- Fix that windows unbound service can use DNS-over-TLS.

git-svn-id: file:///svn/unbound/trunk@4689 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 167e5a33c0e78b90964c144f8d998b7dfe35c3c0..30a077e05602ccbd0217b242ca9c923fb2dc0e29 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 24 May 2018: Wouter
        - Fix that libunbound can do DNS-over-TLS, when configured.
+       - Fix that windows unbound service can use DNS-over-TLS.
 
 23 May 2018: Wouter
        - Use accept4 to speed up incoming TCP (and TLS) connections,

diff --git a/winrc/win_svc.c b/winrc/win_svc.c
index b755fb543b02108ba309060cdc92aa274ae41582..c5082ac3dff8ac3a07ff02a6bbe9baeec462e8ad 100644 (file)
--- a/winrc/win_svc.c
+++ b/winrc/win_svc.c
@@ -52,6 +52,7 @@
 #include "util/config_file.h"
 #include "util/netevent.h"
 #include "util/ub_event.h"
+#include "util/net_help.h"
 
 /** global service status */
 static SERVICE_STATUS  service_status;
@@ -357,6 +358,14 @@ service_init(int r, struct daemon** d, struct config_file** c)
                config_delete(cfg);
                return 0;
        }
+       if(cfg->ssl_service_key && cfg->ssl_service_key[0]) {
+               if(!(daemon->listen_sslctx = listen_sslctx_create(
+                       cfg->ssl_service_key, cfg->ssl_service_pem, NULL)))
+                       fatal_exit("could not set up listen SSL_CTX");
+       }
+       if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL,
+               cfg->tls_cert_bundle)))
+               fatal_exit("could not set up connect SSL_CTX");
 
        /* open ports */
        /* keep reporting that we are busy starting */