Update components

README.md

@@ -1,18 +1,19 @@
 # dane
+
 Go library for DANE TLSA authentication
 
-### Pre-requisites
+## Pre-requisites
 
 * Go
 * Go dns package from https://github.com/miekg/dns
 
-### Documentation
+## Documentation
 
 Formatted documentation for this module can be found at:
 
 https://pkg.go.dev/github.com/shuque/dane?tab=doc
 
-### Description
+## Description
 
 Package dane provides a set of functions to perform DANE authentication
 of a TLS server, with fall back to PKIX authentication if no DANE TLSA
@@ -74,12 +75,11 @@ will return a working TLS connection handle even if server authentication
 fails (rather than an error), but will populate the dane.Config's DiagError
 member with the appropriate error instead.
 
-
-### Example code
+## Example code
 
 The basic steps in summary form are:
 
-```
+```go
 import (
     ...
     "github.com/shuque/dane"
@@ -94,24 +94,24 @@ tlsa, err := dane.GetTLSA(resolver, hostname, port)
 iplist, err := dane.GetAddresses(resolver, hostname, true)
 
 for _, ip := range iplist {
-	daneconfig := dane.NewConfig(hostname, ip, 443)
-	daneconfig.SetTLSA(tlsa)
-	conn, err := dane.DialTLS(daneconfig)
-	if err != nil {
-		fmt.Printf("Result: FAILED: %s\n", err.Error())
-		continue
-	}
-	if daneconfig.Okdane {
-		fmt.Printf("Result: DANE OK\n")
-	} else if daneconfig.Okpkix {
-		fmt.Printf("Result: PKIX OK\n")
-	} else {
-		fmt.Printf("Result: FAILED\n")
-	}
-	//
-	// do some stuff with the obtained TLS connection here
-	//
-	conn.Close()
+  daneconfig := dane.NewConfig(hostname, ip, 443)
+  daneconfig.SetTLSA(tlsa)
+  conn, err := dane.DialTLS(daneconfig)
+  if err != nil {
+    fmt.Printf("Result: FAILED: %s\n", err.Error())
+    continue
+  }
+  if daneconfig.Okdane {
+    fmt.Printf("Result: DANE OK\n")
+  } else if daneconfig.Okpkix {
+    fmt.Printf("Result: PKIX OK\n")
+  } else {
+    fmt.Printf("Result: FAILED\n")
+  }
+  //
+  // do some stuff with the obtained TLS connection here
+  //
+  conn.Close()
 }
 ```
 

byname.go

@@ -8,9 +8,7 @@ import (
 	"time"
 )
 
-//
 // Response - response information
-//
 type Response struct {
 	config *Config
 	conn   *tls.Conn
@@ -23,7 +21,6 @@ var IPv6Headstart = 25 * time.Millisecond
 // Maximum number of parallel connections attempted
 var MaxParallelConnections = 30
 
-//
 // ConnectByName takes a hostname and port, resolves the addresses for
 // the hostname (IPv6 followed by IPv4), and then attempts to connect to
 // them and establish TLS using DANE or PKIX authentication - DANE is
@@ -33,7 +30,6 @@ var MaxParallelConnections = 30
 //
 // Uses a default DANE configuration. For a custom DANE configuration,
 // use the DialTLS or DialStartTLS functions instead.
-//
 func ConnectByName(hostname string, port int) (*tls.Conn, *Config, error) {
 
 	var conn *tls.Conn
@@ -74,10 +70,8 @@ func ConnectByName(hostname string, port int) (*tls.Conn, *Config, error) {
 		hostname)
 }
 
-//
 // ConnectByNameAsyncBase. Should not be called directly. Instead call
 // either ConnectByNameAsync or ConnectByNameAsync2
-//
 func ConnectByNameAsyncBase(hostname string, port int, pkixfallback bool) (*tls.Conn, *Config, error) {
 
 	var conn *tls.Conn
@@ -149,23 +143,19 @@ func ConnectByNameAsyncBase(hostname string, port int, pkixfallback bool) (*tls.
 		hostname)
 }
 
-//
 // ConnectByNameAsync is an async version of ConnectByName that tries
 // to connect to all server addresses in parallel, and returns the first
 // successful connection. IPv4 connections are intentionally delayed by
 // an IPv6HeadStart amount of time. Performs DANE authentication with
 // fallback to PKIX if no secure TLSA records are found.
-//
 func ConnectByNameAsync(hostname string, port int) (*tls.Conn, *Config, error) {
 
 	return ConnectByNameAsyncBase(hostname, port, true)
 }
 
-//
 // ConnectByNameAsync2 is the same as ConnectByNameAsync, but supports
 // an additional argument to specify whether PKIX fallback should be performed.
 // By setting that argument to false, we can require DANE only authentication.
-//
 func ConnectByNameAsync2(hostname string, port int, pkixfallback bool) (*tls.Conn, *Config, error) {
 
 	return ConnectByNameAsyncBase(hostname, port, pkixfallback)

dns.go

@@ -8,19 +8,15 @@ import (
 	"github.com/miekg/dns"
 )
 
-//
 // Query contains parameters of a DNS query: name, type, and class.
-//
 type Query struct {
 	Name  string
 	Type  uint16
 	Class uint16
 }
 
-//
 // NewQuery returns an initialized Query structure from the given query
 // parameters.
-//
 func NewQuery(qname string, qtype uint16, qclass uint16) *Query {
 	q := new(Query)
 	q.Name = dns.Fqdn(qname)
@@ -29,10 +25,8 @@ func NewQuery(qname string, qtype uint16, qclass uint16) *Query {
 	return q
 }
 
-//
 // MakeQuery constructs a DNS query message (*dns.Msg) from the given
 // query and resolver parameters.
-//
 func makeQueryMessage(query *Query, resolver *Resolver) *dns.Msg {
 
 	m := new(dns.Msg)
@@ -47,10 +41,8 @@ func makeQueryMessage(query *Query, resolver *Resolver) *dns.Msg {
 	return m
 }
 
-//
 // SendQueryUDP sends a DNS query via UDP with timeout and retries if
 // necessary.
-//
 func sendQueryUDP(query *Query, resolver *Resolver) (*dns.Msg, error) {
 
 	var response *dns.Msg
@@ -79,9 +71,7 @@ func sendQueryUDP(query *Query, resolver *Resolver) (*dns.Msg, error) {
 	return nil, err
 }
 
-//
 // SendQueryTCP sends a DNS query via TCP.
-//
 func sendQueryTCP(query *Query, resolver *Resolver) (*dns.Msg, error) {
 
 	var response *dns.Msg
@@ -103,9 +93,7 @@ func sendQueryTCP(query *Query, resolver *Resolver) (*dns.Msg, error) {
 
 }
 
-//
 // SendQuery sends a DNS query via UDP with fallback to TCP upon truncation.
-//
 func sendQuery(query *Query, resolver *Resolver) (*dns.Msg, error) {
 
 	var response *dns.Msg
@@ -126,10 +114,8 @@ func sendQuery(query *Query, resolver *Resolver) (*dns.Msg, error) {
 	return response, err
 }
 
-//
 // responseOK determines whether we have an authoritative response in
 // the given DNS message (NOERROR or NXDOMAIN).
-//
 func responseOK(response *dns.Msg) bool {
 
 	switch response.MsgHdr.Rcode {
@@ -140,9 +126,7 @@ func responseOK(response *dns.Msg) bool {
 	}
 }
 
-//
 // GetAddresses obtains a list of IPv4 and IPv6 addresses for given hostname.
-//
 func GetAddresses(resolver *Resolver, hostname string, secure bool) ([]net.IP, error) {
 
 	var ipList []net.IP
@@ -187,12 +171,10 @@ func GetAddresses(resolver *Resolver, hostname string, secure bool) ([]net.IP, e
 	return ipList, nil
 }
 
-//
 // Message2TSLAinfo returns a populated TLSAinfo structure from the
 // contents of a given dns message that contains a response to a
 // TLSA query. The qname parameter provides the expected TLSA query
 // name string.
-//
 func Message2TSLAinfo(qname string, message *dns.Msg) *TLSAinfo {
 
 	var tr *TLSArdata
@@ -216,10 +198,8 @@ func Message2TSLAinfo(qname string, message *dns.Msg) *TLSAinfo {
 	return tlsa
 }
 
-//
 // GetTLSA returns the DNS TLSA RRset information for the given hostname,
 // port and resolver parameters.
-//
 func GetTLSA(resolver *Resolver, hostname string, port int) (*TLSAinfo, error) {
 
 	var q *Query

go.mod

@@ -2,11 +2,12 @@ module github.com/shuque/dane
 
 go 1.18
 
-require github.com/miekg/dns v1.1.55
+require github.com/miekg/dns v1.1.61
 
 require (
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.12.0 // indirect
-	golang.org/x/sys v0.10.0 // indirect
-	golang.org/x/tools v0.11.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
+	golang.org/x/tools v0.23.0 // indirect
 )

go.sum

@@ -1,11 +1,23 @@
 github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo=
 github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY=
+github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs=
+github.com/miekg/dns v1.1.61/go.mod h1:mnAarhS3nWaW+NVP2wTkYVIZyHNJ098SJZUki3eykwQ=
 golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50=
 golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
 golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/tools v0.11.0 h1:EMCa6U9S2LtZXLAMoWiR/R8dAQFRqbAitmbJ2UKhoi8=
 golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=

http.go

@@ -8,12 +8,10 @@ import (
 	"strings"
 )
 
-//
 // GetHttpClient returns a net/http Client structure configured to perform
 // DANE TLS authentication of the HTTPS server. If the argument pkixfallback
 // is set to true, then PKIX authentication will be attempted if the server
 // does not have any published secure DANE TLSA records.
-//
 func GetHttpClient(pkixfallback bool) http.Client {
 
 	t := &http.Transport{

http_test.go

@@ -8,7 +8,7 @@ package dane
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"testing"
 )
@@ -35,7 +35,7 @@ func TestGetHttpClient(t *testing.T) {
 		defer response.Body.Close()
 	}
 
-	body, err := ioutil.ReadAll(response.Body)
+	body, err := io.ReadAll(response.Body)
 	if err != nil {
 		t.Fatalf("Reading HTTP response body: %s\n", err.Error())
 	}

tls.go

@@ -47,7 +47,7 @@ func verifyChain(certs []*x509.Certificate, config *tls.Config,
 // Config data structure that performs DANE and PKIX authentication of
 // the server certificate as appropriate.
 func verifyServer(rawCerts [][]byte,
-	verifiedChains [][]*x509.Certificate,
+	_ [][]*x509.Certificate,
 	tlsconfig *tls.Config, daneconfig *Config) error {
 
 	var err error