mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Add 'ephemeral' keyword to 'tls' option in listen-on directive.

Browse Source 
listen-on tls ephemeral will cause named to create an ephemeral
TLS self-signed certificate and key, stored only in memory.
This commit is contained in:
Witold Kręcicki 2020-10-09 22:13:45 +02:00 committed by Ondřej Surý
parent 2cfc8a45a4
commit e94afa5bc0
1 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
bin/named/server.c
View File

@ -10874,23 +10874,30 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
/* XXXWPK TODO be more verbose on failures. */ /* XXXWPK TODO be more verbose on failures. */
tlsobj = cfg_tuple_get(listener, "tls"); tlsobj = cfg_tuple_get(listener, "tls");
if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) { if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) {
if (!strcmp(cfg_obj_asstring(tlsobj), "ephemeral")) {
tls = true;
} else {
const cfg_obj_t *tlsconfigs = NULL; const cfg_obj_t *tlsconfigs = NULL;
const cfg_listelt_t *element; const cfg_listelt_t *element;
(void)cfg_map_get(config, "tls", &tlsconfigs); (void)cfg_map_get(config, "tls", &tlsconfigs);
for (element = cfg_list_first(tlsconfigs); element != NULL; for (element = cfg_list_first(tlsconfigs);
element = cfg_list_next(element)) element != NULL; element = cfg_list_next(element))
{ {
cfg_obj_t *tconfig = cfg_listelt_value(element); cfg_obj_t *tconfig = cfg_listelt_value(element);
const cfg_obj_t *name = cfg_map_getname(tconfig); const cfg_obj_t *name =
cfg_map_getname(tconfig);
if (!strcmp(cfg_obj_asstring(name), if (!strcmp(cfg_obj_asstring(name),
cfg_obj_asstring(tlsobj))) { cfg_obj_asstring(tlsobj))) {
tls = true; tls = true;
const cfg_obj_t *keyo = NULL, *certo = NULL; const cfg_obj_t *keyo = NULL,
(void)cfg_map_get(tconfig, "key-file", &keyo); *certo = NULL;
(void)cfg_map_get(tconfig, "key-file",
&keyo);
if (keyo == NULL) { if (keyo == NULL) {
return (ISC_R_FAILURE); return (ISC_R_FAILURE);
} }
(void)cfg_map_get(tconfig, "cert-file", &certo); (void)cfg_map_get(tconfig, "cert-file",
&certo);
if (certo == NULL) { if (certo == NULL) {
return (ISC_R_FAILURE); return (ISC_R_FAILURE);
} }
@ -10899,6 +10906,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
break; break;
} }
} }
}
if (!tls) { if (!tls) {
return (ISC_R_FAILURE); return (ISC_R_FAILURE);
} }