}
#if defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS)
-static bool loadTLSCertificateAndKeys(const std::string& context, std::vector<TLSCertKeyPair>& pairs, boost::variant<std::string, std::shared_ptr<TLSCertKeyPair>, std::vector<std::pair<int, std::string>>, std::vector<std::pair<int, std::shared_ptr<TLSCertKeyPair>>>> certFiles, boost::variant<std::string, std::vector<std::pair<int, std::string>>> keyFiles, std::optional<std::string> password = std::nullopt)
+static bool loadTLSCertificateAndKeys(const std::string& context, std::vector<TLSCertKeyPair>& pairs, boost::variant<std::string, std::shared_ptr<TLSCertKeyPair>, std::vector<std::pair<int, std::string>>, std::vector<std::pair<int, std::shared_ptr<TLSCertKeyPair>>>> certFiles, boost::variant<std::string, std::vector<std::pair<int, std::string>>> keyFiles)
{
if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) {
auto certFile = boost::get<std::string>(certFiles);
auto keyFile = boost::get<std::string>(keyFiles);
pairs.clear();
- pairs.emplace_back(certFile, keyFile, password);
+ pairs.emplace_back(certFile, keyFile);
}
else if (certFiles.type() == typeid(std::shared_ptr<TLSCertKeyPair>)) {
auto cert = boost::get<std::shared_ptr<TLSCertKeyPair>>(certFiles);
if (certFilesVect.size() == keyFilesVect.size()) {
pairs.clear();
for (size_t idx = 0; idx < certFilesVect.size(); idx++) {
- pairs.emplace_back(certFilesVect.at(idx).second, keyFilesVect.at(idx).second, password);
+ pairs.emplace_back(certFilesVect.at(idx).second, keyFilesVect.at(idx).second);
}
}
else {
``enableRenegotiation``, ``exactPathMatching``, ``maxConcurrentTCPConnections`` and ``releaseBuffers`` options added.
``internalPipeBufferSize`` now defaults to 1048576 on Linux.
- .. versionchanged:: 1.x.0
+ .. versionchanged:: 1.8.0
``certFile`` now accepts a TLSCertificate object or a list of such objects (see :func:`newTLSCertificate`)
Listen on the specified address and TCP port for incoming DNS over HTTPS connections, presenting the specified X.509 certificate.
.. versionadded:: 1.8.0
- Creates a TLSCertificate object suited to be used with functions like :func:`addDOHLocal` and :func:`addTLSLocal` for TLS certificate configuration
+ Creates a TLSCertificate object suited to be used with functions like :func:`addDOHLocal` and :func:`addTLSLocal` for TLS certificate configuration.
+
+ PKCS12 files are only supported by the ``openssl`` provider, password-protected or not.
- :param string pathToCert: Path to a file containing the certificate or a PCKS12 file containing both certificate and the key
+ :param string pathToCert: Path to a file containing the certificate or a PCKS12 file containing both a certificate and a key.
:param table options: A table with key: value pairs with additional options.
Options:
.. code-block:: lua
- newTLSCertificate("path/to/pub.crt", {key="pat/to/private.pem"})
+ newTLSCertificate("path/to/pub.crt", {key="path/to/private.pem"})
newTLSCertificate("path/to/domain.p12", {password="passphrase"}) -- use a password protected PCKS12 file
DOHFrontend
.. versionadded:: 1.6.1
- .. versionchanged:: 1.x.0
+ .. versionchanged:: 1.8.0
``certFile`` now accepts a TLSCertificate object or a list of such objects (see :func:`newTLSCertificate`)
:param str certFile(s): The path to a X.509 certificate file in PEM format, a list of paths to such files, or a TLSCertificate object.
projects / thirdparty / pdns.git / commitdiff
