31 January 2019: Wouter
- Set ub_ctx_set_tls call signature in ltrace config file for
libunbound in contrib/libunbound.so.conf.
+ - improve documentation for tls-service-key.
30 January 2019: Ralph
- Fix case in which query timeout can result in marking delegation
file the last is used.
.TP
.B tls\-service\-key: \fI<file>
-If enabled, the server provides TLS service on its TCP sockets. The clients
-have to use tls\-upstream: yes. The file is the private key for the TLS
-session. The public certificate is in the tls\-service\-pem file. Default
-is "", turned off. Requires a restart (a reload is not enough) if changed,
-because the private key is read while root permissions are held and before
-chroot (if any). Normal DNS TCP service is not provided and gives errors,
-this service is best run with a different \fBport:\fR config or \fI@port\fR
-suffixes in the \fBinterface\fR config.
+If enabled, the server provides TLS service on the TCP ports marked
+implicitly or explicitly for TLS service with tls\-port. The file must
+contain the private key for the TLS session, the public certificate is in
+the tls\-service\-pem file and it must also be specified if tls\-service\-key
+is specified. The default is "", turned off. Enabling or disabling
+this service requires a restart (a reload is not enough), because the
+key is read while root permissions are held and before chroot (if any).
+The ports enabled implicitly or explicitly via \fBtls\-port:\fR do not provide
+normal DNS TCP service.
.TP
.B ssl\-service\-key: \fI<file>
Alternate syntax for \fBtls\-service\-key\fR.
projects / thirdparty / unbound.git / commitdiff
