Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cofyc/dnscrypt-wrapper
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.1.16
Choose a base ref
...
head repository: cofyc/dnscrypt-wrapper
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref
Loading
Showing with 4,826 additions and 1,063 deletions.
  1. +1 −0 .gitignore
  2. +0 −3 .gitmodules
  3. +8 −10 .travis.yml
  4. +59 −0 CHANGELOG.md
  5. +15 −344 COPYING
  6. +13 −7 Makefile
  7. +2 −0 OWNERS
  8. +198 −48 README.md
  9. +0 −2 TODO
  10. +0 −1 argparse
  11. +5 −0 argparse/.gitignore
  12. +5 −0 argparse/.travis.yml
  13. +21 −0 argparse/LICENSE
  14. +52 −0 argparse/Makefile
  15. +109 −0 argparse/README.md
  16. +349 −0 argparse/argparse.c
  17. +133 −0 argparse/argparse.h
  18. +445 −0 argparse/tap-functions
  19. +50 −0 argparse/test.sh
  20. +58 −0 argparse/test_argparse.c
  21. +381 −0 block.c
  22. +11 −0 block.h
  23. +19 −37 cert.c
  24. +19 −6 cert.h
  25. +46 −3 compat.h
  26. +7 −1 configure.ac
  27. +5 −0 debian/changelog
  28. +1 −0 debian/compat
  29. +20 −0 debian/control
  30. +168 −0 debian/dnscrypt-wrapper.8
  31. +7 −0 debian/dnscrypt-wrapper.default
  32. +1 −0 debian/dnscrypt-wrapper.dirs
  33. +1 −0 debian/dnscrypt-wrapper.docs
  34. +61 −0 debian/dnscrypt-wrapper.init
  35. +1 −0 debian/dnscrypt-wrapper.manpages
  36. +26 −0 debian/dnscrypt-wrapper.postinst
  37. +26 −0 debian/dnscrypt-wrapper.preinst
  38. +14 −0 debian/dnscrypt-wrapper.service
  39. +35 −0 debian/rules
  40. +8 −0 debug.c
  41. +210 −26 dnscrypt.c
  42. +50 −8 dnscrypt.h
  43. +38 −0 docs/releasing.md
  44. BIN example/1.cert
  45. +1 −0 example/1.key
  46. +13 −1 example/README.md
  47. +0 −1 example/crypt_public.key
  48. +0 −2 example/crypt_secret.key
  49. BIN example/dnscrypt.cert
  50. +3 −3 example/start_proxy.sh
  51. +6 −5 example/start_wrapper.sh
  52. +321 −0 fpst.c
  53. +61 −0 fpst.h
  54. +1 −1 gen-version.sh
  55. +17 −0 hack/Dockerfile.debian
  56. +8 −0 hack/entrypoint.sh
  57. +10 −0 hack/package.sh
  58. +27 −0 hack/setup-travis.sh
  59. +2 −2 logger.c
  60. +540 −95 main.c
  61. +334 −313 rfc1035.c
  62. +13 −6 rfc1035.h
  63. +106 −25 tcp_request.c
  64. +3 −0 tcp_request.h
  65. +0 −25 test.sh
  66. +4 −0 tests/Gemfile
  67. +53 −0 tests/Gemfile.lock
  68. +4 −0 tests/Makefile
  69. +6 −0 tests/README.md
  70. +7 −0 tests/Rakefile
  71. +296 −0 tests/dnscrypt-fuzzer.py
  72. +76 −0 tests/features/cert-distribution/txt_records.feature
  73. +15 −0 tests/features/cert-generation/generate_certs.feature
  74. +42 −0 tests/features/step_definitions/dnscrypt-wrapper-cert.rb
  75. +69 −0 tests/features/step_definitions/dnscrypt-wrapper.rb
  76. +1 −0 tests/features/support/aruba.rb
  77. BIN tests/keys1/1.cert
  78. BIN tests/keys1/1.key
  79. +1 −0 tests/keys1/public.key
  80. +1 −0 tests/keys1/secret.key
  81. BIN tests/keys2/1.cert
  82. +2 −0 tests/keys2/1.key
  83. BIN tests/keys2/1.xchacha20.cert
  84. +1 −0 tests/keys2/2.key
  85. +1 −0 tests/keys2/public.key
  86. +1 −0 tests/keys2/secret.key
  87. +97 −87 udp_request.c
  88. +4 −0 udp_request.h
  89. +1 −1 version.h
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -14,6 +14,7 @@
/tests/tmp/
/config.log
/configure
/configure.lineno
/autom4te.cache/
/config.mak.autogen
/config.mak
3 changes: 0 additions & 3 deletions .gitmodules

This file was deleted.

18 changes: 8 additions & 10 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -2,20 +2,18 @@ language: c
compiler:
- clang
- gcc
before_install:
- $CC --version
- which $CC
# workaround clang not system wide, fail on sudo make install
- export CC=`which $CC`
before_script:
- sudo apt-get install libevent-dev
- git clone git://github.com/jedisct1/libsodium.git
- cd libsodium
- git checkout 0.4.1
- ./autogen.sh
- ./configure --disable-dependency-tracking
- curl https://download.libsodium.org/libsodium/releases/LATEST.tar.gz | tar -xvzf -
- cd libsodium-stable
- ./configure
- make && make check
- sudo make install
- sudo ldconfig
- cd ..
script:
- autoreconf -vi
- ./configure
- make
- sudo ./hack/setup-travis.sh
- cd tests && bundle install && make test
59 changes: 59 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# CHANGELOG

## Table of Contents

* [v0.4.2](#v042)
* [v0.4.1](#v041)
* [v0.4.0](#v040)
* [v0.3.0](#v030)
* [v0.2.2](#v022)
* [v0.2.1](#v021)
* [v0.2.0](#v020)

## v0.4.2

- Log level of "suspicious query" changed to debug

## v0.4.1

- find_cert() should search in all certs, fixes #139.
- filter_signed_certs() should converts serial to uint32_t before comparison.
- --cert-file-expire-days supports 'd', 'h', 'm', 's' suffixes

## v0.4.0

- Use sodium_malloc() for the DNS query/response buffers
- Fix stamp properties; add --nofilter
- Only publish the most recent certificates
- Include the signature in SignedCert
- cache: do not forget to include the server PK in the hash computation
- Implement a simple cache for shared keys
- Add support for stamps (dnscrypt-proxy 2.x), and update the documentation
- In key rotation, old certs should be provided too, see #109.
- fixes #111, cert/key expires in 24 hours by default for safety see discussion: https://github.com/jedisct1/dnscrypt-proxy/issues/520
- docs: suggest user to generate short-term key pairs and use key-rotation mechanism See #111.

## v0.3.0

- XChaCha20 supported
- a lot of tests added
- and many bug fixes and improvements

## v0.2.2

- remove GPLv2, release under the ISC license
- update example secret key / cert, etc
- fix compiler/linker flags handling

## v0.2.1

- Rename --provider-publickey-fingerprint to --show-provider-publickey-fingerprint. It's more conventional to use a verb if you want to do some action, like gen-provider-keypair.
- Use TCP_QUICKACK instead of TCP_NODELAY if available (Linux 2.4.4+) See https://news.ycombinator.com/item?id=10608356
- Send a short packet with TC set if the query_len < response_len
- Support sending server cert over tcp
- Use the certificate timestamp as a serial number instead of a fixed serial.
- And some other minor fixes.

## v0.2.0

- Import argparse sources files directly.
Loading