compile: fix comile warnings
This commit is contained in:
Nick Peng
@@ -110,7 +110,7 @@ struct dns_head {
|
|||||||
unsigned short ancount; /* number of answer entries */
|
unsigned short ancount; /* number of answer entries */
|
||||||
unsigned short nscount; /* number of authority entries */
|
unsigned short nscount; /* number of authority entries */
|
||||||
unsigned short nrcount; /* number of addititional resource entries */
|
unsigned short nrcount; /* number of addititional resource entries */
|
||||||
} __attribute__((packed));
|
} __attribute__((packed, aligned(2)));
|
||||||
|
|
||||||
struct dns_rrs {
|
struct dns_rrs {
|
||||||
unsigned short next;
|
unsigned short next;
|
||||||
|
|||||||
@@ -860,7 +860,7 @@ static int _dns_client_server_add(char *server_ip, char *server_host, int port,
|
|||||||
}
|
}
|
||||||
|
|
||||||
SSL_CTX_set_options(server_info->ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
SSL_CTX_set_options(server_info->ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
|
||||||
|
SSL_CTX_set_session_cache_mode(server_info->ssl_ctx, SSL_SESS_CACHE_CLIENT);
|
||||||
if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
|
if (_dns_client_set_trusted_cert(server_info->ssl_ctx) != 0) {
|
||||||
tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
|
tlog(TLOG_WARN, "disable check certificate for %s.", server_info->ip);
|
||||||
server_info->skip_check_cert = 1;
|
server_info->skip_check_cert = 1;
|
||||||
@@ -2115,11 +2115,30 @@ static int _dns_client_tls_matchName(const char *host, const char *pattern, int
|
|||||||
return match;
|
return match;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int _dns_client_tls_get_cert_CN(X509 *cert, char *cn, int max_cn_len) {
|
||||||
|
X509_NAME *cert_name = NULL;
|
||||||
|
|
||||||
|
cert_name = X509_get_subject_name(cert);
|
||||||
|
if (cert_name == NULL) {
|
||||||
|
tlog(TLOG_ERROR, "get subject name failed.");
|
||||||
|
goto errout;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (X509_NAME_get_text_by_NID(cert_name, NID_commonName, cn, max_cn_len) == -1) {
|
||||||
|
tlog(TLOG_ERROR, "cannot found x509 name");
|
||||||
|
goto errout;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
errout:
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
static int _dns_client_tls_verify(struct dns_server_info *server_info)
|
static int _dns_client_tls_verify(struct dns_server_info *server_info)
|
||||||
{
|
{
|
||||||
X509 *cert = NULL;
|
X509 *cert = NULL;
|
||||||
X509_PUBKEY *pubkey = NULL;
|
X509_PUBKEY *pubkey = NULL;
|
||||||
X509_NAME *cert_name = NULL;
|
|
||||||
char peer_CN[256];
|
char peer_CN[256];
|
||||||
char cert_fingerprint[256];
|
char cert_fingerprint[256];
|
||||||
int i = 0;
|
int i = 0;
|
||||||
@@ -2143,24 +2162,20 @@ static int _dns_client_tls_verify(struct dns_server_info *server_info)
|
|||||||
if (server_info->skip_check_cert == 0) {
|
if (server_info->skip_check_cert == 0) {
|
||||||
long res = SSL_get_verify_result(server_info->ssl);
|
long res = SSL_get_verify_result(server_info->ssl);
|
||||||
if (res != X509_V_OK) {
|
if (res != X509_V_OK) {
|
||||||
tlog(TLOG_WARN, "peer server certificate verify failed.");
|
peer_CN[0] = '\0';
|
||||||
|
_dns_client_tls_get_cert_CN(cert, peer_CN, sizeof(peer_CN));
|
||||||
|
tlog(TLOG_WARN, "peer server %s certificate verify failed", server_info->ip);
|
||||||
|
tlog(TLOG_WARN, "peer CN: %s", peer_CN);
|
||||||
goto errout;
|
goto errout;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
cert_name = X509_get_subject_name(cert);
|
if (_dns_client_tls_get_cert_CN(cert, peer_CN, sizeof(peer_CN)) != 0) {
|
||||||
if (cert_name == NULL) {
|
tlog(TLOG_ERROR, "get cert CN failed.");
|
||||||
tlog(TLOG_ERROR, "get subject name failed.");
|
|
||||||
goto errout;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (X509_NAME_get_text_by_NID(cert_name, NID_commonName, peer_CN, 256) == -1) {
|
|
||||||
tlog(TLOG_ERROR, "cannot found x509 name");
|
|
||||||
goto errout;
|
goto errout;
|
||||||
}
|
}
|
||||||
|
|
||||||
tlog(TLOG_DEBUG, "peer CN: %s", peer_CN);
|
tlog(TLOG_DEBUG, "peer CN: %s", peer_CN);
|
||||||
|
|
||||||
/* check tls host */
|
/* check tls host */
|
||||||
tls_host_verify = _dns_client_server_get_tls_host_verify(server_info);
|
tls_host_verify = _dns_client_server_get_tls_host_verify(server_info);
|
||||||
if (tls_host_verify) {
|
if (tls_host_verify) {
|
||||||
@@ -2311,7 +2326,7 @@ static int _dns_client_process_tls(struct dns_server_info *server_info, struct e
|
|||||||
|
|
||||||
server_info->status = DNS_SERVER_STATUS_CONNECTED;
|
server_info->status = DNS_SERVER_STATUS_CONNECTED;
|
||||||
memset(&fd_event, 0, sizeof(fd_event));
|
memset(&fd_event, 0, sizeof(fd_event));
|
||||||
fd_event.events = EPOLLIN;
|
fd_event.events = EPOLLIN | EPOLLOUT;
|
||||||
fd_event.data.ptr = server_info;
|
fd_event.data.ptr = server_info;
|
||||||
if (epoll_ctl(client.epoll_fd, EPOLL_CTL_MOD, server_info->fd, &fd_event) != 0) {
|
if (epoll_ctl(client.epoll_fd, EPOLL_CTL_MOD, server_info->fd, &fd_event) != 0) {
|
||||||
tlog(TLOG_ERROR, "epoll ctl failed, %s", strerror(errno));
|
tlog(TLOG_ERROR, "epoll ctl failed, %s", strerror(errno));
|
||||||
@@ -2531,11 +2546,12 @@ static int _dns_client_send_packet(struct dns_query_struct *query, void *packet,
|
|||||||
struct dns_server_group_member *tmp = NULL;
|
struct dns_server_group_member *tmp = NULL;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
int send_err = 0;
|
int send_err = 0;
|
||||||
|
int i = 0;
|
||||||
|
|
||||||
query->send_tick = get_tick_count();
|
query->send_tick = get_tick_count();
|
||||||
|
|
||||||
/* send query to all dns servers */
|
/* send query to all dns servers */
|
||||||
for (int i = 0; i < 2; i++) {
|
for (i = 0; i < 2; i++) {
|
||||||
pthread_mutex_lock(&client.server_list_lock);
|
pthread_mutex_lock(&client.server_list_lock);
|
||||||
list_for_each_entry_safe(group_member, tmp, &query->server_group->head, list)
|
list_for_each_entry_safe(group_member, tmp, &query->server_group->head, list)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -262,6 +262,7 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ip = argv[1];
|
||||||
if (index >= DNS_MAX_SERVERS) {
|
if (index >= DNS_MAX_SERVERS) {
|
||||||
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
|
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -274,8 +275,6 @@ static int _config_server(int argc, char *argv[], dns_server_type_t type, int de
|
|||||||
server->httphost[0] = '\0';
|
server->httphost[0] = '\0';
|
||||||
server->tls_host_verify[0] = '\0';
|
server->tls_host_verify[0] = '\0';
|
||||||
|
|
||||||
ip = argv[1];
|
|
||||||
|
|
||||||
if (type == DNS_SERVER_HTTPS) {
|
if (type == DNS_SERVER_HTTPS) {
|
||||||
if (parse_uri(ip, NULL, server->server, &port, server->path) != 0) {
|
if (parse_uri(ip, NULL, server->server, &port, server->path) != 0) {
|
||||||
return -1;
|
return -1;
|
||||||
@@ -871,6 +870,7 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
|
|||||||
goto errout;
|
goto errout;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ip = argv[1];
|
||||||
if (index >= DNS_MAX_SERVERS) {
|
if (index >= DNS_MAX_SERVERS) {
|
||||||
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
|
tlog(TLOG_WARN, "exceeds max server number, %s", ip);
|
||||||
return 0;
|
return 0;
|
||||||
@@ -879,7 +879,6 @@ static int _config_bind_ip(int argc, char *argv[], DNS_BIND_TYPE type)
|
|||||||
bind_ip = &dns_conf_bind_ip[index];
|
bind_ip = &dns_conf_bind_ip[index];
|
||||||
bind_ip->type = type;
|
bind_ip->type = type;
|
||||||
bind_ip->flags = 0;
|
bind_ip->flags = 0;
|
||||||
ip = argv[1];
|
|
||||||
safe_strncpy(bind_ip->ip, ip, DNS_MAX_IPLEN);
|
safe_strncpy(bind_ip->ip, ip, DNS_MAX_IPLEN);
|
||||||
|
|
||||||
/* process extra options */
|
/* process extra options */
|
||||||
|
|||||||
Reference in New Issue
Block a user