dnsdist: Fix building with YAML enabled but without TLS support

Based on a patch from Robert Edmonds, thanks!

diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
index 0d7a05a90fa6c120615904a3cfd695006e28179c..9caa46032fcc1fd1f721163fd71cadd65d1292d8 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
+++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc
@@ -202,7 +202,13 @@ static TLSConfig getTLSConfigFromRustIncomingTLS(const dnsdist::rust::settings::
   }
   out.d_ciphers = std::string(incomingTLSConfig.ciphers);
   out.d_ciphers13 = std::string(incomingTLSConfig.ciphers_tls_13);
+#if defined(HAVE_LIBSSL)
   out.d_minTLSVersion = libssl_tls_version_from_string(std::string(incomingTLSConfig.minimum_version));
+#else /* HAVE_LIBSSL */
+  if (!incomingTLSConfig.minimum_version.empty()) {
+    warnlog("bind.tls.minimum_version has no effect with the chosen TLS library");
+  }
+#endif /* HAVE_LIBSSL */
   out.d_ticketKeyFile = std::string(incomingTLSConfig.ticket_key_file);
   out.d_keyLogFile = std::string(incomingTLSConfig.key_log_file);
   out.d_maxStoredSessions = incomingTLSConfig.number_of_stored_sessions;
@@ -219,12 +225,13 @@ static TLSConfig getTLSConfigFromRustIncomingTLS(const dnsdist::rust::settings::
   return out;
 }
 
-static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfiguration& bind, const TLSConfig& tlsConfig)
+static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfiguration& bind, [[maybe_unused]] const TLSConfig& tlsConfig)
 {
   if (!bind.tls.ignore_configuration_errors) {
     return true;
   }
 
+#if defined(HAVE_LIBSSL)
   // we are asked to try to load the certificates so we can return a potential error
   // and properly ignore the frontend before actually launching it
   try {
@@ -234,6 +241,7 @@ static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfigur
     errlog("Ignoring %s frontend: '%s'", bind.protocol, e.what());
     return false;
   }
+#endif /* HAVE_LIBSSL */
 
   return true;
 }

diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc
index 0f00b6ace245b496381e9e9836f0c59ef0ddc5a2..233f7a6da23f58b8cfcb960e6ee37dac2913a09d 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-lua.cc
+++ b/pdns/dnsdistdist/dnsdist-lua.cc
@@ -2775,6 +2775,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
 
       bool ignoreTLSConfigurationErrors = false;
       if (getOptionalValue<bool>(vars, "ignoreTLSConfigurationErrors", ignoreTLSConfigurationErrors) > 0 && ignoreTLSConfigurationErrors) {
+#if defined(HAVE_LIBSSL)
         // we are asked to try to load the certificates so we can return a potential error
         // and properly ignore the frontend before actually launching it
         try {
@@ -2784,6 +2785,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck)
           errlog("Ignoring TLS frontend: '%s'", e.what());
           return;
         }
+#endif /* HAVE_LIBSSL */
       }
 
       checkAllParametersConsumed("addTLSLocal", vars);

diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc
index a0b10f24b91f408bd370b10e3efb91e2e5ad76e8..660b85f02424e4d760aa27bc23b68230f65a3827 100644 (file)
--- a/pdns/tcpiohandler.cc
+++ b/pdns/tcpiohandler.cc
@@ -1005,7 +1005,7 @@ private:
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 
-static void safe_memory_lock(void* data, size_t size)
+static void safe_memory_lock([[maybe_unused]] void* data, [[maybe_unused]] size_t size)
 {
 #ifdef HAVE_LIBSODIUM
   sodium_mlock(data, size);