From: Iwan Timmer <irtimmer@gmail.com>
Date: Fri, 27 Apr 2018 15:50:38 +0000 (+0200)
Subject: resolved: support for DNS-over-TLS
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=commitdiff_plain;h=ae754fd36ce0ff18d88271484af3cf38e7b502e4;p=elogind.git

resolved: support for DNS-over-TLS

Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported.
---

diff --git a/meson.build b/meson.build
index df1dc4fca..b7326427b 100644
--- a/meson.build
+++ b/meson.build
@@ -1300,6 +1300,18 @@ conf.set10('HAVE_DBUS', have)
 #          'DNSSEC_' + default_dnssec.underscorify().to_upper())
 # substs.set('DEFAULT_DNSSEC_MODE', default_dnssec)
 # 
+# default_private_dns = get_option('default-private-dns')
+# if fuzzer_build
+#         default_private_dns = 'no'
+# endif
+# if default_private_dns != 'no' and conf.get('HAVE_GNUTLS') == 0
+#         message('default-private-dns cannot be set to strict or opportunistic when gnutls is disabled. Setting default-private-dns to no.')
+#         default_private_dns = 'no'
+# endif
+# conf.set('DEFAULT_PRIVATE_DNS_MODE',
+#          'PRIVATE_DNS_' + default_private_dns.underscorify().to_upper())
+# substs.set('DEFAULT_PRIVATE_DNS_MODE', default_private_dns)
+# 
 # want_importd = get_option('importd')
 # if want_importd != 'false'
 #         have = (conf.get('HAVE_LIBCURL') == 1 and
@@ -1796,6 +1808,7 @@ test_dlopen = executable(
 #                                 libbasic_gcrypt,
 #                                 libsystemd_resolve_core],
 #                    dependencies : [threads,
+#                                    libgnutls,
 #                                    libgpg_error,
 #                                    libm,
 #                                    libidn],
@@ -1931,6 +1944,7 @@ executable('elogind-user-runtime-dir',
 executable('elogind-user-runtime-dir',
 executable('elogind-user-runtime-dir',
 executable('elogind-user-runtime-dir',
+executable('elogind-user-runtime-dir',
 executable('elogind-user-runtime-dir',
            user_runtime_dir_sources,
            include_directories : includes,
@@ -3201,6 +3215,7 @@ status = [
 #         'symbolic gateway hostnames:        @0@'.format(', '.join(gateway_hostnames)),
 # 
 #         'default DNSSEC mode:               @0@'.format(default_dnssec),
+#         'default private DNS mode:          @0@'.format(default_private_dns),
 #         'default cgroup hierarchy:          @0@'.format(default_hierarchy),
 #endif // 0
         'default KillUserProcesses setting: @0@'.format(kill_user_processes)]
diff --git a/meson_options.txt b/meson_options.txt
index 8e9248825..6fe7cf3da 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -247,6 +247,10 @@ option('gshadow', type : 'boolean',
 #        description : 'default DNSSEC mode',
 #        choices : ['yes', 'allow-downgrade', 'no'],
 #        value : 'allow-downgrade')
+# option('default-private-dns', type : 'combo',
+#        description : 'default private DNS mode',
+#        choices : ['opportunistic', 'no'],
+#        value : 'no')
 # option('dns-servers', type : 'string',
 #        description : 'space-separated list of default DNS servers',
 #        value : '8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844')