dearsky/numa
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 25 Wiki Activity
Files
186e70937381b66dfa4236f968acb1d1def44683
numa/src
History
Razvan Dimescu 186e709373 test: verify DoT server rejects mismatched ALPN 
Adds dot_rejects_non_dot_alpn to assert the rustls server enforces
ALPN strictness rather than silently accepting a mismatched
negotiation. This is the load-bearing behavior behind the cross-
protocol confusion defense — without enforcement, the ALPN "dot"
advertisement is just a sign hung on an unlocked door.

Refactors test_tls_configs to return the leaf cert DER instead of a
prebuilt client config, and adds a dot_client(cert_der, alpn) helper
so each test can build a client config with the ALPN list it needs.
The five existing DoT tests gain one line each to call dot_client
with dot_alpn(); behavior unchanged.

127/127 tests pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-08 02:53:43 +03:00
..
api.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
blocklist.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
buffer.rs
feat: recursive DNS + DNSSEC + TCP fallback (#17)
2026-03-28 04:03:47 +02:00
cache.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
config.rs
feat: add DNS-over-TLS (DoT) listener (RFC 7858)
2026-04-08 02:53:43 +03:00
ctx.rs
fix: parse DoT queries up-front and echo question in SERVFAIL
2026-04-08 02:53:43 +03:00
dnssec.rs
feat: SRTT-based nameserver selection (#19)
2026-03-28 23:22:31 +02:00
dot.rs
test: verify DoT server rejects mismatched ALPN
2026-04-08 02:53:43 +03:00
forward.rs
refactor: deduplicate query builders, record extraction, sinkhole records (#22)
2026-03-29 14:22:07 +03:00
header.rs
add Makefile with clippy/rustfmt linting, fix all warnings
2026-03-10 05:04:31 +02:00
lan.rs
fix: regenerate TLS cert when services change (hot-reload via ArcSwap)
2026-03-23 16:14:06 +02:00
lib.rs
feat: add DNS-over-TLS (DoT) listener (RFC 7858)
2026-04-08 02:53:43 +03:00
main.rs
feat: DoT write timeout and ALPN "dot" advertisement
2026-04-08 02:53:43 +03:00
override_store.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
packet.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
proxy.rs
feat: self-host fonts, styled block page, wildcard TLS (#16)
2026-03-27 02:19:54 +02:00
query_log.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
question.rs
feat: recursive DNS + DNSSEC + TCP fallback (#17)
2026-03-28 04:03:47 +02:00
record.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
recursive.rs
fix: harden DoT listener against slowloris and stale handshakes
2026-04-08 02:53:43 +03:00
service_store.rs
fix: regenerate TLS cert when services change (hot-reload via ArcSwap)
2026-03-23 16:14:06 +02:00
srtt.rs
feat: Windows DNS configuration via netsh (#28)
2026-04-01 18:17:52 +03:00
stats.rs
feat: add memory footprint to /stats and dashboard (#26)
2026-04-01 09:09:44 +03:00
system_dns.rs
style: fix rustfmt formatting
2026-04-06 22:46:54 +03:00
tls.rs
feat: DoT write timeout and ALPN "dot" advertisement
2026-04-08 02:53:43 +03:00