}
});
+ luaCtx.registerFunction<void(std::shared_ptr<DOHFrontend>::*)(boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles)>("loadNewCertificatesAndKeys", [](std::shared_ptr<DOHFrontend> frontend, boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std\
+::vector<std::pair<int,std::string>>> keyFiles) {
+#ifdef HAVE_DNS_OVER_HTTPS
+ if (frontend != nullptr) {
+ if (loadTLSCertificateAndKeys("DOHFrontend::loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) {
+ frontend->reloadCertificates();
+ }
+ }
+#endif
+ });
+
luaCtx.registerFunction<void(std::shared_ptr<DOHFrontend>::*)()>("rotateTicketsKey", [](std::shared_ptr<DOHFrontend> frontend) {
if (frontend != nullptr) {
frontend->rotateTicketsKey(time(nullptr));
luaCtx.registerFunction<void(std::shared_ptr<TLSFrontend>::*)(boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles)>("loadNewCertificatesAndKeys", [](std::shared_ptr<TLSFrontend>& frontend, boost::variant<std::string, std::vector<std::pair<int,std::string>>> certFiles, boost::variant<std::string, std::vector<std::pair<int,std::string>>> keyFiles) {
#ifdef HAVE_DNS_OVER_TLS
- if (loadTLSCertificateAndKeys("loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) {
+ if (loadTLSCertificateAndKeys("TLSFrontend::loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) {
frontend->setupTLS();
}
#endif
This object represents an address and port dnsdist is listening on for DNS over HTTPS queries.
+ .. method:: DOHFrontend:loadNewCertificatesAndKeys(certFile(s), keyFile(s))
+
+ .. versionadded:: 1.7.0
+
+ Create and switch to a new TLS context using the same options than were passed to the corresponding `addDOHLocal()` directive, but loading new certificates and keys from the selected files, replacing the existing ones.
+
+ :param str certFile(s): The path to a X.509 certificate file in PEM format, or a list of paths to such files.
+ :param str keyFile(s): The path to the private key file corresponding to the certificate, or a list of paths to such files, whose order should match the certFile(s) ones.
+
.. method:: DOHFrontend:loadTicketsKeys(ticketsKeysFile)
Load new tickets keys from the selected file, replacing the existing ones. These keys should be rotated often and never written to persistent storage to preserve forward secrecy. The default is to generate a random key. dnsdist supports several tickets keys to be able to decrypt existing sessions after the rotation.
Create and switch to a new TLS context using the same options than were passed to the corresponding `addTLSLocal()` directive, but loading new certificates and keys from the selected files, replacing the existing ones.
- :param str certFile(s): The path to a X.509 certificate file in PEM format, or a list of paths to such files.
- :param str keyFile(s): The path to the private key file corresponding to the certificate, or a list of paths to such files, whose order should match the certFile(s) ones.
+ :param str certFile(s): The path to a X.509 certificate file in PEM format, or a list of paths to such files.
+ :param str keyFile(s): The path to the private key file corresponding to the certificate, or a list of paths to such files, whose order should match the certFile(s) ones.
.. method:: TLSFrontend:loadTicketsKeys(ticketsKeysFile)
projects / thirdparty / pdns.git / commitdiff
