clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- ub_ctx_set_tls call for libunbound that enables DoT for the machines

Browse Source 
set with ub_ctx_set_fwd.  Patch from Florian Obser.


git-svn-id: file:///svn/unbound/trunk@5080 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2019-01-28 08:22:08 +00:00
parent 5e4f0d65ce
commit 3d2dfc4769
5 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/Changelog
View File

@ -1,3 +1,7 @@
28 January 2019: Wouter
- ub_ctx_set_tls call for libunbound that enables DoT for the machines
set with ub_ctx_set_fwd. Patch from Florian Obser.
25 January 2019: Wouter
- Fix that tcp for auth zone and outgoing does not remove and
then gets the ssl read again applied to the deleted commpoint.

10
doc/libunbound.3.in
View File

@ -20,6 +20,7 @@
.B ub_ctx_config,
.B ub_ctx_set_fwd,
.B ub_ctx_set_stub,
.B ub_ctx_set_tls,
.B ub_ctx_resolvconf,
.B ub_ctx_hosts,
.B ub_ctx_add_ta,
@ -72,6 +73,9 @@
\fIint\fR isprime);
.LP
\fIint\fR
\fBub_ctx_set_tls\fR(\fIstruct ub_ctx*\fR ctx, \fIint\fR tls);
.LP
\fIint\fR
\fBub_ctx_resolvconf\fR(\fIstruct ub_ctx*\fR ctx, \fIchar*\fR fname);
.LP
\fIint\fR
@ -227,6 +231,12 @@ for different zones, or to add multiple addresses for a particular zone.
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_set_tls
Enable DNS over TLS (DoT) for machines set with
.B ub_ctx_set_fwd.
At this time it is only possible to set configuration before the
first resolve is done.
.TP
.B ub_ctx_resolvconf
By default the root servers are queried and full resolver mode is used, but
you can use this call to read the list of nameservers to use from the

13
libunbound/libunbound.c
View File

@ -966,6 +966,19 @@ ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr)
return UB_NOERROR;
}
int ub_ctx_set_tls(struct ub_ctx* ctx, int tls)
{
lock_basic_lock(&ctx->cfglock);
if(ctx->finalized) {
lock_basic_unlock(&ctx->cfglock);
errno=EINVAL;
return UB_AFTERFINAL;
}
ctx->env->cfg->ssl_upstream = tls;
lock_basic_unlock(&ctx->cfglock);
return UB_NOERROR;
}
int ub_ctx_set_stub(struct ub_ctx* ctx, const char* zone, const char* addr,
int isprime)
{

1
libunbound/ubsyms.def
View File

@ -20,6 +20,7 @@ ub_ctx_set_event
ub_ctx_set_fwd
ub_ctx_set_option
ub_ctx_set_stub
ub_ctx_set_tls
ub_ctx_trustedkeys
ub_ctx_zone_add
ub_ctx_zone_remove

11
libunbound/unbound.h
View File

@ -309,6 +309,17 @@ int ub_ctx_config(struct ub_ctx* ctx, const char* fname);
*/
int ub_ctx_set_fwd(struct ub_ctx* ctx, const char* addr);
/**
* Use DNS over TLS to send queries to machines set with ub_ctx_set_fwd().
*
* @param ctx: context.
* At this time it is only possible to set configuration before the
* first resolve is done.
* @param tls: enable or disable DNS over TLS
* @return 0 if OK, else error.
*/
int ub_ctx_set_tls(struct ub_ctx* ctx, int tls);
/**
* Add a stub zone, with given address to send to. This is for custom
* root hints or pointing to a local authoritative dns server.