support "tls ephemeral" with https

bin/named/server.c

@@ -398,8 +398,9 @@ static void
 named_server_reload(isc_task_t *task, isc_event_t *event);
 
 static isc_result_t
-listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
-	       in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target);
+listenelt_http(const cfg_obj_t *http, bool tls, const char *key,
+	       const char *cert, in_port_t port, isc_mem_t *mctx,
+	       ns_listenelt_t **target);
 
 static isc_result_t
 listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
@@ -11108,10 +11109,6 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 	if (httpobj != NULL && cfg_obj_isstring(httpobj)) {
 		const char *httpname = cfg_obj_asstring(httpobj);
 
-		if (do_tls && key == NULL) {
-			return (ISC_R_FAILURE);
-		}
-
 		http_server = find_maplist(config, "http", httpname);
 		if (http_server == NULL) {
 			cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR,
@@ -11192,7 +11189,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
 
 	if (http) {
 		INSIST(http_server != NULL);
-		CHECK(listenelt_http(http_server, key, cert, port, mctx,
+		CHECK(listenelt_http(http_server, do_tls, key, cert, port, mctx,
 				     &delt));
 	} else {
 		CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key,
@@ -11212,12 +11209,10 @@ cleanup:
 	return (result);
 }
 
-/*
- * Create a listen list for HTTP/HTTPS
- */
 static isc_result_t
-listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
-	       in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) {
+listenelt_http(const cfg_obj_t *http, bool tls, const char *key,
+	       const char *cert, in_port_t port, isc_mem_t *mctx,
+	       ns_listenelt_t **target) {
 	isc_result_t result = ISC_R_SUCCESS;
 	ns_listenelt_t *delt = NULL;
 	char **endpoints = NULL;
@@ -11229,7 +11224,7 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
 	REQUIRE((key == NULL) == (cert == NULL));
 
 	if (port == 0) {
-		port = (key != NULL) ? named_g_httpsport : named_g_httpport;
+		port = tls ? named_g_httpsport : named_g_httpport;
 	}
 
 	CHECK(cfg_map_get(http, "endpoints", &eplist));
@@ -11245,8 +11240,8 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
 
 	INSIST(i == len);
 
-	result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key,
-					  cert, endpoints, len, &delt);
+	result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, tls,
+					  key, cert, endpoints, len, &delt);
 	if (result != ISC_R_SUCCESS) {
 		if (delt != NULL) {
 			ns_listenelt_destroy(delt);

lib/ns/include/ns/listenlist.h

@@ -71,8 +71,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
 
 isc_result_t
 ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
-			 dns_acl_t *acl, const char *key, const char *cert,
-			 char **endpoints, size_t nendpoints,
+			 dns_acl_t *acl, bool tls, const char *key,
+			 const char *cert, char **endpoints, size_t nendpoints,
 			 ns_listenelt_t **target);
 /*%<
  * Create a listen-on list element for HTTP(S).

lib/ns/listenlist.c

@@ -58,8 +58,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
 
 isc_result_t
 ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
-			 dns_acl_t *acl, const char *key, const char *cert,
-			 char **endpoints, size_t nendpoints,
+			 dns_acl_t *acl, bool tls, const char *key,
+			 const char *cert, char **endpoints, size_t nendpoints,
 			 ns_listenelt_t **target) {
 	isc_result_t result;
 
@@ -67,8 +67,8 @@ ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
 	REQUIRE(endpoints != NULL && *endpoints != NULL);
 	REQUIRE(nendpoints > 0);
 
-	result = ns_listenelt_create(mctx, http_port, dscp, acl, key != NULL,
-				     key, cert, target);
+	result = ns_listenelt_create(mctx, http_port, dscp, acl, tls, key, cert,
+				     target);
 	if (result == ISC_R_SUCCESS) {
 		(*target)->is_http = true;
 		(*target)->http_endpoints = endpoints;