From b926ef24286fd57d76c5d3e65c1fc05e3e005857 Mon Sep 17 00:00:00 2001 From: sthen Date: Wed, 23 Feb 2022 12:12:11 +0000 Subject: [PATCH] merge upstream commit to unbound: "Fix that TCP interface does not use TLS when TLS is also configured" --- usr.sbin/unbound/doc/Changelog | 3 +++ usr.sbin/unbound/services/listen_dnsport.c | 19 +++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/usr.sbin/unbound/doc/Changelog b/usr.sbin/unbound/doc/Changelog index 8af7d3f888a..46265869d46 100644 --- a/usr.sbin/unbound/doc/Changelog +++ b/usr.sbin/unbound/doc/Changelog @@ -1,3 +1,6 @@ +7 February 2022: Wouter + - Fix that TCP interface does not use TLS when TLS is also configured. + 3 February 2022: Wouter - Fix for #611: Integer overflow in sldns_wire2str_pkt_scan. diff --git a/usr.sbin/unbound/services/listen_dnsport.c b/usr.sbin/unbound/services/listen_dnsport.c index 983b96f09ee..d6a90f1e68d 100644 --- a/usr.sbin/unbound/services/listen_dnsport.c +++ b/usr.sbin/unbound/services/listen_dnsport.c @@ -1369,17 +1369,17 @@ listen_create(struct comm_base* base, struct listen_port* ports, while(ports) { struct comm_point* cp = NULL; if(ports->ftype == listen_type_udp || - ports->ftype == listen_type_udp_dnscrypt) + ports->ftype == listen_type_udp_dnscrypt) { cp = comm_point_create_udp(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); - else if(ports->ftype == listen_type_tcp || - ports->ftype == listen_type_tcp_dnscrypt) + } else if(ports->ftype == listen_type_tcp || + ports->ftype == listen_type_tcp_dnscrypt) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, ports->ftype, cb, cb_arg, ports->socket); - else if(ports->ftype == listen_type_ssl || + } else if(ports->ftype == listen_type_ssl || ports->ftype == listen_type_http) { cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, @@ -1410,15 +1410,22 @@ listen_create(struct comm_base* base, struct listen_port* ports, #endif } } else if(ports->ftype == listen_type_udpancil || - ports->ftype == listen_type_udpancil_dnscrypt) + ports->ftype == listen_type_udpancil_dnscrypt) { cp = comm_point_create_udp_ancil(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); + } if(!cp) { log_err("can't create commpoint"); listen_delete(front); return NULL; } - if(http_notls && ports->ftype == listen_type_http) + if((http_notls && ports->ftype == listen_type_http) || + (ports->ftype == listen_type_tcp) || + (ports->ftype == listen_type_udp) || + (ports->ftype == listen_type_udpancil) || + (ports->ftype == listen_type_tcp_dnscrypt) || + (ports->ftype == listen_type_udp_dnscrypt) || + (ports->ftype == listen_type_udpancil_dnscrypt)) cp->ssl = NULL; else cp->ssl = sslctx; -- 2.20.1