diff --git a/bin/named/server.c b/bin/named/server.c index d553683fa3..e4e80f6f81 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -398,8 +398,9 @@ static void named_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t -listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, - in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target); +listenelt_http(const cfg_obj_t *http, bool tls, const char *key, + const char *cert, in_port_t port, isc_mem_t *mctx, + ns_listenelt_t **target); static isc_result_t listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, @@ -11108,10 +11109,6 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (httpobj != NULL && cfg_obj_isstring(httpobj)) { const char *httpname = cfg_obj_asstring(httpobj); - if (do_tls && key == NULL) { - return (ISC_R_FAILURE); - } - http_server = find_maplist(config, "http", httpname); if (http_server == NULL) { cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR, @@ -11192,7 +11189,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (http) { INSIST(http_server != NULL); - CHECK(listenelt_http(http_server, key, cert, port, mctx, + CHECK(listenelt_http(http_server, do_tls, key, cert, port, mctx, &delt)); } else { CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key, @@ -11212,12 +11209,10 @@ cleanup: return (result); } -/* - * Create a listen list for HTTP/HTTPS - */ static isc_result_t -listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, - in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) { +listenelt_http(const cfg_obj_t *http, bool tls, const char *key, + const char *cert, in_port_t port, isc_mem_t *mctx, + ns_listenelt_t **target) { isc_result_t result = ISC_R_SUCCESS; ns_listenelt_t *delt = NULL; char **endpoints = NULL; @@ -11229,7 +11224,7 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, REQUIRE((key == NULL) == (cert == NULL)); if (port == 0) { - port = (key != NULL) ? named_g_httpsport : named_g_httpport; + port = tls ? named_g_httpsport : named_g_httpport; } CHECK(cfg_map_get(http, "endpoints", &eplist)); @@ -11245,8 +11240,8 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, INSIST(i == len); - result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key, - cert, endpoints, len, &delt); + result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, tls, + key, cert, endpoints, len, &delt); if (result != ISC_R_SUCCESS) { if (delt != NULL) { ns_listenelt_destroy(delt); diff --git a/lib/ns/include/ns/listenlist.h b/lib/ns/include/ns/listenlist.h index de30a5747b..8393d67980 100644 --- a/lib/ns/include/ns/listenlist.h +++ b/lib/ns/include/ns/listenlist.h @@ -71,8 +71,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp, isc_result_t ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp, - dns_acl_t *acl, const char *key, const char *cert, - char **endpoints, size_t nendpoints, + dns_acl_t *acl, bool tls, const char *key, + const char *cert, char **endpoints, size_t nendpoints, ns_listenelt_t **target); /*%< * Create a listen-on list element for HTTP(S). diff --git a/lib/ns/listenlist.c b/lib/ns/listenlist.c index 5fbb59db9f..2d88c8654f 100644 --- a/lib/ns/listenlist.c +++ b/lib/ns/listenlist.c @@ -58,8 +58,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp, isc_result_t ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp, - dns_acl_t *acl, const char *key, const char *cert, - char **endpoints, size_t nendpoints, + dns_acl_t *acl, bool tls, const char *key, + const char *cert, char **endpoints, size_t nendpoints, ns_listenelt_t **target) { isc_result_t result; @@ -67,8 +67,8 @@ ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp, REQUIRE(endpoints != NULL && *endpoints != NULL); REQUIRE(nendpoints > 0); - result = ns_listenelt_create(mctx, http_port, dscp, acl, key != NULL, - key, cert, target); + result = ns_listenelt_create(mctx, http_port, dscp, acl, tls, key, cert, + target); if (result == ISC_R_SUCCESS) { (*target)->is_http = true; (*target)->http_endpoints = endpoints;