7f2f4faced
Validate the IP address in the certificate for DNS-over-TLS in strict mode when GnuTLS is used. As this is not yet the case in contrast to the documentation.
25 lines
554 B
C
25 lines
554 B
C
/* SPDX-License-Identifier: LGPL-2.1+ */
|
|
#pragma once
|
|
|
|
#if !ENABLE_DNS_OVER_TLS || !DNS_OVER_TLS_USE_GNUTLS
|
|
#error This source file requires DNS-over-TLS to be enabled and GnuTLS to be available.
|
|
#endif
|
|
|
|
#include <gnutls/gnutls.h>
|
|
#include <stdbool.h>
|
|
|
|
struct DnsTlsManagerData {
|
|
gnutls_certificate_credentials_t cert_cred;
|
|
};
|
|
|
|
struct DnsTlsServerData {
|
|
gnutls_datum_t session_data;
|
|
};
|
|
|
|
struct DnsTlsStreamData {
|
|
gnutls_session_t session;
|
|
gnutls_typed_vdata_st validation;
|
|
int handshake;
|
|
bool shutdown;
|
|
};
|