- Rename tls-additional-ports to tls-additional-port, because every

line adds one port.


git-svn-id: file:///svn/unbound/trunk@4721 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -3,6 +3,8 @@
 	  certificate and key files, access can be restricted with file and
 	  directory permissions.  The option control-use-cert is no longer
 	  used, and ignored if found in unbound.conf.
+	- Rename tls-additional-ports to tls-additional-port, because every
+	  line adds one port.
 
 6 June 2018: Wouter
 	- Patch to fix openwrt for mac os build darwin detection in configure.

doc/example.conf.in

@@ -686,7 +686,7 @@ server:
 	# tls-win-cert: no
 
 	# Also serve tls on these port numbers (eg. 443, ...), by listing
-	# tls-additional-ports: portno for each of the port numbers.
+	# tls-additional-port: portno for each of the port numbers.
 
 	# DNS64 prefix. Must be specified when DNS64 is use.
 	# Enable dns64 in module-config.  Used to synthesize IPv6 from IPv4.

doc/unbound.conf.5.in

@@ -452,8 +452,8 @@ If no cert bundle, it uses only these certificates.  Default is no.
 On windows this option uses the certificates from the cert store.  Use
 the tls\-cert\-bundle option on other systems.
 .TP
-.B tls\-additional\-ports: \fI<portnr>
-List portnumbers as tls\-additional\-ports, and when interfaces are defined,
+.B tls\-additional\-port: \fI<portnr>
+List portnumbers as tls\-additional\-port, and when interfaces are defined,
 eg. with the @port suffix, as this port number, they provide dns over TLS
 service.  Can list multiple, each on a new statement.
 .TP

services/listen_dnsport.c

@@ -1059,7 +1059,7 @@ set_recvpktinfo(int s, int family)
 /** see if interface is ssl, its port number == the ssl port number */
 static int
 if_is_ssl(const char* ifname, const char* port, int ssl_port,
-	struct config_strlist* tls_additional_ports)
+	struct config_strlist* tls_additional_port)
 {
 	struct config_strlist* s;
 	char* p = strchr(ifname, '@');
@@ -1067,7 +1067,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
 		return 1;
 	if(p && atoi(p+1) == ssl_port)
 		return 1;
-	for(s = tls_additional_ports; s; s = s->next) {
+	for(s = tls_additional_port; s; s = s->next) {
 		if(p && atoi(p+1) == atoi(s->str))
 			return 1;
 		if(!p && atoi(port) == atoi(s->str))
@@ -1089,7 +1089,7 @@ if_is_ssl(const char* ifname, const char* port, int ssl_port,
  * @param rcv: receive buffer size for UDP
  * @param snd: send buffer size for UDP
  * @param ssl_port: ssl service port number
- * @param tls_additional_ports: list of additional ssl service port numbers.
+ * @param tls_additional_port: list of additional ssl service port numbers.
  * @param reuseport: try to set SO_REUSEPORT if nonNULL and true.
  * 	set to false on exit if reuseport failed due to no kernel support.
  * @param transparent: set IP_TRANSPARENT socket option.
@@ -1103,7 +1103,7 @@ static int
 ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp, 
 	struct addrinfo *hints, const char* port, struct listen_port** list,
 	size_t rcv, size_t snd, int ssl_port,
-	struct config_strlist* tls_additional_ports, int* reuseport,
+	struct config_strlist* tls_additional_port, int* reuseport,
 	int transparent, int tcp_mss, int freebind, int use_systemd,
 	int dnscrypt_port)
 {
@@ -1170,7 +1170,7 @@ ports_create_if(const char* ifname, int do_auto, int do_udp, int do_tcp,
 	}
 	if(do_tcp) {
 		int is_ssl = if_is_ssl(ifname, port, ssl_port,
-			tls_additional_ports);
+			tls_additional_port);
 		if((s = make_sock_port(SOCK_STREAM, ifname, port, hints, 1, 
 			&noip6, 0, 0, reuseport, transparent, tcp_mss,
 			freebind, use_systemd)) == -1) {
@@ -1356,7 +1356,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				do_auto, cfg->do_udp, do_tcp, 
 				&hints, portbuf, &list,
 				cfg->so_rcvbuf, cfg->so_sndbuf,
-				cfg->ssl_port, cfg->tls_additional_ports,
+				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
 				cfg->dnscrypt_port)) {
@@ -1370,7 +1370,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 				do_auto, cfg->do_udp, do_tcp, 
 				&hints, portbuf, &list,
 				cfg->so_rcvbuf, cfg->so_sndbuf,
-				cfg->ssl_port, cfg->tls_additional_ports,
+				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
 				cfg->dnscrypt_port)) {
@@ -1386,7 +1386,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 			if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, 
 				do_tcp, &hints, portbuf, &list, 
 				cfg->so_rcvbuf, cfg->so_sndbuf,
-				cfg->ssl_port, cfg->tls_additional_ports,
+				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
 				cfg->dnscrypt_port)) {
@@ -1400,7 +1400,7 @@ listening_ports_open(struct config_file* cfg, int* reuseport)
 			if(!ports_create_if(cfg->ifs[i], 0, cfg->do_udp, 
 				do_tcp, &hints, portbuf, &list, 
 				cfg->so_rcvbuf, cfg->so_sndbuf,
-				cfg->ssl_port, cfg->tls_additional_ports,
+				cfg->ssl_port, cfg->tls_additional_port,
 				reuseport, cfg->ip_transparent,
 				cfg->tcp_mss, cfg->ip_freebind, cfg->use_systemd,
 				cfg->dnscrypt_port)) {

util/config_file.c

@@ -456,8 +456,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_NUMBER_NONZERO("ssl-port:", ssl_port)
 	else S_STR("tls-cert-bundle:", tls_cert_bundle)
 	else S_YNO("tls-win-cert:", tls_win_cert)
-	else S_STRLIST("additional-tls-port:", tls_additional_ports)
-	else S_STRLIST("tls-additional-ports:", tls_additional_ports)
+	else S_STRLIST("additional-tls-port:", tls_additional_port)
+	else S_STRLIST("tls-additional-ports:", tls_additional_port)
+	else S_STRLIST("tls-additional-port:", tls_additional_port)
 	else S_YNO("interface-automatic:", if_automatic)
 	else S_YNO("use-systemd:", use_systemd)
 	else S_YNO("do-daemonize:", do_daemonize)
@@ -878,7 +879,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_DEC(opt, "ssl-port", ssl_port)
 	else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
 	else O_YNO(opt, "tls-win-cert", tls_win_cert)
-	else O_LST(opt, "tls-additional-ports", tls_additional_ports)
+	else O_LST(opt, "tls-additional-port", tls_additional_port)
 	else O_YNO(opt, "use-systemd", use_systemd)
 	else O_YNO(opt, "do-daemonize", do_daemonize)
 	else O_STR(opt, "chroot", chrootdir)
@@ -1302,7 +1303,7 @@ config_delete(struct config_file* cfg)
 	free(cfg->ssl_service_key);
 	free(cfg->ssl_service_pem);
 	free(cfg->tls_cert_bundle);
-	config_delstrlist(cfg->tls_additional_ports);
+	config_delstrlist(cfg->tls_additional_port);
 	free(cfg->log_identity);
 	config_del_strarray(cfg->ifs, cfg->num_ifs);
 	config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);

util/config_file.h

@@ -105,7 +105,7 @@ struct config_file {
 	/** should the system certificate store get added to the cert bundle */
 	int tls_win_cert;
 	/** additional tls ports */
-	struct config_strlist* tls_additional_ports;
+	struct config_strlist* tls_additional_port;
 
 	/** outgoing port range number of ports (per thread) */
 	int outgoing_num_ports;

util/configlexer.lex

@@ -239,9 +239,10 @@ tls-port{COLON}			{ YDVAR(1, VAR_SSL_PORT) }
 ssl-cert-bundle{COLON}		{ YDVAR(1, VAR_TLS_CERT_BUNDLE) }
 tls-cert-bundle{COLON}		{ YDVAR(1, VAR_TLS_CERT_BUNDLE) }
 tls-win-cert{COLON}		{ YDVAR(1, VAR_TLS_WIN_CERT) }
-additional-ssl-port{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
-additional-tls-port{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
-tls-additional-ports{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORTS) }
+additional-ssl-port{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
+additional-tls-port{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
+tls-additional-ports{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
+tls-additional-port{COLON}	{ YDVAR(1, VAR_TLS_ADDITIONAL_PORT) }
 use-systemd{COLON}		{ YDVAR(1, VAR_USE_SYSTEMD) }
 do-daemonize{COLON}		{ YDVAR(1, VAR_DO_DAEMONIZE) }
 interface{COLON}		{ YDVAR(1, VAR_INTERFACE) }

util/configparser.c

@@ -361,7 +361,7 @@ extern int yydebug;
     VAR_URL = 490,
     VAR_FOR_DOWNSTREAM = 491,
     VAR_FALLBACK_ENABLED = 492,
-    VAR_TLS_ADDITIONAL_PORTS = 493,
+    VAR_TLS_ADDITIONAL_PORT = 493,
     VAR_LOW_RTT = 494,
     VAR_LOW_RTT_PERMIL = 495,
     VAR_ALLOW_NOTIFY = 496,
@@ -604,7 +604,7 @@ extern int yydebug;
 #define VAR_URL 490
 #define VAR_FOR_DOWNSTREAM 491
 #define VAR_FALLBACK_ENABLED 492
-#define VAR_TLS_ADDITIONAL_PORTS 493
+#define VAR_TLS_ADDITIONAL_PORT 493
 #define VAR_LOW_RTT 494
 #define VAR_LOW_RTT_PERMIL 495
 #define VAR_ALLOW_NOTIFY 496
@@ -1103,7 +1103,7 @@ static const char *const yytname[] =
   "VAR_CACHEDB_REDISTIMEOUT", "VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM",
   "VAR_FOR_UPSTREAM", "VAR_AUTH_ZONE", "VAR_ZONEFILE", "VAR_MASTER",
   "VAR_URL", "VAR_FOR_DOWNSTREAM", "VAR_FALLBACK_ENABLED",
-  "VAR_TLS_ADDITIONAL_PORTS", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
+  "VAR_TLS_ADDITIONAL_PORT", "VAR_LOW_RTT", "VAR_LOW_RTT_PERMIL",
   "VAR_ALLOW_NOTIFY", "VAR_TLS_WIN_CERT", "$accept", "toplevelvars",
   "toplevelvar", "serverstart", "contents_server", "content_server",
   "stubstart", "contents_stub", "content_stub", "forwardstart",
@@ -1124,7 +1124,7 @@ static const char *const yytname[] =
   "server_udp_upstream_without_downstream", "server_ssl_upstream",
   "server_ssl_service_key", "server_ssl_service_pem", "server_ssl_port",
   "server_tls_cert_bundle", "server_tls_win_cert",
-  "server_tls_additional_ports", "server_use_systemd",
+  "server_tls_additional_port", "server_use_systemd",
   "server_do_daemonize", "server_use_syslog", "server_log_time_ascii",
   "server_log_queries", "server_log_replies", "server_chroot",
   "server_username", "server_directory", "server_logfile",
@@ -3022,8 +3022,8 @@ yyreduce:
   case 260:
 #line 701 "./util/configparser.y" /* yacc.c:1646  */
     {
-		OUTYY(("P(server_tls_additional_ports:%s)\n", (yyvsp[0].str)));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
+		OUTYY(("P(server_tls_additional_port:%s)\n", (yyvsp[0].str)));
+		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}

util/configparser.h

@@ -280,7 +280,7 @@ extern int yydebug;
     VAR_URL = 490,
     VAR_FOR_DOWNSTREAM = 491,
     VAR_FALLBACK_ENABLED = 492,
-    VAR_TLS_ADDITIONAL_PORTS = 493,
+    VAR_TLS_ADDITIONAL_PORT = 493,
     VAR_LOW_RTT = 494,
     VAR_LOW_RTT_PERMIL = 495,
     VAR_ALLOW_NOTIFY = 496,
@@ -523,7 +523,7 @@ extern int yydebug;
 #define VAR_URL 490
 #define VAR_FOR_DOWNSTREAM 491
 #define VAR_FALLBACK_ENABLED 492
-#define VAR_TLS_ADDITIONAL_PORTS 493
+#define VAR_TLS_ADDITIONAL_PORT 493
 #define VAR_LOW_RTT 494
 #define VAR_LOW_RTT_PERMIL 495
 #define VAR_ALLOW_NOTIFY 496

util/configparser.y

@@ -156,7 +156,7 @@ extern struct config_parser_state* cfg_parser;
 %token VAR_CACHEDB_REDISHOST VAR_CACHEDB_REDISPORT VAR_CACHEDB_REDISTIMEOUT
 %token VAR_UDP_UPSTREAM_WITHOUT_DOWNSTREAM VAR_FOR_UPSTREAM
 %token VAR_AUTH_ZONE VAR_ZONEFILE VAR_MASTER VAR_URL VAR_FOR_DOWNSTREAM
-%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORTS VAR_LOW_RTT VAR_LOW_RTT_PERMIL
+%token VAR_FALLBACK_ENABLED VAR_TLS_ADDITIONAL_PORT VAR_LOW_RTT VAR_LOW_RTT_PERMIL
 %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT
 
 %%
@@ -248,7 +248,7 @@ content_server: server_num_threads | server_verbosity | server_port |
 	server_ipsecmod_ignore_bogus | server_ipsecmod_max_ttl |
 	server_ipsecmod_whitelist | server_ipsecmod_strict |
 	server_udp_upstream_without_downstream | server_aggressive_nsec |
-	server_tls_cert_bundle | server_tls_additional_ports | server_low_rtt |
+	server_tls_cert_bundle | server_tls_additional_port | server_low_rtt |
 	server_low_rtt_permil | server_tls_win_cert
 	;
 stubstart: VAR_STUB_ZONE
@@ -697,10 +697,10 @@ server_tls_win_cert: VAR_TLS_WIN_CERT STRING_ARG
 		free($2);
 	}
 	;
-server_tls_additional_ports: VAR_TLS_ADDITIONAL_PORTS STRING_ARG
+server_tls_additional_port: VAR_TLS_ADDITIONAL_PORT STRING_ARG
 	{
-		OUTYY(("P(server_tls_additional_ports:%s)\n", $2));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_ports,
+		OUTYY(("P(server_tls_additional_port:%s)\n", $2));
+		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_additional_port,
 			$2))
 			yyerror("out of memory");
 	}