mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00
Code Issues Releases Wiki Activity

Add 'ephemeral' keyword to 'tls' option in listen-on directive.

Browse Source 
listen-on tls ephemeral will cause named to create an ephemeral
TLS self-signed certificate and key, stored only in memory.
This commit is contained in:
Witold Kręcicki 2020-10-09 22:13:45 +02:00 committed by Ondřej Surý
parent 2cfc8a45a4
commit e94afa5bc0
1 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
bin/named/server.c
View File

@ -10874,29 +10874,37 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
/* XXXWPK TODO be more verbose on failures. */ /* XXXWPK TODO be more verbose on failures. */
tlsobj = cfg_tuple_get(listener, "tls"); tlsobj = cfg_tuple_get(listener, "tls");
if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) { if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) {
const cfg_obj_t *tlsconfigs = NULL; if (!strcmp(cfg_obj_asstring(tlsobj), "ephemeral")) {
const cfg_listelt_t *element; tls = true;
(void)cfg_map_get(config, "tls", &tlsconfigs); } else {
for (element = cfg_list_first(tlsconfigs); element != NULL; const cfg_obj_t *tlsconfigs = NULL;
element = cfg_list_next(element)) const cfg_listelt_t *element;
{ (void)cfg_map_get(config, "tls", &tlsconfigs);
cfg_obj_t *tconfig = cfg_listelt_value(element); for (element = cfg_list_first(tlsconfigs);
const cfg_obj_t *name = cfg_map_getname(tconfig); element != NULL; element = cfg_list_next(element))
if (!strcmp(cfg_obj_asstring(name), {
cfg_obj_asstring(tlsobj))) { cfg_obj_t *tconfig = cfg_listelt_value(element);
tls = true; const cfg_obj_t *name =
const cfg_obj_t *keyo = NULL, *certo = NULL; cfg_map_getname(tconfig);
(void)cfg_map_get(tconfig, "key-file", &keyo); if (!strcmp(cfg_obj_asstring(name),
if (keyo == NULL) { cfg_obj_asstring(tlsobj))) {
return (ISC_R_FAILURE); tls = true;
const cfg_obj_t *keyo = NULL,
*certo = NULL;
(void)cfg_map_get(tconfig, "key-file",
&keyo);
if (keyo == NULL) {
return (ISC_R_FAILURE);
}
(void)cfg_map_get(tconfig, "cert-file",
&certo);
if (certo == NULL) {
return (ISC_R_FAILURE);
}
key = cfg_obj_asstring(keyo);
cert = cfg_obj_asstring(certo);
break;
} }
(void)cfg_map_get(tconfig, "cert-file", &certo);
if (certo == NULL) {
return (ISC_R_FAILURE);
}
key = cfg_obj_asstring(keyo);
cert = cfg_obj_asstring(certo);
break;
} }
} }
if (!tls) { if (!tls) {