upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-23 16:20:26 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- noted feature requests in doc/TODO.

Browse source 
- printout more detailed errors on ssl certificate loading failures.



git-svn-id: file:///svn/unbound/trunk@1445 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2009-02-03 09:55:35 +00:00
parent 7ac31bc1d5
commit d1e812a4af
3 changed files with 34 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
daemon/remote.c
View file

@ -170,10 +170,21 @@ daemon_remote_create(struct worker* worker)
s_key += strlen(cfg->chrootdir); s_key += strlen(cfg->chrootdir);
} }
verbose(VERB_ALGO, "setup SSL certificates"); verbose(VERB_ALGO, "setup SSL certificates");
if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM) if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) {
|| !SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM) log_err("Error for server-cert-file: %s", s_cert);
|| !SSL_CTX_check_private_key(rc->ctx)) { log_crypto_err("Error in SSL_CTX use_certificate_file");
log_crypto_err("Error setting up SSL_CTX key and cert"); daemon_remote_delete(rc);
return NULL;
}
if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) {
log_err("Error for server-key-file: %s", s_key);
log_crypto_err("Error in SSL_CTX use_PrivateKey_file");
daemon_remote_delete(rc);
return NULL;
}
if(!SSL_CTX_check_private_key(rc->ctx)) {
log_err("Error for server-key-file: %s", s_key);
log_crypto_err("Error in SSL_CTX check_private_key");
daemon_remote_delete(rc); daemon_remote_delete(rc);
return NULL; return NULL;
} }

4
doc/Changelog
View file

@ -1,3 +1,7 @@
3 February 2009: Wouter
- noted feature requests in doc/TODO.
- printout more detailed errors on ssl certificate loading failures.
16 January 2009: Wouter 16 January 2009: Wouter
- more quiet about ipv6 network failures, i.e. when ipv6 is not - more quiet about ipv6 network failures, i.e. when ipv6 is not
available (network unreachable). Debug still printed on high available (network unreachable). Debug still printed on high

16
doc/TODO
View file

@ -56,8 +56,22 @@ o on windows version, implement that OS ancillary data capabilities for
interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg. interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
o local-zone directive with authority service, full authority server o local-zone directive with authority service, full authority server
is a non-goal. is a non-goal.
o configure option to force use of builtin ldns tarball. o configure option to force use of builtin ldns tarball.
o include /etc/pki/dnssec-keys/production/*.conf with wildcard support.
o make so revoke bit keys cannot verify signatures o make so revoke bit keys cannot verify signatures
o option to print UTC timestamps instead of epoch in seconds. o option to print UTC timestamps instead of epoch in seconds.
o print querier IP address on high loglevels. o print querier IP address on high loglevels.
o infra and lame cache: easier size config (in Mb), show usage in graphs.
o #226: unbound_control dump_requestlist
o #227: unbound_control flush_stats
o unbound_control get_stats_noreset
o unbound_control forward [addr {addr}] | [off]
o #231: unbound_checkconf options to output config file data.
o config entry to denote that a zone is to be treated as unsigned (even if
a DS exists to higher trust anchor).
o see if we can use daemon(3), cleaner posix usage.
o see if we can include the python bindings (contrib).
o see if we can suport var:value (nospace) by parser.
o remote control read ssl information while priviledged.
o call initgroups(3) to drop secondary group permissions.