NULL,"
" pkey BLOB,"
- " rvalue INT8 NOT NULL DEFAULT '',"
- " record_count INT NOT NULL DEFAULT 0,"
- " record_data BLOB NOT NULL DEFAULT '',"
- " label TEXT NOT NULL DEFAULT ''"
+ " rvalue INT8 NOT NULL,"
+ " record_count INT NOT NULL,"
+ " record_data BLOB NOT NULL,"
+ " label TEXT NOT NULL"
")",
NULL, NULL, NULL) != SQLITE_OK))
{
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (800d91ce4 -> da76b1b40),
gnunet <=
- [GNUnet-SVN] [gnunet] 03/05: enable cache use by default, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 02/05: enforce query is primary key, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 01/05: fix off-by-one in BOX type processing, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 04/05: avoid specifying useless DEFAULT values, gnunet, 2018/03/08
- [GNUnet-SVN] [gnunet] 05/05: SSL->TLS / X.509 in log messages and comments, remove unnecessary check, gnunet, 2018/03/08