Is cert-bundle loaded and kept before chroot?

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Oct 27 08:03:20 UTC 2020


Hi Eric,

On 27/10/2020 03:06, Eric Luehrsen via Unbound-users wrote:
> Just for clarity, I want to ask if Unbound loads the cert-bundle once
> before chroot? Or, is it reread or polled for updates? Is the current
> implementation the desired behavior? The documentation does not say what
> is done, or what the design intent should be:

It is read before permission drop and chroot.  The cert bundle is read
once at start up of the server.

Also adjusted the man page,
https://github.com/NLnetLabs/unbound/commit/d104727c911cc6147bdec458831c606ecc853da6

Best regards, Wouter

>     tls-cert-bundle: <file>
>         If  null or "", no file is used. Set it to the
>         certificate bundle file, for example
>         "/etc/pki/tls/certs/ca-bundle.crt". These certificates
>         are  used  for  authenticating connections made to
>         outside peers.  For example auth-zone urls, and  also
>         DNS  over TLS connections.
> 
> Thank You
> Eric


More information about the Unbound-users mailing list