5c7489c Re-enable netbsd/arm builds. (JeremyRand)
Pull request description:
Do not merge this PR until miekg/dns#655 is fixed.
Tree-SHA512: 9f56e1c2d8aec52c92dda7094e8e8e5ea88a9df451efa22e4b82cf42cd0b34503c46ade2446cd14fb01afec7528599a66f05085dd0195d60109cc91f8a977380
986772b generate_nmc_cert: disable goimports linter. (JeremyRand)
fb709df generate_nmc_cert: Use more standard imports order. (JeremyRand)
cee2b18 generate_nmc_cert: Disable gofmt linter. (JeremyRand)
fca636d generate_nmc_cert: Use P256 curve by default. (JeremyRand)
7263b7a generate_nmc_cert: split falsehost into its own file, which makes auditing merges from upstream Go stdlib substantially easier. (JeremyRand)
deea55b generate_nmc_cert: rebase against Go 1.8.3 standard library. (JeremyRand)
Pull request description:
~~Not yet tested; feel free to review/test but do not merge.~~
Ready for review, I think it's mergeable.
Tree-SHA512: 18fab3d3a335f742d021f6b516681a4e3cc2320443b647d12c52bb3726d8e3c2281e2314ab4014b934eaa93329feb891e02768ff5059acf8bce587f7b901b29a
e22eaa6 Travis: build releases with Go 1.9. (JeremyRand)
6f77ecb Travis: Upgrade to Go 1.9. (JeremyRand)
92ed6ce Rebase x509 onto Go 1.9. (JeremyRand)
Pull request description:
Depends on #64. Should not be merged until The Tor Project has upgraded their RBM descriptor to Go 1.9 or higher.
Tree-SHA512: b485ad652fb63cd4aad8dddb6614ac22a2efaf1ff342f023c3b1cc30ed9697b64e378e3cfa827362c1f6871a5ce35bc9f03c6ef91c41cafb1a150fd18a7f0883
5af8e11 Temporarily disable netbsd/arm builds. (JeremyRand)
Pull request description:
Due to https://github.com/miekg/dns/issues/655 ; this should fix Travis fails. This will be reverted when that issue is fixed.
Tree-SHA512: fc0a6e81afe9747bd61c8ed622d42dfe44af7e772c78ee415853d538e4fb6d72cfce89274b691dd178b9b4a859ab3b7da3911f9a3b2427061f3306760ed5e0e4
2e50c75 ncdumpzone: Add Firefox mode. (JeremyRand)
Pull request description:
This mode outputs a cert_override.txt file (based on TLSA records) that Firefox will accept. This can be used to facilitate positive overrides in Firefox. A future PR will automate the procedure of syncing with Firefox.
Note that it won't create the correct hostname or fingerprint until #60 is merged.
Tree-SHA512: bcd060ae8239883ec5f38f73ed195ed22ce4e673738770b031678bbbab73ca8046713b0127728dec89caf7db1ddc873f9837f2b684a465aeb5cdba79537d52f6
dba4ce7 Fix erroneous duplication of domain name in TLSA records served over DNS. (JeremyRand)
cb6bcea Fix erroneous trailing period in x509 certificates served over DNS. (JeremyRand)
Pull request description:
Fixes#59, as well as a different bug that broke the same functionality as #59.
Tree-SHA512: 54b2aba1368bf0c19735e773453141be40cd8fb7403b69932c21a60ed5d8b6cce255b61a756fb1745a338901bbc5d86e26387d1375216e6a88b691d3ae25e4d3
5cbd433 certdehydrate: Add some additional error checking. (JeremyRand)
Pull request description:
Based on recommendations from "gas" static analysis. ~~Depends on #50.~~
Tree-SHA512: 8c7980abaaace3c28be6186ea0c5d7ed52ba6557d8e7df52a93a228408db1b2b1eb61d370e988db723e3f07dd3e6cd70a3d45a5c55959813fef0f8d7e967551a
4a73f53 Travis: Copy the "aligncheck" and "test" disablement from critical to non-critical section. (JeremyRand)
b999eef Travis: Disable "test" static analyzer. (JeremyRand)
Pull request description:
Should fix one of the Travis failures.
Tree-SHA512: 726d1459cf1c09e71a28753eaa846414ffdc06580541c2456581d2b9b70709cf0738c9b6a6bbb2f050273d94cc42ea59f0c3d1574f569849a1ce1ab425aa0752
ee5a290 Travis: Make gosimple critical for gometalinter. (JeremyRand)
18a502d Web server: minor refactor of initTemplates. (JeremyRand)
Pull request description:
Based on recommendations from "gosimple" static analysis. ~Depends on https://github.com/namecoin/ncdns/pull/46 .~
Tree-SHA512: c0aaebac6d91b1c958223f4e4e49626bb1ed896409cc8fa7eef13abde0d44f89565e9460c254f842785f2bd1d590457123e2a7b670dc5faa82fe3a66c76d7d4e
375ff45 certinject: NSS: Add an internal test. (JeremyRand)
ead7a20 certinject: NSS: Improve error handling. (JeremyRand)
145d1e3 certinject: Fix various issues found by static analysis. (JeremyRand)
2c8b5fe certinject: NSS improvements, now works on arbitrary NSS cert store directories. (JeremyRand)
e5c7c09 certinject: add support for the shared NSS trust store on GNU/Linux systems. (JeremyRand)
Pull request description:
Extend #16 to support the user's shared NSS trust store on GNU/Linux systems.
Please review but do not merge yet.
TODO before merging:
- [x] Get #16 merged.
- [x] Figure out what to do in the case where ncdns isn't run by the same user as the owner of the NSS database. Presumably it makes sense to run ncdns under its own user. Should we require a config option that lists the users whose NSS databases are written to?
Other issue to discuss:
Writing to the NSS database with `certutil` is really slow, I'm seeing ~700ms latency added by this. Is there a faster way to do it? If we try to handle multiple NSS databases (one per user), this could easily cause DNS timeouts. Using the system NSS database should be possible, but it would be unsafe for users who haven't installed the HPKP pin into Chromium.
Tree-SHA512: d35fcb44e6c09d6654140de8cf378b0b7523ac19d63d007064db14d5c84cd2178cad95d348baa3234843d215fb563185b98ced33c3e876876d8d42a01ba4e6a7
1f98613 Change default Namecoin RPC host from localhost to 127.0.0.1. (JeremyRand)
Pull request description:
This should be a harmless change, and for some unknown reason it fixed an "unexpected end of JSON input" RPC error on my Windows 10 x86_32 VM.
Tree-SHA512: 9ceb14423dcacf7448922bb76d2da7e8fc1f2ccb002b01c6a81b576e441143b756feef48428f54c279cacda70ab98234c8b47c60aef02bf37b03eae30f69ba89
JeremyRand