Browse Source

Merge pull request #8947 from jonathanunderwood/stubby-0.2.6

stubby: update to 0.2.6
lilik-openwrt-22.03
Rosen Penev 6 years ago
committed by GitHub
parent
commit
9d85d1b4a8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 141 additions and 7 deletions
  1. +4
    -5
      net/stubby/Makefile
  2. +57
    -1
      net/stubby/files/README.md
  3. +24
    -0
      net/stubby/files/stubby.conf
  4. +56
    -1
      net/stubby/files/stubby.init

+ 4
- 5
net/stubby/Makefile View File

@ -5,18 +5,17 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=stubby
PKG_VERSION:=0.2.4
PKG_RELEASE:=2
PKG_VERSION:=0.2.6
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Jonathan Underwood <jonathan.underwood@gmail.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/getdnsapi/$(PKG_NAME)
PKG_SOURCE_VERSION:=58200cadec6371f95e31a7f3735225c5a46ecf75
PKG_MIRROR_HASH:=28c46f4464cb41cf59264d10da63dc25ece9a1d00b4dfb05a9276594658e5eb9
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_MIRROR_HASH:=af896c471ac67b31c2263d11fcdfcdb32a213621c2f8789f4b0a4ceca4437108
PKG_FIXUP:=autoreconf


+ 57
- 1
net/stubby/files/README.md View File

@ -372,7 +372,33 @@ The possible levels are:
This option specifies additional command line arguments for
stubby daemon. By default, this is an empty string.
#### `option tls_cipher_list`
If set, this specifies the acceptable ciphers for DNS over TLS. With OpenSSL
1.1.1 this list is for TLS1.2 and older only. Ciphers for TLS1.3 should be set
with the `tls_ciphersuites` option. This option can also be given per upstream
resolver. By default, this option is not set.
#### `option tls_ciphersuites`
If set, this specifies the acceptable cipher for DNS over TLS1.3. OpenSSL
version 1.1.1 or greater is required for this option. This option can also be
given per upstream resolver. By default, this option is not set.
#### `option tls_min_version`
If set, this specifies the minimum acceptable TLS version. Works with OpenSSL
1.1.1 or greater only. This option can also be given per upstream resolver. By
default, this option is not set.
#### `option tls_max_version`
If set, this specifies the maximum acceptable TLS version. Works with OpenSSL
1.1.1 or greater only. This option can also be given per upstream resolver. By
default, this option is not set.
### `resolver` section options
#### `option address`
@ -385,6 +411,36 @@ IPv6 address.
This option specifies the upstream domain name used for TLS authentication with
the supplied server certificate
#### `option tls_port`
This option specifies the TLS port for the upstream resolver. If not specified,
this defaults to 853.
#### `option tls_cipher_list`
If set, this specifies the acceptable ciphers for DNS over TLS. With OpenSSL
1.1.1 this list is for TLS1.2 and older only. Ciphers for TLS1.3 should be set
with the `tls_ciphersuites` option. By default, this option is not set. If set,
this overrides the global value.
#### `option tls_ciphersuites`
If set, this specifies the acceptable cipher for DNS over TLS1.3. OpenSSL
version 1.1.1 or greater is required for this option. By default, this option is
not set. If set, this overrides the global value.
#### `option tls_min_version`
If set, this specifies the minimum acceptable TLS version. Works with OpenSSL
1.1.1 or greater only. By default, this option is not set. If set, this
overrides the global value.
#### `option tls_max_version`
If set, this specifies the maximum acceptable TLS version. Works with OpenSSL
1.1.1 or greater only. By default, this options is not set. If set, this
overrides the global value.
#### `list spki`
This list specifies the SPKI pinset which is verified against the keys in the


+ 24
- 0
net/stubby/files/stubby.conf View File

@ -19,24 +19,48 @@ config stubby 'global'
list listen_address '0::1@5453'
# option log_level '7'
# option command_line_arguments ''
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
# Upstream resolvers are specified using 'resolver' sections.
config resolver
option address '2606:4700:4700::1111'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '2606:4700:4700::1001'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '1.1.1.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'
config resolver
option address '1.0.0.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
# option tls_cipher_list 'EECDH+AESGCM:EECDH+CHACHA20'
# option tls_ciphersuites 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256'
# option tls_min_version '1.2'
# option tls_max_version '1.3'

+ 56
- 1
net/stubby/files/stubby.init View File

@ -38,6 +38,10 @@ generate_config()
local upstream_recursive_servers_section=0
local command_line_arguments
local log_level
local tls_cipher_list
local tls_ciphersuites
local tls_min_version
local tls_max_version
# Generate configuration. See: https://github.com/getdnsapi/stubby/blob/develop/stubby.yml.example
echo "# Autogenerated configuration from uci data" > "$config_file"
@ -93,6 +97,26 @@ generate_config()
config_get idle_timeout "global" idle_timeout "10000"
echo "idle_timeout: $idle_timeout" >> "$config_file"
config_get tls_cipher_list "global" tls_cipher_list ""
if [ -n "$tls_cipher_list" ]; then
echo "tls_cipher_list: \"$tls_cipher_list\"" >> "$config_file"
fi
config_get tls_ciphersuites "global" tls_ciphersuites ""
if [ -n "$tls_ciphersuites" ]; then
echo "tls_ciphersuites: \"$tls_ciphersuites\"" >> "$config_file"
fi
config_get tls_min_version "global" tls_min_version ""
if [ -n "$tls_min_version" ]; then
echo "tls_min_version: GETDNS_TLS${tls_min_version/\./_}" >> "$config_file"
fi
config_get tls_max_version "global" tls_max_version ""
if [ -n "$tls_max_version" ]; then
echo "tls_max_version: GETDNS_TLS${tls_max_version/\./_}" >> "$config_file"
fi
handle_listen_address_value()
{
local value="$1"
@ -122,17 +146,48 @@ generate_config()
local config=$1
local address
local tls_auth_name
local tls_port
local tls_pubkey_pinset_section=0
local tls_cipher_list
local tls_ciphersuites
local tls_min_version
local tls_max_version
if [ "$upstream_recursive_servers_section" = 0 ]; then
echo "upstream_recursive_servers:" >> "$config_file"
upstream_recursive_servers_section=1
fi
config_get address "$config" address
config_get tls_auth_name "$config" tls_auth_name
echo " - address_data: $address" >> "$config_file"
config_get tls_auth_name "$config" tls_auth_name
echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
config_get tls_auth_port "$config" tls_port ""
if [ -n "$tls_port" ]; then
echo " tls_port: $tls_port" >> "$config_file"
fi
config_get tls_cipher_list "$config" tls_cipher_list ""
if [ -n "$tls_cipher_list" ]; then
echo " tls_cipher_list: \"$tls_cipher_list\"" >> "$config_file"
fi
config_get tls_ciphersuites "$config" tls_ciphersuites ""
if [ -n "$tls_ciphersuites" ]; then
echo " tls_ciphersuites: \"$tls_ciphersuites\"" >> "$config_file"
fi
config_get tls_min_version "$config" tls_min_version ""
if [ -n "$tls_min_version" ]; then
echo " tls_min_version: GETDNS_TLS${tls_min_version/\./_}" >> "$config_file"
fi
config_get tls_max_version "$config" tls_max_version ""
if [ -n "$tls_max_version" ]; then
echo " tls_max_version: GETDNS_TLS${tls_max_version/\./_}" >> "$config_file"
fi
handle_resolver_spki()
{
local val="$1"


Loading…
Cancel
Save