mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

support "tls ephemeral" with https

Browse Source
This commit is contained in:
Evan Hunt 2021-02-02 23:34:24 -08:00 committed by Ondřej Surý
parent aa9d51c494
commit fe99484e14
3 changed files with 16 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
bin/named/server.c
View File

@ -398,8 +398,9 @@ static void
named_server_reload(isc_task_t *task, isc_event_t *event); named_server_reload(isc_task_t *task, isc_event_t *event);
static isc_result_t static isc_result_t
listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, listenelt_http(const cfg_obj_t *http, bool tls, const char *key,
in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target); const char *cert, in_port_t port, isc_mem_t *mctx,
ns_listenelt_t **target);
static isc_result_t static isc_result_t
listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
@ -11108,10 +11109,6 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
if (httpobj != NULL && cfg_obj_isstring(httpobj)) { if (httpobj != NULL && cfg_obj_isstring(httpobj)) {
const char *httpname = cfg_obj_asstring(httpobj); const char *httpname = cfg_obj_asstring(httpobj);
if (do_tls && key == NULL) {
return (ISC_R_FAILURE);
}
http_server = find_maplist(config, "http", httpname); http_server = find_maplist(config, "http", httpname);
if (http_server == NULL) { if (http_server == NULL) {
cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR, cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR,
@ -11192,7 +11189,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
if (http) { if (http) {
INSIST(http_server != NULL); INSIST(http_server != NULL);
CHECK(listenelt_http(http_server, key, cert, port, mctx, CHECK(listenelt_http(http_server, do_tls, key, cert, port, mctx,
&delt)); &delt));
} else { } else {
CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key, CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key,
@ -11212,12 +11209,10 @@ cleanup:
return (result); return (result);
} }
/*
* Create a listen list for HTTP/HTTPS
*/
static isc_result_t static isc_result_t
listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, listenelt_http(const cfg_obj_t *http, bool tls, const char *key,
in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) { const char *cert, in_port_t port, isc_mem_t *mctx,
ns_listenelt_t **target) {
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
ns_listenelt_t *delt = NULL; ns_listenelt_t *delt = NULL;
char **endpoints = NULL; char **endpoints = NULL;
@ -11229,7 +11224,7 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
REQUIRE((key == NULL) == (cert == NULL)); REQUIRE((key == NULL) == (cert == NULL));
if (port == 0) { if (port == 0) {
port = (key != NULL) ? named_g_httpsport : named_g_httpport; port = tls ? named_g_httpsport : named_g_httpport;
} }
CHECK(cfg_map_get(http, "endpoints", &eplist)); CHECK(cfg_map_get(http, "endpoints", &eplist));
@ -11245,8 +11240,8 @@ listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
INSIST(i == len); INSIST(i == len);
result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key, result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, tls,
cert, endpoints, len, &delt); key, cert, endpoints, len, &delt);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
if (delt != NULL) { if (delt != NULL) {
ns_listenelt_destroy(delt); ns_listenelt_destroy(delt);

4
lib/ns/include/ns/listenlist.h
View File

@ -71,8 +71,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
isc_result_t isc_result_t
ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp, ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
dns_acl_t *acl, const char *key, const char *cert, dns_acl_t *acl, bool tls, const char *key,
char **endpoints, size_t nendpoints, const char *cert, char **endpoints, size_t nendpoints,
ns_listenelt_t **target); ns_listenelt_t **target);
/*%< /*%<
* Create a listen-on list element for HTTP(S). * Create a listen-on list element for HTTP(S).

8
lib/ns/listenlist.c
View File

@ -58,8 +58,8 @@ ns_listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
isc_result_t isc_result_t
ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp, ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
dns_acl_t *acl, const char *key, const char *cert, dns_acl_t *acl, bool tls, const char *key,
char **endpoints, size_t nendpoints, const char *cert, char **endpoints, size_t nendpoints,
ns_listenelt_t **target) { ns_listenelt_t **target) {
isc_result_t result; isc_result_t result;
@ -67,8 +67,8 @@ ns_listenelt_create_http(isc_mem_t *mctx, in_port_t http_port, isc_dscp_t dscp,
REQUIRE(endpoints != NULL && *endpoints != NULL); REQUIRE(endpoints != NULL && *endpoints != NULL);
REQUIRE(nendpoints > 0); REQUIRE(nendpoints > 0);
result = ns_listenelt_create(mctx, http_port, dscp, acl, key != NULL, result = ns_listenelt_create(mctx, http_port, dscp, acl, tls, key, cert,
key, cert, target); target);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
(*target)->is_http = true; (*target)->is_http = true;
(*target)->http_endpoints = endpoints; (*target)->http_endpoints = endpoints;