summaryrefslogtreecommitdiffstats
path: root/contrib/unbound/smallapp
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/smallapp')
-rw-r--r--contrib/unbound/smallapp/unbound-anchor.c18
-rw-r--r--contrib/unbound/smallapp/unbound-checkconf.c4
-rwxr-xr-xcontrib/unbound/smallapp/unbound-control-setup.sh38
-rwxr-xr-xcontrib/unbound/smallapp/unbound-control-setup.sh.in38
-rw-r--r--contrib/unbound/smallapp/unbound-control.c9
5 files changed, 63 insertions, 44 deletions
diff --git a/contrib/unbound/smallapp/unbound-anchor.c b/contrib/unbound/smallapp/unbound-anchor.c
index 92bfa84..81bb896 100644
--- a/contrib/unbound/smallapp/unbound-anchor.c
+++ b/contrib/unbound/smallapp/unbound-anchor.c
@@ -95,7 +95,7 @@
* signed yet; avoids attacks on system clock). The
* last-successful-RFC5011-probe (if available) has to be more than 30 days
* in the past (otherwise, RFC5011 should have worked). This keeps
- * unneccesary https traffic down. If the main certificate is expired, it
+ * unnecessary https traffic down. If the main certificate is expired, it
* fails.
*
* The dates on the keys in the xml are checked (uses the libexpat xml
@@ -1520,7 +1520,11 @@ xml_entitydeclhandler(void *userData,
const XML_Char *ATTR_UNUSED(publicId),
const XML_Char *ATTR_UNUSED(notationName))
{
+#if HAVE_DECL_XML_STOPPARSER
(void)XML_StopParser((XML_Parser)userData, XML_FALSE);
+#else
+ (void)userData;
+#endif
}
/**
@@ -1828,6 +1832,12 @@ write_unsigned_root(const char* root_anchor_file)
root_anchor_file);
if(verb && errno != 0) printf("%s\n", strerror(errno));
}
+ fflush(out);
+#ifdef HAVE_FSYNC
+ fsync(fileno(out));
+#else
+ FlushFileBuffers((HANDLE)_fileno(out));
+#endif
fclose(out);
}
@@ -1854,6 +1864,12 @@ write_root_anchor(const char* root_anchor_file, BIO* ds)
root_anchor_file);
if(verb && errno != 0) printf("%s\n", strerror(errno));
}
+ fflush(out);
+#ifdef HAVE_FSYNC
+ fsync(fileno(out));
+#else
+ FlushFileBuffers((HANDLE)_fileno(out));
+#endif
fclose(out);
}
diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c
index 0524ede..ec07713 100644
--- a/contrib/unbound/smallapp/unbound-checkconf.c
+++ b/contrib/unbound/smallapp/unbound-checkconf.c
@@ -335,7 +335,9 @@ morechecks(struct config_file* cfg, const char* fname)
if(cfg->edns_buffer_size > cfg->msg_buffer_size)
fatal_exit("edns-buffer-size larger than msg-buffer-size, "
"answers will not fit in processing buffer");
-
+#ifdef UB_ON_WINDOWS
+ w_config_adjust_directory(cfg);
+#endif
if(cfg->chrootdir && cfg->chrootdir[0] &&
cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/')
fatal_exit("chootdir %s has trailing slash '/' please remove.",
diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh b/contrib/unbound/smallapp/unbound-control-setup.sh
index 816b4f5..28690b3 100755
--- a/contrib/unbound/smallapp/unbound-control-setup.sh
+++ b/contrib/unbound/smallapp/unbound-control-setup.sh
@@ -107,16 +107,15 @@ else
fi
# create self-signed cert for server
-cat >request.cfg <<EOF
-[req]
-default_bits=$BITS
-default_md=$HASH
-prompt=no
-distinguished_name=req_distinguished_name
-
-[req_distinguished_name]
-commonName=$SERVERNAME
-EOF
+echo "[req]\n" > request.cfg
+echo "default_bits=$BITS\n" >> request.cfg
+echo "default_md=$HASH\n" >> request.cfg
+echo "prompt=no\n" >> request.cfg
+echo "distinguished_name=req_distinguished_name\n" >> request.cfg
+echo "\n" >> request.cfg
+echo "[req_distinguished_name]\n" >> request.cfg
+echo "commonName=$SERVERNAME\n" >> request.cfg
+
test -f request.cfg || error "could not create request.cfg"
echo "create $SVR_BASE.pem (self signed certificate)"
@@ -125,16 +124,15 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out
openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
# create client request and sign it, piped
-cat >request.cfg <<EOF
-[req]
-default_bits=$BITS
-default_md=$HASH
-prompt=no
-distinguished_name=req_distinguished_name
-
-[req_distinguished_name]
-commonName=$CLIENTNAME
-EOF
+echo "[req]\n" > request.cfg
+echo "default_bits=$BITS\n" >> request.cfg
+echo "default_md=$HASH\n" >> request.cfg
+echo "prompt=no\n" >> request.cfg
+echo "distinguished_name=req_distinguished_name\n" >> request.cfg
+echo "\n" >> request.cfg
+echo "[req_distinguished_name]\n" >> request.cfg
+echo "commonName=$CLIENTNAME" >> request.cfg
+
test -f request.cfg || error "could not create request.cfg"
echo "create $CTL_BASE.pem (signed client certificate)"
diff --git a/contrib/unbound/smallapp/unbound-control-setup.sh.in b/contrib/unbound/smallapp/unbound-control-setup.sh.in
index 682ab26..f99d7bc 100755
--- a/contrib/unbound/smallapp/unbound-control-setup.sh.in
+++ b/contrib/unbound/smallapp/unbound-control-setup.sh.in
@@ -107,16 +107,15 @@ else
fi
# create self-signed cert for server
-cat >request.cfg <<EOF
-[req]
-default_bits=$BITS
-default_md=$HASH
-prompt=no
-distinguished_name=req_distinguished_name
-
-[req_distinguished_name]
-commonName=$SERVERNAME
-EOF
+echo "[req]\n" > request.cfg
+echo "default_bits=$BITS\n" >> request.cfg
+echo "default_md=$HASH\n" >> request.cfg
+echo "prompt=no\n" >> request.cfg
+echo "distinguished_name=req_distinguished_name\n" >> request.cfg
+echo "\n" >> request.cfg
+echo "[req_distinguished_name]\n" >> request.cfg
+echo "commonName=$SERVERNAME\n" >> request.cfg
+
test -f request.cfg || error "could not create request.cfg"
echo "create $SVR_BASE.pem (self signed certificate)"
@@ -125,16 +124,15 @@ openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out
openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
# create client request and sign it, piped
-cat >request.cfg <<EOF
-[req]
-default_bits=$BITS
-default_md=$HASH
-prompt=no
-distinguished_name=req_distinguished_name
-
-[req_distinguished_name]
-commonName=$CLIENTNAME
-EOF
+echo "[req]\n" > request.cfg
+echo "default_bits=$BITS\n" >> request.cfg
+echo "default_md=$HASH\n" >> request.cfg
+echo "prompt=no\n" >> request.cfg
+echo "distinguished_name=req_distinguished_name\n" >> request.cfg
+echo "\n" >> request.cfg
+echo "[req_distinguished_name]\n" >> request.cfg
+echo "commonName=$CLIENTNAME" >> request.cfg
+
test -f request.cfg || error "could not create request.cfg"
echo "create $CTL_BASE.pem (signed client certificate)"
diff --git a/contrib/unbound/smallapp/unbound-control.c b/contrib/unbound/smallapp/unbound-control.c
index 571b4d0..fac73b0 100644
--- a/contrib/unbound/smallapp/unbound-control.c
+++ b/contrib/unbound/smallapp/unbound-control.c
@@ -156,10 +156,12 @@ setup_ctx(struct config_file* cfg)
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
+ if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
+ != SSL_OP_NO_SSLv2)
ssl_err("could not set SSL_OP_NO_SSLv2");
if(cfg->remote_control_use_cert) {
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
+ if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
+ != SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
@@ -361,6 +363,9 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
fatal_exit("could not read config file");
if(!cfg->remote_control_enable)
log_warn("control-enable is 'no' in the config file.");
+#ifdef UB_ON_WINDOWS
+ w_config_adjust_directory(cfg);
+#endif
ctx = setup_ctx(cfg);
/* contact server */
OpenPOWER on IntegriCloud