diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2022-02-23 12:12:12 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2022-02-23 12:12:12 +0000 |
| commit | 58b93efdd189c711ef9f569b519449cf3d2ac36f (patch) | |
| tree | 6eab28fce5426af7b2d75d47a7ca10a1b87af51a /usr.sbin | |
| parent | 508ff57951cf071165c7020370a73f2b400c15e2 (diff) | |
merge upstream commit to unbound: "Fix that TCP interface does not use
TLS when TLS is also configured"
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/unbound/doc/Changelog | 3 | ||||
| -rw-r--r-- | usr.sbin/unbound/services/listen_dnsport.c | 19 |
2 files changed, 16 insertions, 6 deletions
diff --git a/usr.sbin/unbound/doc/Changelog b/usr.sbin/unbound/doc/Changelog index 8af7d3f888a..46265869d46 100644 --- a/usr.sbin/unbound/doc/Changelog +++ b/usr.sbin/unbound/doc/Changelog @@ -1,3 +1,6 @@ +7 February 2022: Wouter + - Fix that TCP interface does not use TLS when TLS is also configured. + 3 February 2022: Wouter - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan. diff --git a/usr.sbin/unbound/services/listen_dnsport.c b/usr.sbin/unbound/services/listen_dnsport.c index 983b96f09ee..d6a90f1e68d 100644 --- a/usr.sbin/unbound/services/listen_dnsport.c +++ b/usr.sbin/unbound/services/listen_dnsport.c @@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, struct listen_port* ports, while(ports) { struct comm_point* cp = NULL; if(ports->ftype == listen_type_udp || - ports->ftype == listen_type_udp_dnscrypt) + ports->ftype == listen_type_udp_dnscrypt) { cp = comm_point_create_udp(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); - else if(ports->ftype == listen_type_tcp || - ports->ftype == listen_type_tcp_dnscrypt) + } else if(ports->ftype == listen_type_tcp || + ports->ftype == listen_type_tcp_dnscrypt) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, ports->ftype, cb, cb_arg, ports->socket); - else if(ports->ftype == listen_type_ssl || + } else if(ports->ftype == listen_type_ssl || ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, @@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, struct listen_port* ports, #endif } } else if(ports->ftype == listen_type_udpancil || - ports->ftype == listen_type_udpancil_dnscrypt) + ports->ftype == listen_type_udpancil_dnscrypt) { cp = comm_point_create_udp_ancil(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); + } if(!cp) { log_err("can't create commpoint"); listen_delete(front); return NULL; } - if(http_notls && ports->ftype == listen_type_http) + if((http_notls && ports->ftype == listen_type_http) || + (ports->ftype == listen_type_tcp) || + (ports->ftype == listen_type_udp) || + (ports->ftype == listen_type_udpancil) || + (ports->ftype == listen_type_tcp_dnscrypt) || + (ports->ftype == listen_type_udp_dnscrypt) || + (ports->ftype == listen_type_udpancil_dnscrypt)) cp->ssl = NULL; else cp->ssl = sslctx; |