}
std::shared_ptr<TLSCtx> tlsCtx;
- if (vars.count("tls")) {
- TLSContextParameters tlsParams;
- std::string ciphers;
- std::string ciphers13;
-
- tlsParams.d_provider = boost::get<string>(vars.at("tls"));
-
- if (vars.count("ciphers")) {
- tlsParams.d_ciphers = boost::get<string>(vars.at("ciphers"));
- }
- if (vars.count("ciphers13")) {
- tlsParams.d_ciphers13 = boost::get<string>(vars.at("ciphers13"));
- }
- if (vars.count("caStore")) {
- tlsParams.d_caStore = boost::get<string>(vars.at("caStore"));
- }
- if (vars.count("validateCertificates")) {
- tlsParams.d_validateCertificates = boost::get<bool>(vars.at("validateCertificates"));
- }
- if (vars.count("releaseBuffers")) {
- tlsParams.d_releaseBuffers = boost::get<bool>(vars.at("releaseBuffers"));
- }
- if (vars.count("enableRenegotiation")) {
- tlsParams.d_enableRenegotiation = boost::get<bool>(vars.at("enableRenegotiation"));
- }
- if (vars.count("subjectName")) {
- config.d_tlsSubjectName = boost::get<string>(vars.at("subjectName"));
- }
+ if (vars.count("ciphers")) {
+ config.d_tlsParams.d_ciphers = boost::get<string>(vars.at("ciphers"));
+ }
+ if (vars.count("ciphers13")) {
+ config.d_tlsParams.d_ciphers13 = boost::get<string>(vars.at("ciphers13"));
+ }
+ if (vars.count("caStore")) {
+ config.d_tlsParams.d_caStore = boost::get<string>(vars.at("caStore"));
+ }
+ if (vars.count("validateCertificates")) {
+ config.d_tlsParams.d_validateCertificates = boost::get<bool>(vars.at("validateCertificates"));
+ }
+ if (vars.count("releaseBuffers")) {
+ config.d_tlsParams.d_releaseBuffers = boost::get<bool>(vars.at("releaseBuffers"));
+ }
+ if (vars.count("enableRenegotiation")) {
+ config.d_tlsParams.d_enableRenegotiation = boost::get<bool>(vars.at("enableRenegotiation"));
+ }
+ if (vars.count("subjectName")) {
+ config.d_tlsSubjectName = boost::get<string>(vars.at("subjectName"));
+ }
- tlsCtx = getTLSContext(tlsParams);
+ if (vars.count("tls")) {
+ config.d_tlsParams.d_provider = boost::get<string>(vars.at("tls"));
+ tlsCtx = getTLSContext(config.d_tlsParams);
if (vars.count("dohPath")) {
#ifndef HAVE_NGHTTP2
{
std::map<uint16_t, DesignatedResolvers> resolvers;
if (!parseSVCParams(answer, resolvers)) {
+ vinfolog("No configuration found in response for backend %s", existingAddr.toStringWithPort());
return false;
}
continue;
#endif
if (tempConfig.d_dohPath.empty()) {
+ vinfolog("Got a DoH upgrade offered for %s but no path, skipping", existingAddr.toStringWithPort());
continue;
}
}
}
/* we have a config that we can use! */
-
for (const auto& hint : resolver.hints) {
tentativeAddresses.insert(hint);
}
{
ServiceDiscovery::DiscoveredResolverConfig discoveredConfig;
+ vinfolog("Trying to discover configuration for backend %s", backend.d_ds->getNameWithAddr());
if (!ServiceDiscovery::getDiscoveredConfig(backend, discoveredConfig)) {
return false;
}
try {
/* create new backend, put it into the right pool(s) */
- TLSContextParameters tlsParams;
- auto tlsCtx = getTLSContext(tlsParams);
+ auto tlsCtx = getTLSContext(config.d_tlsParams);
auto newServer = std::make_shared<DownstreamState>(std::move(config), std::move(tlsCtx), true);
/* check that we can connect to the backend (including certificate validation */
projects / thirdparty / pdns.git / commitdiff
