Add docs

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index 39e52172615ca1d62b9aeb14d24f8822a74ac944..b67cd00977566bdf926f5202bb4301b8fe67f847 100644 (file)
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -4,6 +4,14 @@ Upgrade Guide
 Before upgrading, it is advised to read the :doc:`changelog/index`.
 When upgrading several versions, please read **all** notes applying to the upgrade.
 
+5.4.0 to master
+---------------
+
+Changed Settings
+^^^^^^^^^^^^^^^^
+The :ref:`incoming-ws-config` YAML struct has been extended to be able to specify an encrypted PKCS12 file to configure TLS key and certificate chain.
+
+
 5.1.10, 5.2.8 and 5.3.5
 -----------------------
 
@@ -13,7 +21,7 @@ New settings
 - The :ref:`setting-yaml-recordcache.max_entry_size` setting has been introduced to limit the maximum size of a stored record set.
 - The :ref:`setting-yaml-packetcache.max_entry_size` setting has been introduced to limit the maximum size of a packet cache entry.
 
-5.3.0 to master
+5.3.0 to 5.4.0
 ---------------
 
 New Settings

diff --git a/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst b/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst
index fb8b1344eee7abc0ac089510ad04210f6fdc9fe2..f1e0a1edb2e7c1249436ddf06406d5d74e418bcf 100644 (file)
--- a/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst
+++ b/pdns/recursordist/rec-rust-lib/docs-new-preamble-in.rst
@@ -504,6 +504,9 @@ An example of an ``proxymappings`` entry, which is a sequence of `ProxyMapping`_
            - example.com
            - example.net
 
+Description of YAML syntax for additional structured types
+----------------------------------------------------------
+             
 ForwardingCatalogZone
 ^^^^^^^^^^^^^^^^^^^^^
 As of version 5.2.0, a forwarding catalog zone entry is defined as:
@@ -572,9 +575,9 @@ As of version 5.3.0, an incoming web server configuration is defined as
 
    addresses: [] Sequence of SocketAddress
    tls:
-     certificates: file containing full certificate chain in PEM format
+     certificates: file containing full certificate chain in PEM format or (since version 5.5.0) a PKCS12 file
      key: file containing private key in PEM format
-
+     password: the password used to decrypt a PKCS12 file (since version 5.5.0)
 
 A :ref:`setting-yaml-webservice.listen` section contains a sequence of `IncomingWSConfig`_, for example:
 
@@ -590,7 +593,14 @@ A :ref:`setting-yaml-webservice.listen` section contains a sequence of `Incoming
 
 If no ``tls`` section is present, plaintext ``http`` connections are accepted on the listed addresses.
 
-If a ``tls`` section is present, clients are required to use ``https`` to contact any of the address-port combinations listen in addresses. At the moment it is not possible to list additional properties of the TLS listener and encrypted key files cannot be used.
+If a ``tls`` section is present, clients are required to use ``https`` to contact any of the address-port combinations listen in addresses.
+
+If both the ``certificate`` and the ``key`` fields are set, the values specify unencrypted PEM files.
+The ``password`` field is ignored in that case.
+
+Starting with version 5.5.0, if the ``key`` field is not set but the ``certificate`` and ``password`` fields are set, the listed file is assumed to be an encrypted PKCS12 (also known as pfx) file containing both a key and the certificate chain.
+
+At the moment it is not possible to list additional properties of the TLS listener.
 
 OutgoingTLSConfiguration
 ^^^^^^^^^^^^^^^^^^^^^^^^