1. 12 Jan, 2018 1 commit
  2. 08 Jan, 2018 5 commits
  3. 12 Sep, 2017 1 commit
    • Vladimír Čunát's avatar
      gnutls logging improvements · 3467ee81
      Vladimír Čunát authored
      - move it to utils.c, so it's sensitive to later changes in verbosity
      - don't mark the lines with [tls], as they may come through libdnssec
      - use stdout like other verbose messages, instead of stderr (real errors)
      3467ee81
  4. 09 Jan, 2017 1 commit
  5. 06 Jan, 2017 2 commits
    • Daniel Kahn Gillmor's avatar
      Use ephemeral X.509 credentials if none are configured · a405b874
      Daniel Kahn Gillmor authored
      If kresd is configured to listen using TLS, but it has no credentials,
      it should fall back to generating ephemeral credentials and using
      them.
      
      It stores the ephemerally-generated secret key in the same directory
      as the cache, using the name "ephemeral_key.pem".  If the cache
      persists, then the key will too, even if the daemon dies.  This means
      that any set of daemons that share a cache will also share an
      ephemeral secret key.
      
      The ephemeral X.509 certificate that corresponds to the key will be
      automatically generated (self-signed), will have a lifetime of about
      90 days (matching Let's Encrypt policy).  The ephemeral cert is
      never written to disk; it is always dynamically-generated by kresd.
      
      This should make it very easy to get DNS-over-TLS working in
      opportunistic mode.
      a405b874
    • Daniel Kahn Gillmor's avatar
      Record expiration date of our certificate. · 4c4ff26f
      Daniel Kahn Gillmor authored
      This can be useful for scheduling checks in the future, for logging
      when we're using an expired cert, requesting a new cert, refreshing an
      ephemeral cert, etc.
      4c4ff26f
  6. 14 Nov, 2016 1 commit
  7. 05 Aug, 2016 10 commits
  8. 16 Jul, 2016 1 commit
  9. 20 May, 2016 1 commit
    • Marek Vavrusa's avatar
      lib: cache api v2, removed dep on libknot db.h · e68c3a0a
      Marek Vavrusa authored
      this change introduces new API for cache backends,
      that is a subset of knot_db_api_t from libknot
      with several cache-specific operations
      
      major changes are:
      * merged 'cachectl' module into 'cache' as it is
        99% default-on and it simplifies things
      * not transaction oriented, transactions may be
        reused and cached for higher performance
      * scatter/gather API, this is important for
        latency and performance of non-local backends
        like Redis
      * faster and reliable cache clearing
      * cache-specific operations (prefix scan, ...) in
        the API not hacked in
      * simpler code for both backends and caller
      e68c3a0a
  10. 18 Mar, 2015 1 commit
  11. 10 Mar, 2015 1 commit
  12. 23 Feb, 2015 1 commit
  13. 30 Dec, 2014 1 commit
  14. 29 Dec, 2014 1 commit
  15. 14 Aug, 2014 1 commit
  16. 04 Aug, 2014 1 commit
  17. 31 Jul, 2014 1 commit