From 13a325f549c53a25083951c0f67ddbd68984dd6f Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Sun, 9 Jul 2017 12:29:08 +0200 Subject: [PATCH] dnsdist: Fix the DNSCrypt timestamps returned by the Lua bindings I completely forgot that they were stored in network by-order. Thanks to bjoe2k4 for reporting the issue! --- pdns/dnsdist-lua2.cc | 4 ++-- regression-tests.dnsdist/test_DNSCrypt.py | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc index 329f3f041..b299c83ea 100644 --- a/pdns/dnsdist-lua2.cc +++ b/pdns/dnsdist-lua2.cc @@ -633,8 +633,8 @@ void moreLua(bool client) g_lua.registerFunction("getResolverPublicKey", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast(cert.signedData.resolverPK), sizeof(cert.signedData.resolverPK)); }); g_lua.registerFunction("getClientMagic", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast(cert.signedData.clientMagic), sizeof(cert.signedData.clientMagic)); }); g_lua.registerFunction("getSerial", [](const DnsCryptCert& cert) { return cert.signedData.serial; }); - g_lua.registerFunction("getTSStart", [](const DnsCryptCert& cert) { return cert.signedData.tsStart; }); - g_lua.registerFunction("getTSEnd", [](const DnsCryptCert& cert) { return cert.signedData.tsEnd; }); + g_lua.registerFunction("getTSStart", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsStart); }); + g_lua.registerFunction("getTSEnd", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsEnd); }); #endif g_lua.writeFunction("generateDNSCryptProviderKeys", [](const std::string& publicKeyFile, const std::string privateKeyFile) { diff --git a/regression-tests.dnsdist/test_DNSCrypt.py b/regression-tests.dnsdist/test_DNSCrypt.py index 58abd84e4..d134264f7 100644 --- a/regression-tests.dnsdist/test_DNSCrypt.py +++ b/regression-tests.dnsdist/test_DNSCrypt.py @@ -25,8 +25,8 @@ class DNSCryptTest(DNSDistTest): _resolverCertificateSerial = 42 # valid from 60s ago until 2h from now - _resolverCertificateValidFrom = time.time() - 60 - _resolverCertificateValidUntil = time.time() + 7200 + _resolverCertificateValidFrom = int(time.time() - 60) + _resolverCertificateValidUntil = int(time.time() + 7200) _dnsdistStartupDelay = 10 @@ -139,6 +139,15 @@ class TestDNSCrypt(DNSCryptTest): # switch to that new certificate self.sendConsoleCommand("getDNSCryptBind(0):loadNewCertificate('DNSCryptResolver.cert.2', 'DNSCryptResolver.key.2')") + oldSerial = self.sendConsoleCommand("getDNSCryptBind(0):getOldCertificate():getSerial()") + self.assertEquals(int(oldSerial), self._resolverCertificateSerial) + effectiveSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getSerial()") + self.assertEquals(int(effectiveSerial), self._resolverCertificateSerial + 1) + tsStart = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSStart()") + self.assertEquals(int(tsStart), self._resolverCertificateValidFrom) + tsEnd = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSEnd()") + self.assertEquals(int(tsEnd), self._resolverCertificateValidUntil) + # we should still be able to send queries with the previous certificate self.doDNSCryptQuery(client, query, response, False) self.doDNSCryptQuery(client, query, response, True) -- 2.40.0