+/*
+ * This file is part of PowerDNS or dnsdist.
+ * Copyright -- PowerDNS.COM B.V. and its contributors
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of version 2 of the GNU General Public License as
+ * published by the Free Software Foundation.
+ *
+ * In addition, for the avoidance of any doubt, permission is granted to
+ * link this program with OpenSSL and to (re)distribute the binaries
+ * produced as the result of such linking.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
#pragma once
#include "iputils.hh"
#include "libssl.hh"
{
DOHFrontend()
{
- d_rotatingTicketsKey.clear();
}
std::shared_ptr<DOHServerConfig> d_dsc{nullptr};
- std::vector<std::pair<std::string, std::string>> d_certKeyPairs;
- std::vector<std::string> d_ocspFiles;
std::vector<std::shared_ptr<DOHResponseMapEntry>> d_responsesMap;
- std::string d_ciphers;
- std::string d_ciphers13;
+ TLSConfig d_tlsConfig;
+ TLSErrorCounters d_tlsCounters;
std::string d_serverTokens{"h2o/dnsdist"};
- LibsslTLSVersion d_minTLSVersion{LibsslTLSVersion::TLS10};
-#ifdef HAVE_DNS_OVER_HTTPS
- std::unique_ptr<OpenSSLTLSTicketKeysRing> d_ticketKeys{nullptr};
-#endif
std::vector<std::pair<std::string, std::string>> d_customResponseHeaders;
ComboAddress d_local;
uint32_t d_idleTimeout{30}; // HTTP idle timeout in seconds
std::vector<std::string> d_urls;
- std::string d_ticketKeyFile;
-
- time_t d_ticketsKeyRotationDelay{43200};
- size_t d_maxStoredSessions{20480};
- uint8_t d_numberOfTicketsKeys{5};
- bool d_enableTickets{true};
- bool d_preferServerCiphers{false};
std::atomic<uint64_t> d_httpconnects{0}; // number of TCP/IP connections established
std::atomic<uint64_t> d_getqueries{0}; // valid DNS queries received via GET
HTTPVersionStats d_http1Stats;
HTTPVersionStats d_http2Stats;
+ bool d_sendCacheControlHeaders{true};
+ bool d_trustForwardedForHeader{false};
+ time_t getTicketsKeyRotationDelay() const
+ {
+ return d_tlsConfig.d_ticketsKeyRotationDelay;
+ }
#ifndef HAVE_DNS_OVER_HTTPS
void setup()
{
}
-#else
- void setup();
- void reloadCertificates();
-
- void rotateTicketsKey(time_t now);
- void loadTicketsKeys(const std::string& keyFile);
- void handleTicketsKeyRotation();
-
-#endif /* HAVE_DNS_OVER_HTTPS */
-
time_t getNextTicketsKeyRotation() const
{
- return d_ticketsKeyNextRotation;
+ return 0;
}
size_t getTicketsKeysCount() const
{
size_t res = 0;
-#ifdef HAVE_DNS_OVER_HTTPS
- if (d_ticketKeys) {
- res = d_ticketKeys->getKeysCount();
- }
-#endif /* HAVE_DNS_OVER_HTTPS */
return res;
}
-private:
- time_t d_ticketsKeyNextRotation{0};
- std::atomic_flag d_rotatingTicketsKey;
+#else
+ void setup();
+ void reloadCertificates();
+
+ void rotateTicketsKey(time_t now);
+ void loadTicketsKeys(const std::string& keyFile);
+ void handleTicketsKeyRotation();
+ time_t getNextTicketsKeyRotation() const;
+ size_t getTicketsKeysCount() const;
+#endif /* HAVE_DNS_OVER_HTTPS */
};
#ifndef HAVE_DNS_OVER_HTTPS
void release()
{
- --d_refcnt;
- if (d_refcnt == 0) {
+ if (--d_refcnt == 0) {
delete this;
}
}
projects / thirdparty / pdns.git / blobdiff