[Unbound-users] [PATCH] support for remote control over local sockets
wouter at nlnetlabs.nl
Tue Jan 6 13:28:41 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 05/01/15 16:37, Dag-Erling Smørgrav wrote:
> (sounds like an oxymoron, but by "local socket" I mean AF_LOCAL,
> which is the correct name for AF_UNIX.)
> I just committed a heavily modified version of Ilya Bakulin's
> patch (contrib/unbound_unixsock.diff) to FreeBSD 11. I have
> attached a version of the patch relative to Unbound 1.5.1. It also
> applies cleanly to trunk at 3302, but I have not tested the result.
Thank you for the patch, it looks very good, and I'll put its
inclusion on todo (I need a bit more time to spend on looking it over).
> Here is a summary:
> Add support for using a local socket for the remote control
> connection by specifying its path instead of (or in addition to) an
> IP address as an argument to the control-interface configuration
> Add support for unencrypted and unauthenticated control
> connections through a new configuration variable, control-use-cert.
> To avoid the complexity of supporting both SSL socket and plain
> socket descriptors in the same code, we just use an unencrypted SSL
> context and forego authentication. The downside is that we still
> have to perform DH kex when establishing the connection.
> This patch was derived (with significant modifications) from the
> contrib/unbound_unixsock.diff patch originally submitted by Ilya
> Bakulin of Genua mbH.
> Note that my patch does not update generated files, so remember to
> run autoreconf and regenerate the configuration parser and lexer.
> Genua have already released Ilya's part of the patch under the BSD
> license. I release my version under the same license.
> _______________________________________________ Unbound-users
> mailing list Unbound-users at unbound.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Unbound-users