Comments (9)
Ok, got to the bottom of it. In changing a bunch of interfaces to return Result (due to some of the changes in OpenSSL), I had made overzealous use of try!() and underthought placement in the validation loops for DNSSec. Everything checks out now.
from trust-dns.
If you want to submit a PR for that, I'd happily accept.
from trust-dns.
I started work on this to hopefully fix Travis OSX builds, but man, openssl 0.8.0 is quite different from 0.7 :(
from trust-dns.
It is pretty different. I'd have liked to get to this myself but have been over-loaded with other things.
from trust-dns.
2b14581 is the conversion to openssl 0.8.
While that's basically complete, of course my integration tests for the proof of a signed example.com are now failing :(
looking into it.
from trust-dns.
oh, and I have all the warnings related to the futures stuff cleaned up in a different branch. I'll be getting rid of those in a little bit.
from trust-dns.
Travis is passing again with this patch at least :)
from trust-dns.
FYI, looking more deeply, not all secure queries are failing, and some parts of the chain are validating properly. I'm not entirely able to say right now that there isn't a bug here. rollernet tests are all passing right now, which tells me that it's only example.com that is having issues.
It validates the www.example.com against example.com's DNSKEY, but then fails to validate the DNSKEY for example.com. But since rollertnet tests are functioning this might not be an issue with the upgrade.
from trust-dns.
cargo test -- --ignored
will run all of the integration tests for anyone interested in looking at this.
from trust-dns.
Related Issues (20)
- Static build support (openssl + cross-compile) HOT 6
- `DnssecDnsHandle` does not appear to validate RRSIG's signature {inception,expiration} fields HOT 1
- malformed query can cause assertion failure at encoder.rs:234 HOT 1
- should `proto::rr::resource::Record.rdata` really be an `Option`? HOT 6
- `just clippy` does not catch warnings produced by `just dnssec-openssl` HOT 5
- DNS Resolver rotate feature HOT 5
- [Featture] Expose Path Parameter for DoH Client HOT 1
- Allow passing in a custom client UDP socket to send data from HOT 5
- `just no-default-features` fails with an ICE using latest nightly HOT 1
- Default dns timeout of 5 seconds is excessive (causes 40s of time being wasted in mongodb) HOT 5
- hickory-resolver retries NXDOMAINs over TCP if using `try_tcp_on_error` HOT 4
- tag/publish a 0.25 pre-release? HOT 4
- What is the reason for NextRandomUdpSocket? HOT 7
- add DNSSEC validation to `Recursor` HOT 1
- what's the use case for `Recursor::resolve(Query::query(not_fully_qualified_name, ..), ..)`? / bug in `Recursor::resolve` with `security_aware = false`? HOT 4
- TokioAsyncResolver fails with ResolveError { kind: Proto(ProtoError { kind: Io(Kind(ConnectionRefused)) }) } HOT 3
- `DnssecDnsHandle.minimum_{algorithm,key_len}` fields appear to be unused?
- provide support for dns resolution for files located in etc/resolver on macOS HOT 3
- infinite recursion in `DnssecDnsHandle` when nameservers use an unsupported algorithm HOT 1
- DNS over HTTPS not working as before? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trust-dns.