mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- Fixes for the patch, and man page entry.
git-svn-id: file:///svn/unbound/trunk@5055 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
8ae9f26bce
commit
5d82b7c421
@ -433,13 +433,13 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
||||
fatal_exit("could not set up listen SSL_CTX");
|
||||
if(cfg->tls_ciphers && cfg->tls_ciphers[0]) {
|
||||
if (!SSL_CTX_set_cipher_list(daemon->listen_sslctx, cfg->tls_ciphers)) {
|
||||
fatal_exit("faild to set tls-cipher %s",cfg->tls_ciphers);
|
||||
fatal_exit("failed to set tls-cipher %s", cfg->tls_ciphers);
|
||||
}
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x1010101
|
||||
if(cfg->tls_ciphersuites && cfg->tls_ciphersuites[0]) {
|
||||
if (!SSL_CTX_set_ciphersuites(daemon->listen_sslctx, cfg->tls_ciphersuites)) {
|
||||
fatal_exit("faild to set tls-ciphersuites %s",cfg->tls_ciphersuites);
|
||||
fatal_exit("failed to set tls-ciphersuites %s", cfg->tls_ciphersuites);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -1,6 +1,7 @@
|
||||
23 January 2018: Wouter
|
||||
- Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
|
||||
options for unbound.conf.
|
||||
- Fixes for the patch, and man page entry.
|
||||
|
||||
22 January 2018: Wouter
|
||||
- Fix space calculation for tcp req buffer size.
|
||||
|
@ -504,6 +504,14 @@ List portnumbers as tls\-additional\-port, and when interfaces are defined,
|
||||
eg. with the @port suffix, as this port number, they provide dns over TLS
|
||||
service. Can list multiple, each on a new statement.
|
||||
.TP
|
||||
.B tls\-ciphers: \fI<string with cipher list>
|
||||
Set the list of ciphers to allow when serving TLS. Use "" for defaults,
|
||||
and that is the default.
|
||||
.TP
|
||||
.B tls\-ciphersuites: \fI<string with ciphersuites list>
|
||||
Set the list of ciphersuites to allow when serving TLS. This is for newer
|
||||
TLS 1.3 connections. Use "" for defaults, and that is the default.
|
||||
.TP
|
||||
.B use\-systemd: \fI<yes or no>
|
||||
Enable or disable systemd socket activation.
|
||||
Default is no.
|
||||
|
@ -487,8 +487,8 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||
else S_STRLIST("additional-tls-port:", tls_additional_port)
|
||||
else S_STRLIST("tls-additional-ports:", tls_additional_port)
|
||||
else S_STRLIST("tls-additional-port:", tls_additional_port)
|
||||
else S_STR("tls_ciphers:", tls_ciphers)
|
||||
else S_STR("tls_ciphersuites:", tls_ciphersuites)
|
||||
else S_STR("tls-ciphers:", tls_ciphers)
|
||||
else S_STR("tls-ciphersuites:", tls_ciphersuites)
|
||||
else S_YNO("interface-automatic:", if_automatic)
|
||||
else S_YNO("use-systemd:", use_systemd)
|
||||
else S_YNO("do-daemonize:", do_daemonize)
|
||||
@ -1362,6 +1362,8 @@ config_delete(struct config_file* cfg)
|
||||
free(cfg->ssl_service_pem);
|
||||
free(cfg->tls_cert_bundle);
|
||||
config_delstrlist(cfg->tls_additional_port);
|
||||
free(cfg->tls_ciphers);
|
||||
free(cfg->tls_ciphersuites);
|
||||
free(cfg->log_identity);
|
||||
config_del_strarray(cfg->ifs, cfg->num_ifs);
|
||||
config_del_strarray(cfg->out_ifs, cfg->num_out_ifs);
|
||||
|
@ -120,9 +120,9 @@ struct config_file {
|
||||
int tls_win_cert;
|
||||
/** additional tls ports */
|
||||
struct config_strlist* tls_additional_port;
|
||||
/** TLS chiper **/
|
||||
/** TLS ciphers */
|
||||
char* tls_ciphers;
|
||||
/** TLS chipersuites (TLSv1.3) **/
|
||||
/** TLS chipersuites (TLSv1.3) */
|
||||
char* tls_ciphersuites;
|
||||
|
||||
/** outgoing port range number of ports (per thread) */
|
||||
|
Loading…
Reference in New Issue
Block a user