cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

stubby: add support for tls_port resolver config option (#8889)

Browse Source 
Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
This commit is contained in:
Jonathan G. Underwood
2019-05-10 20:22:12 +01:00
parent 5415cc7b29
commit eec23a91b3
3 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/stubby/files/README.md
+5
View File
@@ -385,6 +385,11 @@ IPv6 address.
This option specifies the upstream domain name used for TLS authentication with This option specifies the upstream domain name used for TLS authentication with
the supplied server certificate the supplied server certificate
#### `option tls_port`
This option specifies the TLS port for the upstream resolver. If not specified,
this defaults to 853.
#### `list spki` #### `list spki`
This list specifies the SPKI pinset which is verified against the keys in the This list specifies the SPKI pinset which is verified against the keys in the
net/stubby/files/stubby.conf
+4
View File
@@ -24,19 +24,23 @@ config stubby 'global'
config resolver config resolver
option address '2606:4700:4700::1111' option address '2606:4700:4700::1111'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '2606:4700:4700::1001' option address '2606:4700:4700::1001'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '1.1.1.1' option address '1.1.1.1'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '1.0.0.1' option address '1.0.0.1'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
net/stubby/files/stubby.init
+5
View File
@@ -122,6 +122,7 @@ generate_config()
local config=$1 local config=$1
local address local address
local tls_auth_name local tls_auth_name
local tls_port
local tls_pubkey_pinset_section=0 local tls_pubkey_pinset_section=0
if [ "$upstream_recursive_servers_section" = 0 ]; then if [ "$upstream_recursive_servers_section" = 0 ]; then
@@ -130,8 +131,12 @@ generate_config()
fi fi
config_get address "$config" address config_get address "$config" address
config_get tls_auth_name "$config" tls_auth_name config_get tls_auth_name "$config" tls_auth_name
config_get tls_auth_port "$config" tls_port ""
echo " - address_data: $address" >> "$config_file" echo " - address_data: $address" >> "$config_file"
echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file" echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
if [ -n "$tls_port" ]; then
echo " tls_port: $tls_port" >> "$config_file"
fi
handle_resolver_spki() handle_resolver_spki()
{ {