986772b generate_nmc_cert: disable goimports linter. (JeremyRand)
fb709df generate_nmc_cert: Use more standard imports order. (JeremyRand)
cee2b18 generate_nmc_cert: Disable gofmt linter. (JeremyRand)
fca636d generate_nmc_cert: Use P256 curve by default. (JeremyRand)
7263b7a generate_nmc_cert: split falsehost into its own file, which makes auditing merges from upstream Go stdlib substantially easier. (JeremyRand)
deea55b generate_nmc_cert: rebase against Go 1.8.3 standard library. (JeremyRand)
Pull request description:
~~Not yet tested; feel free to review/test but do not merge.~~
Ready for review, I think it's mergeable.
Tree-SHA512: 18fab3d3a335f742d021f6b516681a4e3cc2320443b647d12c52bb3726d8e3c2281e2314ab4014b934eaa93329feb891e02768ff5059acf8bce587f7b901b29a
e22eaa6 Travis: build releases with Go 1.9. (JeremyRand)
6f77ecb Travis: Upgrade to Go 1.9. (JeremyRand)
92ed6ce Rebase x509 onto Go 1.9. (JeremyRand)
Pull request description:
Depends on #64. Should not be merged until The Tor Project has upgraded their RBM descriptor to Go 1.9 or higher.
Tree-SHA512: b485ad652fb63cd4aad8dddb6614ac22a2efaf1ff342f023c3b1cc30ed9697b64e378e3cfa827362c1f6871a5ce35bc9f03c6ef91c41cafb1a150fd18a7f0883
5af8e11 Temporarily disable netbsd/arm builds. (JeremyRand)
Pull request description:
Due to https://github.com/miekg/dns/issues/655 ; this should fix Travis fails. This will be reverted when that issue is fixed.
Tree-SHA512: fc0a6e81afe9747bd61c8ed622d42dfe44af7e772c78ee415853d538e4fb6d72cfce89274b691dd178b9b4a859ab3b7da3911f9a3b2427061f3306760ed5e0e4
2e50c75 ncdumpzone: Add Firefox mode. (JeremyRand)
Pull request description:
This mode outputs a cert_override.txt file (based on TLSA records) that Firefox will accept. This can be used to facilitate positive overrides in Firefox. A future PR will automate the procedure of syncing with Firefox.
Note that it won't create the correct hostname or fingerprint until #60 is merged.
Tree-SHA512: bcd060ae8239883ec5f38f73ed195ed22ce4e673738770b031678bbbab73ca8046713b0127728dec89caf7db1ddc873f9837f2b684a465aeb5cdba79537d52f6
dba4ce7 Fix erroneous duplication of domain name in TLSA records served over DNS. (JeremyRand)
cb6bcea Fix erroneous trailing period in x509 certificates served over DNS. (JeremyRand)
Pull request description:
Fixes#59, as well as a different bug that broke the same functionality as #59.
Tree-SHA512: 54b2aba1368bf0c19735e773453141be40cd8fb7403b69932c21a60ed5d8b6cce255b61a756fb1745a338901bbc5d86e26387d1375216e6a88b691d3ae25e4d3
5cbd433 certdehydrate: Add some additional error checking. (JeremyRand)
Pull request description:
Based on recommendations from "gas" static analysis. ~~Depends on #50.~~
Tree-SHA512: 8c7980abaaace3c28be6186ea0c5d7ed52ba6557d8e7df52a93a228408db1b2b1eb61d370e988db723e3f07dd3e6cd70a3d45a5c55959813fef0f8d7e967551a
4a73f53 Travis: Copy the "aligncheck" and "test" disablement from critical to non-critical section. (JeremyRand)
b999eef Travis: Disable "test" static analyzer. (JeremyRand)
Pull request description:
Should fix one of the Travis failures.
Tree-SHA512: 726d1459cf1c09e71a28753eaa846414ffdc06580541c2456581d2b9b70709cf0738c9b6a6bbb2f050273d94cc42ea59f0c3d1574f569849a1ce1ab425aa0752
ee5a290 Travis: Make gosimple critical for gometalinter. (JeremyRand)
18a502d Web server: minor refactor of initTemplates. (JeremyRand)
Pull request description:
Based on recommendations from "gosimple" static analysis. ~Depends on https://github.com/namecoin/ncdns/pull/46 .~
Tree-SHA512: c0aaebac6d91b1c958223f4e4e49626bb1ed896409cc8fa7eef13abde0d44f89565e9460c254f842785f2bd1d590457123e2a7b670dc5faa82fe3a66c76d7d4e
375ff45 certinject: NSS: Add an internal test. (JeremyRand)
ead7a20 certinject: NSS: Improve error handling. (JeremyRand)
145d1e3 certinject: Fix various issues found by static analysis. (JeremyRand)
2c8b5fe certinject: NSS improvements, now works on arbitrary NSS cert store directories. (JeremyRand)
e5c7c09 certinject: add support for the shared NSS trust store on GNU/Linux systems. (JeremyRand)
Pull request description:
Extend #16 to support the user's shared NSS trust store on GNU/Linux systems.
Please review but do not merge yet.
TODO before merging:
- [x] Get #16 merged.
- [x] Figure out what to do in the case where ncdns isn't run by the same user as the owner of the NSS database. Presumably it makes sense to run ncdns under its own user. Should we require a config option that lists the users whose NSS databases are written to?
Other issue to discuss:
Writing to the NSS database with `certutil` is really slow, I'm seeing ~700ms latency added by this. Is there a faster way to do it? If we try to handle multiple NSS databases (one per user), this could easily cause DNS timeouts. Using the system NSS database should be possible, but it would be unsafe for users who haven't installed the HPKP pin into Chromium.
Tree-SHA512: d35fcb44e6c09d6654140de8cf378b0b7523ac19d63d007064db14d5c84cd2178cad95d348baa3234843d215fb563185b98ced33c3e876876d8d42a01ba4e6a7
1f98613 Change default Namecoin RPC host from localhost to 127.0.0.1. (JeremyRand)
Pull request description:
This should be a harmless change, and for some unknown reason it fixed an "unexpected end of JSON input" RPC error on my Windows 10 x86_32 VM.
Tree-SHA512: 9ceb14423dcacf7448922bb76d2da7e8fc1f2ccb002b01c6a81b576e441143b756feef48428f54c279cacda70ab98234c8b47c60aef02bf37b03eae30f69ba89
In Go stdlib, RSA2048 is used by default. RSA support was removed in our fork, but we neglected to set a default ECDSA curve, so the user had to choose a curve. P256 is recommended by the Go devs and by us, so it seems to be a reasonable default.
3a75a2f Travis: build q and dns-prop279. (JeremyRand)
042dab6 Travis: Slight refactor. (JeremyRand)
Pull request description:
Temporary kludge for getting `q` and `dns-prop279` binaries included in the releases until we replace the build system with RBM.
Tree-SHA512: 581619de3f466d52c4cc2a7e9fc6fca329992ff78040e1b939ac589013768b83e1205ea49543297cf4e895e965a81b489cfa64f69bd3ce4652018d5435ac6745
