Datamodel: Add tls field for CA trust whitelist file

diff --git a/doc/_static/config.schema.json b/doc/_static/config.schema.json
index 1c4fc9f94e05d3d5935732e5952686cf28a765a5..72962a4cb4eebd62615fd2276c436027e21141ac 100644 (file)
--- a/doc/_static/config.schema.json
+++ b/doc/_static/config.schema.json
@@ -372,12 +372,12 @@
                             "description": "EDNS(0) padding of queries and answers sent over an encrypted channel.",
                             "default": true
                         },
-                        "whitelist": {
+                        "whitelist-file": {
                             "type": [
                                 "string",
                                 "null"
                             ],
-                            "description": "Path to certificate authority whitelist file",
+                            "description": "Path to certificate authority whitelist.",
                             "default": null
                         }
                     },
@@ -389,7 +389,7 @@
                         "sticket_secret_file": null,
                         "auto_discovery": false,
                         "padding": true,
-                        "whitelist": null
+                        "whitelist_file": null
                     }
                 },
                 "proxy-protocol": {
@@ -549,7 +549,7 @@
                     "sticket_secret_file": null,
                     "auto_discovery": false,
                     "padding": true,
-                    "whitelist": null
+                    "whitelist_file": null
                 },
                 "proxy_protocol": false,
                 "listen": [

diff --git a/python/knot_resolver/datamodel/network_schema.py b/python/knot_resolver/datamodel/network_schema.py
index 7810d33d65e6c8b9abecf483ee3d95075013213b..35766e02d91211e8f74993f9c19145c2fa1c1146 100644 (file)
--- a/python/knot_resolver/datamodel/network_schema.py
+++ b/python/knot_resolver/datamodel/network_schema.py
@@ -61,7 +61,7 @@ class TLSSchema(ConfigSchema):
         sticket_secret_file: Path to file with secret for TLS session resumption via tickets. (RFC 5077).
         auto_discovery: Experimental automatic discovery of authoritative servers supporting DNS-over-TLS.
         padding: EDNS(0) padding of queries and answers sent over an encrypted channel.
-        whitelist: Path to certificate authority whitelist file
+        whitelist_file: Path to certificate authority whitelist.
         """
 
         files_watchdog: Union[Literal["auto"], bool] = "auto"
@@ -71,7 +71,7 @@ class TLSSchema(ConfigSchema):
         sticket_secret_file: Optional[ReadableFile] = None
         auto_discovery: bool = False
         padding: Union[bool, Int0_512] = True
-        whitelist: Optional[ReadableFile] = None
+        whitelist_file: Optional[ReadableFile] = None
 
     _LAYER = Raw
 
@@ -82,7 +82,7 @@ class TLSSchema(ConfigSchema):
     sticket_secret_file: Optional[ReadableFile] = None
     auto_discovery: bool = False
     padding: Union[bool, Int0_512] = True
-    whitelist: Optional[ReadableFile] = None
+    whitelist_file: Optional[ReadableFile] = None
 
     def _files_watchdog(self, obj: Raw) -> Any:
         if obj.files_watchdog == "auto":

diff --git a/python/knot_resolver/datamodel/templates/network.lua.j2 b/python/knot_resolver/datamodel/templates/network.lua.j2
index c20648149cd3c41e7ee7b36b9d28afb2e180af1b..8190b2563ff02449cb61c98c8c3ceafe280f219b 100644 (file)
--- a/python/knot_resolver/datamodel/templates/network.lua.j2
+++ b/python/knot_resolver/datamodel/templates/network.lua.j2
@@ -36,9 +36,9 @@ net.bufsize(
 net.tls('{{ cfg.network.tls.cert_file  }}', '{{ cfg.network.tls.key_file }}')
 {% endif %}
 
-{% if cfg.network.tls.whitelist %}
--- network.tls_whitelist
-net.tls_whitelist('{{ cfg.network.tls.whitelist }}')
+{% if cfg.network.tls.whitelist_file %}
+-- network.tls.whitelist-file
+net.tls_whitelist('{{ cfg.network.tls.whitelist_file }}')
 {% endif %}
 
 {% if cfg.network.tls.sticket_secret %}