::
tls string {
- ca-file quoted_string;
cert-file quoted_string;
ciphers string;
dhparam-file quoted_string;
- hostname quoted_string;
key-file quoted_string;
prefer-server-ciphers boolean;
protocols { string; ... };
dns_transport_set_keyfile);
parse_transport_option(doh, transport, "cert-file",
dns_transport_set_certfile);
+#if 0
+ /*
+ * The following two options need to remain unavailable until
+ * TLS certificate verification gets implemented.
+ */
parse_transport_option(doh, transport, "ca-file",
dns_transport_set_cafile);
parse_transport_option(doh, transport, "hostname",
dns_transport_set_hostname);
+#endif
}
return (ISC_R_SUCCESS);
dns_transport_set_keyfile);
parse_transport_option(tls, transport, "cert-file",
dns_transport_set_certfile);
+#if 0
+ /*
+ * The following two options need to remain unavailable until
+ * TLS certificate verification gets implemented.
+ */
parse_transport_option(tls, transport, "ca-file",
dns_transport_set_cafile);
parse_transport_option(tls, transport, "hostname",
dns_transport_set_hostname);
+#endif
}
return (ISC_R_SUCCESS);
# In some cases a "tls" statement may omit key-file and cert-file.
tls local-tls {
protocols {TLSv1.2;};
- hostname "fqdn.example.com";
};
Declares communication channels to get access to ``named`` statistics.
``tls``
- Specifies configuration information for a TLS connection, including a ``key-file``, ``cert-file``, ``ca-file``, ``dhparam-file``, ``hostname``, ``ciphers``, ``protocols``, ``prefer-server-ciphers``, and ``session-tickets``.
+ Specifies configuration information for a TLS connection, including a ``key-file``, ``cert-file``, ``dhparam-file``, ``ciphers``, ``protocols``, ``prefer-server-ciphers``, and ``session-tickets``.
``http``
Specifies configuration information for an HTTP connection, including ``endponts``, ``listener-clients`` and ``streams-per-connection``.
Path to a file containing the TLS certificate to be used for
the connection.
- ``ca-file``
- Path to a file containing trusted TLS certificates.
-
``dhparam-file``
Path to a file containing Diffie-Hellman parameters,
which is needed to enable the cipher suites depending on the
specified is essential for enabling perfect forward secrecy capable
ciphers in TLSv1.2.
- ``hostname``
- The hostname associated with the certificate.
-
``protocols``
Allowed versions of the TLS protocol. TLS version 1.2 and higher are
supported, depending on the cryptographic library in use. Multiple
.nf
.ft C
tls string {
- ca\-file quoted_string;
cert\-file quoted_string;
ciphers string;
dhparam\-file quoted_string;
- hostname quoted_string;
key\-file quoted_string;
prefer\-server\-ciphers boolean;
protocols { string; ... };
}; // may occur multiple times
tls <string> {
- ca-file <quoted_string>;
cert-file <quoted_string>;
ciphers <string>;
dhparam-file <quoted_string>;
- hostname <quoted_string>;
key-file <quoted_string>;
prefer-server-ciphers <boolean>;
protocols { <string>; ... };
}; // may occur multiple times
tls <string> {
- ca-file <quoted_string>;
cert-file <quoted_string>;
ciphers <string>;
dhparam-file <quoted_string>;
- hostname <quoted_string>;
key-file <quoted_string>;
prefer-server-ciphers <boolean>;
protocols { <string>; ... };
::
tls <string> {
- ca-file <quoted_string>;
cert-file <quoted_string>;
ciphers <string>;
dhparam-file <quoted_string>;
- hostname <quoted_string>;
key-file <quoted_string>;
prefer-server-ciphers <boolean>;
protocols { <string>; ... };
static cfg_clausedef_t tls_clauses[] = {
{ "key-file", &cfg_type_qstring, 0 },
{ "cert-file", &cfg_type_qstring, 0 },
+#if 0
+ /*
+ * The following two options need to remain unavailable until TLS
+ * certificate verification gets implemented.
+ */
{ "ca-file", &cfg_type_qstring, 0 },
{ "hostname", &cfg_type_qstring, 0 },
+#endif
{ "dhparam-file", &cfg_type_qstring, 0 },
{ "protocols", &cfg_type_tlsprotos, 0 },
{ "ciphers", &cfg_type_astring, 0 },
projects / thirdparty / bind9.git / commitdiff
