From 40eb00bf35e6c4b100b7bb564f2131e8cf2929e3 Mon Sep 17 00:00:00 2001 From: Frantisek Tobias Date: Fri, 21 Mar 2025 10:39:32 +0100 Subject: [PATCH] lib/resolve: kr_context: add trust whitelist certificate credentials] --- lib/resolve.c | 18 ++---------------- lib/resolve.h | 2 +- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/lib/resolve.c b/lib/resolve.c index feee74a6f..c21f8c1a0 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -595,21 +595,6 @@ cleanup: return rv; } -int kr_init_whitelist(const char *whitelistpath) -{ - the_resolver->issuers = calloc(sizeof(struct issuer_whitelist), 1); - if (!the_resolver->issuers) - return ENOMEM; - - int ret = get_auth_name_array(the_resolver->issuers, whitelistpath); - if (ret != kr_ok()) { - whitelist_free(the_resolver->issuers); - the_resolver->issuers = NULL; - } - - return ret; -} - int kr_resolver_init(module_array_t *modules, knot_mm_t *pool) { the_resolver = &the_resolver_value; @@ -637,6 +622,7 @@ int kr_resolver_init(module_array_t *modules, knot_mm_t *pool) /* Empty init; filled via ./lua/postconfig.lua */ kr_zonecut_init(&the_resolver->root_hints, (const uint8_t *)"", pool); lru_create(&the_resolver->cache_cookie, LRU_COOKIES_SIZE, NULL, NULL); + the_resolver->trust_whitelist = NULL; return kr_ok(); } @@ -653,7 +639,7 @@ void kr_resolver_deinit(void) trie_free(the_resolver->trust_anchors); kr_ta_clear(the_resolver->negative_anchors); trie_free(the_resolver->negative_anchors); - whitelist_free(the_resolver->issuers); + gnutls_certificate_free_credentials(the_resolver->trust_whitelist); the_resolver = NULL; } diff --git a/lib/resolve.h b/lib/resolve.h index a5123bc56..ff65184dd 100644 --- a/lib/resolve.h +++ b/lib/resolve.h @@ -182,7 +182,7 @@ struct kr_context kr_cookie_lru_t *cache_cookie; int32_t tls_padding; /**< See net.tls_padding in ../daemon/README.rst -- -1 is "true" (default policy), 0 is "false" (no padding) */ knot_mm_t *pool; - struct issuer_whitelist *issuers; + gnutls_certificate_credentials_t trust_whitelist; }; /** Pointer to the singleton resolver context. NULL if not initialized */ -- 2.47.3