For TLS session keys, keep config options in order read from file to keep the first one as the first one.

git-svn-id: file:///svn/unbound/trunk@5064 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/unbound.c

@@ -443,8 +443,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 			}
 		}
 #endif
-		if(cfg->tls_session_ticket_keys) {
-			if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys)) {
+		if(cfg->tls_session_ticket_keys.first) {
+			if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys.first)) {
 				fatal_exit("could not set session ticket SSL_CTX");
 			}
 		}

doc/Changelog

@@ -6,7 +6,9 @@
 	  library compatibility when compiling.
 	- Patch for TLS session resumption from Manabu Sonoda,
 	  enable with tls-session-ticket-keys in unbound.conf.
-	- Fixes for patch (includes, declarations, warnings).
+	- Fixes for patch (includes, declarations, warnings).  Free at end
+	  and keep config options in order read from file to keep the first
+	  one as the first one.
 
 22 January 2018: Wouter
 	- Fix space calculation for tcp req buffer size.

util/config_file.c

@@ -487,7 +487,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
 	else S_STRLIST("additional-tls-port:", tls_additional_port)
 	else S_STRLIST("tls-additional-ports:", tls_additional_port)
 	else S_STRLIST("tls-additional-port:", tls_additional_port)
-	else S_STRLIST("tls-session-ticket-keys:", tls_session_ticket_keys)
+	else S_STRLIST_APPEND("tls-session-ticket-keys:", tls_session_ticket_keys)
 	else S_STR("tls-ciphers:", tls_ciphers)
 	else S_STR("tls-ciphersuites:", tls_ciphersuites)
 	else S_YNO("interface-automatic:", if_automatic)
@@ -927,7 +927,7 @@ config_get_option(struct config_file* cfg, const char* opt,
 	else O_STR(opt, "tls-cert-bundle", tls_cert_bundle)
 	else O_YNO(opt, "tls-win-cert", tls_win_cert)
 	else O_LST(opt, "tls-additional-port", tls_additional_port)
-	else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys)
+	else O_LST(opt, "tls-session-ticket-keys", tls_session_ticket_keys.first)
 	else O_STR(opt, "tls-ciphers", tls_ciphers)
 	else O_STR(opt, "tls-ciphersuites", tls_ciphersuites)
 	else O_YNO(opt, "use-systemd", use_systemd)
@@ -1364,7 +1364,7 @@ config_delete(struct config_file* cfg)
 	free(cfg->ssl_service_pem);
 	free(cfg->tls_cert_bundle);
 	config_delstrlist(cfg->tls_additional_port);
-	config_delstrlist(cfg->tls_session_ticket_keys);
+	config_delstrlist(cfg->tls_session_ticket_keys.first);
 	free(cfg->tls_ciphers);
 	free(cfg->tls_ciphersuites);
 	free(cfg->log_identity);

util/config_file.h

@@ -121,7 +121,7 @@ struct config_file {
 	/** additional tls ports */
 	struct config_strlist* tls_additional_port;
 	/** secret key used to encrypt and decrypt TLS session ticket */
-	struct config_strlist* tls_session_ticket_keys;
+	struct config_strlist_head tls_session_ticket_keys;
 	/** TLS ciphers */
 	char* tls_ciphers;
 	/** TLS chiphersuites (TLSv1.3) */

util/configparser.c

@@ -3292,7 +3292,7 @@ yyreduce:
 #line 840 "./util/configparser.y" /* yacc.c:1646  */
     {
 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", (yyvsp[0].str)));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_session_ticket_keys,
+		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
 			(yyvsp[0].str)))
 			yyerror("out of memory");
 	}

util/configparser.y

@@ -839,7 +839,7 @@ server_tls_ciphersuites: VAR_TLS_CIPHERSUITES STRING_ARG
 server_tls_session_ticket_keys: VAR_TLS_SESSION_TICKET_KEYS STRING_ARG
 	{
 		OUTYY(("P(server_tls_session_ticket_keys:%s)\n", $2));
-		if(!cfg_strlist_insert(&cfg_parser->cfg->tls_session_ticket_keys,
+		if(!cfg_strlist_append(&cfg_parser->cfg->tls_session_ticket_keys,
 			$2))
 			yyerror("out of memory");
 	}