-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Dag-Erling,
On 05/01/15 16:37, Dag-Erling Smørgrav wrote: > (sounds like an oxymoron, but by "local socket" I mean AF_LOCAL, > which is the correct name for AF_UNIX.) > > I just committed a heavily modified version of Ilya Bakulin's > patch (contrib/unbound_unixsock.diff) to FreeBSD 11. I have > attached a version of the patch relative to Unbound 1.5.1. It also > applies cleanly to trunk@3302, but I have not tested the result. Thank you for the patch, it looks very good, and I'll put its inclusion on todo (I need a bit more time to spend on looking it over). Best regards, Wouter > Here is a summary: > > Add support for using a local socket for the remote control > connection by specifying its path instead of (or in addition to) an > IP address as an argument to the control-interface configuration > variable. > > Add support for unencrypted and unauthenticated control > connections through a new configuration variable, control-use-cert. > To avoid the complexity of supporting both SSL socket and plain > socket descriptors in the same code, we just use an unencrypted SSL > context and forego authentication. The downside is that we still > have to perform DH kex when establishing the connection. > > This patch was derived (with significant modifications) from the > contrib/unbound_unixsock.diff patch originally submitted by Ilya > Bakulin of Genua mbH. > > Note that my patch does not update generated files, so remember to > run autoreconf and regenerate the configuration parser and lexer. > > Genua have already released Ilya's part of the patch under the BSD > license. I release my version under the same license. > > DES > > > > _______________________________________________ Unbound-users > mailing list [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJUq+MJAAoJEJ9vHC1+BF+NjbQP/1vsHPb6FFOlTfq/fKrPgiLz NzdQd7F+ZGi/lRyrt+YD/VuiHG0Sx9pltJBolH6PxTA3WNcNtE4yKYMByiLeuJoB coJJHZelN6hD+0l4I0joY7E1WPA4wcrEHH0x9uYYIkunsdTzUYIOz+sQEx/E6GLp nYisFHNPrQwyrkbTH9PyB3vqUyukg1hjbvqWSZxApD/FdsT38xyrvt8H52UIMdYo QvNPLdpccfsRWzAvrMY9vDi7QXshDLEO5bKzw2iRTkztjmk/O+Fx05JdR3/blgz1 ft7bqGp3LrRimYHn8yKAur3D112jYQZ4zTaZrqeXO2QufrLuKGs0lySv4tcSuxH7 N6htw/DSWAYeX/ru6TyJwMEvPOJ7uk/JXadE7Dz1CdxfuYPxu5TEybkCRyotsZfQ zBsHd2VgMZIAzPWt3NtexK15wrbu3RWme7m3j8eAdQ/XGaC1zvQLNIf7NpPoE00b hBo4xdovTTmeJ7yPvDTzmgaqtQasrYi3pi0CglS1Yg16GUEjS1d+RegGSA5T54pe rOcBF1be0PjhJ+zHyqTk3Gh5XxmloS4dhLNyO6q5dLy3DEfVfjBFmesEF4pxHvaw /KwNea/pkZZXPbdqHUqm2Ovt0t/9nmUC1VwdPRIRx5gfI96Dtd8bogwbFrdu/I6j hFCvkQSHJ3/TC7e627zw =QuqL -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
