Is cert-bundle loaded and kept before chroot?
Wouter Wijngaards
wouter at nlnetlabs.nl
Tue Oct 27 08:03:20 UTC 2020
Hi Eric,
On 27/10/2020 03:06, Eric Luehrsen via Unbound-users wrote:
> Just for clarity, I want to ask if Unbound loads the cert-bundle once
> before chroot? Or, is it reread or polled for updates? Is the current
> implementation the desired behavior? The documentation does not say what
> is done, or what the design intent should be:
It is read before permission drop and chroot. The cert bundle is read
once at start up of the server.
Also adjusted the man page,
https://github.com/NLnetLabs/unbound/commit/d104727c911cc6147bdec458831c606ecc853da6
Best regards, Wouter
> tls-cert-bundle: <file>
> If null or "", no file is used. Set it to the
> certificate bundle file, for example
> "/etc/pki/tls/certs/ca-bundle.crt". These certificates
> are used for authenticating connections made to
> outside peers. For example auth-zone urls, and also
> DNS over TLS connections.
>
> Thank You
> Eric
More information about the Unbound-users
mailing list