- noted feature requests in doc/TODO.

- printout more detailed errors on ssl certificate loading failures.

git-svn-id: file:///svn/unbound/trunk@1445 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/remote.c b/daemon/remote.c
index 587d7965f69590581f7f929a011292a76f1ef35e..2b39eead065d14e7990e1e26a2747f47739a9b1d 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -170,10 +170,21 @@ daemon_remote_create(struct worker* worker)
                        s_key += strlen(cfg->chrootdir);
        }
        verbose(VERB_ALGO, "setup SSL certificates");
-       if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)
-               || !SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)
-               || !SSL_CTX_check_private_key(rc->ctx)) {
-               log_crypto_err("Error setting up SSL_CTX key and cert");
+       if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) {
+               log_err("Error for server-cert-file: %s", s_cert);
+               log_crypto_err("Error in SSL_CTX use_certificate_file");
+               daemon_remote_delete(rc);
+               return NULL;
+       }
+       if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) {
+               log_err("Error for server-key-file: %s", s_key);
+               log_crypto_err("Error in SSL_CTX use_PrivateKey_file");
+               daemon_remote_delete(rc);
+               return NULL;
+       }
+       if(!SSL_CTX_check_private_key(rc->ctx)) {
+               log_err("Error for server-key-file: %s", s_key);
+               log_crypto_err("Error in SSL_CTX check_private_key");
                daemon_remote_delete(rc);
                return NULL;
        }

diff --git a/doc/Changelog b/doc/Changelog
index cc1342136e6e3d19e4a7ba2a41d2c9bb488f7bb0..ef1b65610e9dd970fdd2e7144de5b0809730a1c1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+3 February 2009: Wouter
+       - noted feature requests in doc/TODO.
+       - printout more detailed errors on ssl certificate loading failures.
+
 16 January 2009: Wouter
        - more quiet about ipv6 network failures, i.e. when ipv6 is not
          available (network unreachable). Debug still printed on high

diff --git a/doc/TODO b/doc/TODO
index c2d9960d10df90c89ae3616fe25026c38e5497f1..58bbe3ebae33a29d7b403bd034139ca461936def 100644 (file)
--- a/doc/TODO
+++ b/doc/TODO
@@ -56,8 +56,22 @@ o on windows version, implement that OS ancillary data capabilities for
   interface-automatic. IPPKTINFO, IP6PKTINFO for WSARecvMsg, WSASendMsg.
 o local-zone directive with authority service, full authority server 
   is a non-goal.
+ 
 o configure option to force use of builtin ldns tarball.
-o include /etc/pki/dnssec-keys/production/*.conf with wildcard support.
 o make so revoke bit keys cannot verify signatures
 o option to print UTC timestamps instead of epoch in seconds.
 o print querier IP address on high loglevels.
+
+o infra and lame cache: easier size config (in Mb), show usage in graphs.
+o #226: unbound_control dump_requestlist
+o #227: unbound_control flush_stats
+o unbound_control get_stats_noreset
+o unbound_control forward [addr {addr}] | [off]
+o #231: unbound_checkconf options to output config file data.
+o config entry to denote that a zone is to be treated as unsigned (even if 
+  a DS exists to higher trust anchor).
+o see if we can use daemon(3), cleaner posix usage.
+o see if we can include the python bindings (contrib).
+o see if we can suport var:value (nospace) by parser.
+o remote control read ssl information while priviledged.
+o call initgroups(3) to drop secondary group permissions.