diff options
| author | Iwan Timmer <irtimmer@gmail.com> | 2018-07-17 08:34:29 +0200 |
|---|---|---|
| committer | Iwan Timmer <irtimmer@gmail.com> | 2018-07-27 22:23:17 +0200 |
| commit | 6016fcb0ea9eea232f55a8b27b5a7fa69c0b4e26 (patch) | |
| tree | 5dcaaf7e6c4f5f1c10690d484549180a9612652d /src/resolve/resolved-dns-transaction.c | |
| parent | test: Increase qemu timeout from 90s to 180s (diff) | |
| download | systemd-6016fcb0ea9eea232f55a8b27b5a7fa69c0b4e26.tar.xz systemd-6016fcb0ea9eea232f55a8b27b5a7fa69c0b4e26.zip | |
resolved: refactor GnuTLS specific code in separate source file
This is a first step towards supporting alternative TLS implementations for DNS-over-TLS.
Co-authored-by: Filipe Brandenburger <filbranden@google.com>
Diffstat (limited to 'src/resolve/resolved-dns-transaction.c')
| -rw-r--r-- | src/resolve/resolved-dns-transaction.c | 44 |
1 files changed, 3 insertions, 41 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 89d311811a..db30997d04 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -11,11 +11,10 @@ #include "resolved-dns-cache.h" #include "resolved-dns-transaction.h" #include "resolved-llmnr.h" -#include "string-table.h" - #if ENABLE_DNS_OVER_TLS -#include <gnutls/socket.h> +#include "resolved-dnstls.h" #endif +#include "string-table.h" #define TRANSACTIONS_MAX 4096 #define TRANSACTION_TCP_TIMEOUT_USEC (10U*USEC_PER_SEC) @@ -503,20 +502,6 @@ static int dns_transaction_on_stream_packet(DnsTransaction *t, DnsPacket *p) { return 0; } -static int on_stream_connection(DnsStream *s) { -#if ENABLE_DNS_OVER_TLS - /* Store TLS Ticket for faster succesive TLS handshakes */ - if (s->tls_session && s->server) { - if (s->server->tls_session_data.data) - gnutls_free(s->server->tls_session_data.data); - - gnutls_session_get_data2(s->tls_session, &s->server->tls_session_data); - } -#endif - - return 0; -} - static int on_stream_complete(DnsStream *s, int error) { _cleanup_(dns_stream_unrefp) DnsStream *p = NULL; DnsTransaction *t, *n; @@ -578,9 +563,6 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { _cleanup_(dns_stream_unrefp) DnsStream *s = NULL; union sockaddr_union sa; int r; -#if ENABLE_DNS_OVER_TLS - gnutls_session_t gs; -#endif assert(t); @@ -655,32 +637,12 @@ static int dns_transaction_emit_tcp(DnsTransaction *t) { #if ENABLE_DNS_OVER_TLS if (DNS_SERVER_FEATURE_LEVEL_IS_TLS(t->current_feature_level)) { assert(t->server); - - r = gnutls_init(&gs, GNUTLS_CLIENT | GNUTLS_ENABLE_FALSE_START | GNUTLS_NONBLOCK); - if (r < 0) - return r; - - /* As DNS-over-TLS is a recent protocol, older TLS versions can be disabled */ - r = gnutls_priority_set_direct(gs, "NORMAL:-VERS-ALL:+VERS-TLS1.2", NULL); - if (r < 0) - return r; - - r = gnutls_credentials_set(gs, GNUTLS_CRD_CERTIFICATE, t->server->tls_cert_cred); - if (r < 0) - return r; - - if (t->server->tls_session_data.size > 0) - gnutls_session_set_data(gs, t->server->tls_session_data.data, t->server->tls_session_data.size); - - gnutls_handshake_set_timeout(gs, GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); - - r = dns_stream_connect_tls(s, gs); + r = dnstls_stream_connect_tls(s, t->server); if (r < 0) return r; } #endif - s->on_connection = on_stream_connection; s->complete = on_stream_complete; s->on_packet = dns_stream_on_packet; |