>> Further, why is it necessary to explicitly set the tls-cert-bundle? >> I guess there is a reason as Bind9 also requires to manually set the >> ca-file for mutual TLS and client verification. I just don’t >> understand why.
> different OS flavors have different places for a "default set of certs > trusted by the os vendor" (CA/B truststor) > I think, for that reason, it's nessesary to be explicit in nsd.conf The confusing thing is, that for "strict TLS" there is no need to configure 'tls-cert-bundle' and the OS installed CAs are used for validation. Only for mutual TLS it is mandatory to configure 'tls-cert-bundle', for which I do not see any reason. regards Klaus
_______________________________________________ nsd-users mailing list nsd-users@lists.nlnetlabs.nl https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
