diff options
| author | des <des@FreeBSD.org> | 2015-01-05 14:55:52 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2015-01-05 14:55:52 +0000 |
| commit | bb89a5dd46465ec3bcf4ab8f158c959b3bb7a75c (patch) | |
| tree | 3b39302660451fc317bd1ffae0cd574e24c2dbdb /util/config_file.h | |
| parent | 66adf32aa226b0a370ce7df84ac814cbc72ae63b (diff) | |
| download | FreeBSD-src-bb89a5dd46465ec3bcf4ab8f158c959b3bb7a75c.zip FreeBSD-src-bb89a5dd46465ec3bcf4ab8f158c959b3bb7a75c.tar.gz | |
Add support for using a local socket for the remote control connection
by specifying uts path instead of (or in addition to) an IP address as
an argument to the control-interface configuration variable.
Add support for unencrypted and unauthenticated control connections
through a new configuration variable, control-use-cert. To avoid the
complexity of supporting both SSL socket and plain socket descriptors
in the same code, we just use an unencrypted SSL context and forego
authentication. The downside is that we still have to perform DH kex
when establishing the connection.
This patch was derived (with significant modifications) from the
contrib/unbound_unixsock.diff patch originally submitted by Ilya
Bakulin of Genua mbH.
Diffstat (limited to 'util/config_file.h')
| -rw-r--r-- | util/config_file.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/util/config_file.h b/util/config_file.h index 49ffbdd..fd35d78 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -192,6 +192,8 @@ struct config_file { char* chrootdir; /** username to change to, if not "". */ char* username; + uid_t uid; + gid_t gid; /** working directory */ char* directory; /** filename to log to. */ @@ -282,6 +284,8 @@ struct config_file { struct config_strlist* control_ifs; /** port number for the control port */ int control_port; + /** use certificates for remote control */ + int remote_control_use_cert; /** private key file for server */ char* server_key_file; /** certificate file for server */ |
