From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 4 Nov 2019 12:04:48 +0000 (+0000)
Subject: unbound: Allow forcing to speak TLS to upstream servers only
X-Git-Tag: v2.25-core141~70^2~53
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=dea5f34914819b5f6c0801ff12eafa521c79188b

unbound: Allow forcing to speak TLS to upstream servers only

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/initscripts/system/unbound b/src/initscripts/system/unbound
index 1c9f4288ca..cafc2e61c8 100644
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -16,6 +16,7 @@ INSECURE_ZONES=
 USE_FORWARDERS=1
 ENABLE_SAFE_SEARCH=off
 FORCE_TCP=off
+FORCE_TLS=off
 
 # Cache any local zones for 60 seconds
 LOCAL_TTL=60
@@ -184,8 +185,15 @@ write_forward_conf() {
 	(
 		config_header
 
+		# Force using TLS for upstream servers only
+		if [ "${FORCE_TLS}" = "on" ]; then
+			echo "# Force using TLS for upstream servers only"
+			echo "server:"
+			echo "	tls-upstream: yes"
+			echo
+
 		# Force using TCP for upstream servers only
-		if [ "${FORCE_TCP}" = "on" ]; then
+		elif [ "${FORCE_TCP}" = "on" ]; then
 			echo "# Force using TCP for upstream servers only"
 			echo "server:"
 			echo "	tcp-upstream: yes"