dnsdist: Fix the DNSCrypt timestamps returned by the Lua bindings

I completely forgot that they were stored in network by-order.
Thanks to bjoe2k4 for reporting the issue!

diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc
index 329f3f041e37d1df33ed259a47c1a071214cd26a..b299c83ea815c22048effca5c4b35a290744952a 100644 (file)
--- a/pdns/dnsdist-lua2.cc
+++ b/pdns/dnsdist-lua2.cc
@@ -633,8 +633,8 @@ void moreLua(bool client)
     g_lua.registerFunction<std::string(DnsCryptCert::*)()>("getResolverPublicKey", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.resolverPK), sizeof(cert.signedData.resolverPK)); });
     g_lua.registerFunction<std::string(DnsCryptCert::*)()>("getClientMagic", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.clientMagic), sizeof(cert.signedData.clientMagic)); });
     g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getSerial", [](const DnsCryptCert& cert) { return cert.signedData.serial; });
-    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSStart", [](const DnsCryptCert& cert) { return cert.signedData.tsStart; });
-    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSEnd", [](const DnsCryptCert& cert) { return cert.signedData.tsEnd; });
+    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSStart", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsStart); });
+    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSEnd", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsEnd); });
 #endif
 
     g_lua.writeFunction("generateDNSCryptProviderKeys", [](const std::string& publicKeyFile, const std::string privateKeyFile) {

diff --git a/regression-tests.dnsdist/test_DNSCrypt.py b/regression-tests.dnsdist/test_DNSCrypt.py
index 58abd84e4bd2568f2893a8aff15fe2d48101463a..d134264f71e35b28cc6778a15cbef80db502d0f5 100644 (file)
--- a/regression-tests.dnsdist/test_DNSCrypt.py
+++ b/regression-tests.dnsdist/test_DNSCrypt.py
@@ -25,8 +25,8 @@ class DNSCryptTest(DNSDistTest):
     _resolverCertificateSerial = 42
 
     # valid from 60s ago until 2h from now
-    _resolverCertificateValidFrom = time.time() - 60
-    _resolverCertificateValidUntil = time.time() + 7200
+    _resolverCertificateValidFrom = int(time.time() - 60)
+    _resolverCertificateValidUntil = int(time.time() + 7200)
 
     _dnsdistStartupDelay = 10
 
@@ -139,6 +139,15 @@ class TestDNSCrypt(DNSCryptTest):
         # switch to that new certificate
         self.sendConsoleCommand("getDNSCryptBind(0):loadNewCertificate('DNSCryptResolver.cert.2', 'DNSCryptResolver.key.2')")
 
+        oldSerial = self.sendConsoleCommand("getDNSCryptBind(0):getOldCertificate():getSerial()")
+        self.assertEquals(int(oldSerial), self._resolverCertificateSerial)
+        effectiveSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getSerial()")
+        self.assertEquals(int(effectiveSerial), self._resolverCertificateSerial + 1)
+        tsStart = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSStart()")
+        self.assertEquals(int(tsStart), self._resolverCertificateValidFrom)
+        tsEnd = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSEnd()")
+        self.assertEquals(int(tsEnd), self._resolverCertificateValidUntil)
+
         # we should still be able to send queries with the previous certificate
         self.doDNSCryptQuery(client, query, response, False)
         self.doDNSCryptQuery(client, query, response, True)