From a48abc2f8b0b37ab93e99acb57e96bbd66a3a355 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 12 Mar 2018 12:35:53 +0000 Subject: [PATCH] - Fix #3727: Protocol name is TLS, options have been renamed but documentation is not consistent. git-svn-id: file:///svn/unbound/trunk@4578 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 2 ++ doc/example.conf.in | 6 +++--- doc/unbound.conf.5.in | 16 ++++++++-------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/doc/Changelog b/doc/Changelog index f29935375..5cdcdf9ad 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 12 March 2018: Wouter - Added documentation for aggressive-nsec: yes. - tag 1.7.0rc3. + - Fix #3727: Protocol name is TLS, options have been renamed but + documentation is not consistent. 9 March 2018: Wouter - Fix #3598: Fix swig build issue on rhel6 based system. diff --git a/doc/example.conf.in b/doc/example.conf.in index dae86fb6f..22c5b6ed3 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -664,14 +664,14 @@ server: # add a netblock specific override to a localzone, with zone type # local-zone-override: "example.com" 192.0.2.0/24 refuse - # service clients over SSL (on the TCP sockets), with plain DNS inside - # the SSL stream. Give the certificate to use and private key. + # service clients over TLS (on the TCP sockets), with plain DNS inside + # the TLS stream. Give the certificate to use and private key. # default is "" (disabled). requires restart to take effect. # tls-service-key: "path/to/privatekeyfile.key" # tls-service-pem: "path/to/publiccertfile.pem" # tls-port: 853 - # request upstream over SSL (with plain DNS inside the SSL stream). + # request upstream over TLS (with plain DNS inside the TLS stream). # Default is no. Can be turned on and off with unbound-control. # tls-upstream: no diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index edde384ee..4f94ff662 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -399,8 +399,8 @@ change anything. Useful for TLS service providers, that want no udp downstream but use udp to fetch data upstream. .TP .B tls\-upstream: \fI -Enabled or disable whether the upstream queries use SSL only for transport. -Default is no. Useful in tunneling scenarios. The SSL contains plain DNS in +Enabled or disable whether the upstream queries use TLS only for transport. +Default is no. Useful in tunneling scenarios. The TLS contains plain DNS in TCP wireformat. The other server must support this (see \fBtls\-service\-key\fR). .TP @@ -409,7 +409,7 @@ Alternate syntax for \fBtls\-upstream\fR. If both are present in the config file the last is used. .TP .B tls\-service\-key: \fI -If enabled, the server provider SSL service on its TCP sockets. The clients +If enabled, the server provider TLS service on its TCP sockets. The clients have to use tls\-upstream: yes. The file is the private key for the TLS session. The public certificate is in the tls\-service\-pem file. Default is "", turned off. Requires a restart (a reload is not enough) if changed, @@ -429,8 +429,8 @@ turned off. Alternate syntax for \fBtls\-service\-pem\fR. .TP .B tls\-port: \fI -The port number on which to provide TCP SSL service, default 853, only -interfaces configured with that port number as @number get the SSL service. +The port number on which to provide TCP TLS service, default 853, only +interfaces configured with that port number as @number get the TLS service. .TP .B ssl\-port: \fI Alternate syntax for \fBtls\-port\fR. @@ -1310,7 +1310,7 @@ In the clause are the declarations for the remote control facility. If this is enabled, the \fIunbound\-control\fR(8) utility can be used to send commands to the running unbound server. The server uses these clauses -to setup SSLv3 / TLSv1 security for the connection. The +to setup TLSv1 security for the connection. The \fIunbound\-control\fR(8) utility also reads the \fBremote\-control\fR section for options. To setup the correct self\-signed certificates use the \fIunbound\-control\-setup\fR(8) utility. @@ -1416,7 +1416,7 @@ the servers are unreachable, instead it is tried without this clause. The default is no. .TP .B stub\-tls\-upstream: \fI -Enabled or disable whether the queries to this stub use SSL for transport. +Enabled or disable whether the queries to this stub use TLS for transport. Default is no. .TP .B stub\-ssl\-upstream: \fI @@ -1456,7 +1456,7 @@ the servers are unreachable, instead it is tried without this clause. The default is no. .TP .B forward\-tls\-upstream: \fI -Enabled or disable whether the queries to this forwarder use SSL for transport. +Enabled or disable whether the queries to this forwarder use TLS for transport. Default is no. .TP .B forward\-ssl\-upstream: \fI -- 2.47.3