From: Remi Gacogne Date: Wed, 30 Apr 2025 08:49:06 +0000 (+0200) Subject: dnsdist: Fix building with YAML enabled but without TLS support X-Git-Tag: dnsdist-2.0.0-alpha2~37^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18052193416c0873d229275caafb961274715268;p=thirdparty%2Fpdns.git dnsdist: Fix building with YAML enabled but without TLS support Based on a patch from Robert Edmonds, thanks! --- diff --git a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc index 0d7a05a90f..9caa46032f 100644 --- a/pdns/dnsdistdist/dnsdist-configuration-yaml.cc +++ b/pdns/dnsdistdist/dnsdist-configuration-yaml.cc @@ -202,7 +202,13 @@ static TLSConfig getTLSConfigFromRustIncomingTLS(const dnsdist::rust::settings:: } out.d_ciphers = std::string(incomingTLSConfig.ciphers); out.d_ciphers13 = std::string(incomingTLSConfig.ciphers_tls_13); +#if defined(HAVE_LIBSSL) out.d_minTLSVersion = libssl_tls_version_from_string(std::string(incomingTLSConfig.minimum_version)); +#else /* HAVE_LIBSSL */ + if (!incomingTLSConfig.minimum_version.empty()) { + warnlog("bind.tls.minimum_version has no effect with the chosen TLS library"); + } +#endif /* HAVE_LIBSSL */ out.d_ticketKeyFile = std::string(incomingTLSConfig.ticket_key_file); out.d_keyLogFile = std::string(incomingTLSConfig.key_log_file); out.d_maxStoredSessions = incomingTLSConfig.number_of_stored_sessions; @@ -219,12 +225,13 @@ static TLSConfig getTLSConfigFromRustIncomingTLS(const dnsdist::rust::settings:: return out; } -static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfiguration& bind, const TLSConfig& tlsConfig) +static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfiguration& bind, [[maybe_unused]] const TLSConfig& tlsConfig) { if (!bind.tls.ignore_configuration_errors) { return true; } +#if defined(HAVE_LIBSSL) // we are asked to try to load the certificates so we can return a potential error // and properly ignore the frontend before actually launching it try { @@ -234,6 +241,7 @@ static bool validateTLSConfiguration(const dnsdist::rust::settings::BindConfigur errlog("Ignoring %s frontend: '%s'", bind.protocol, e.what()); return false; } +#endif /* HAVE_LIBSSL */ return true; } diff --git a/pdns/dnsdistdist/dnsdist-lua.cc b/pdns/dnsdistdist/dnsdist-lua.cc index 0f00b6ace2..233f7a6da2 100644 --- a/pdns/dnsdistdist/dnsdist-lua.cc +++ b/pdns/dnsdistdist/dnsdist-lua.cc @@ -2775,6 +2775,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) bool ignoreTLSConfigurationErrors = false; if (getOptionalValue(vars, "ignoreTLSConfigurationErrors", ignoreTLSConfigurationErrors) > 0 && ignoreTLSConfigurationErrors) { +#if defined(HAVE_LIBSSL) // we are asked to try to load the certificates so we can return a potential error // and properly ignore the frontend before actually launching it try { @@ -2784,6 +2785,7 @@ static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) errlog("Ignoring TLS frontend: '%s'", e.what()); return; } +#endif /* HAVE_LIBSSL */ } checkAllParametersConsumed("addTLSLocal", vars); diff --git a/pdns/tcpiohandler.cc b/pdns/tcpiohandler.cc index a0b10f24b9..660b85f024 100644 --- a/pdns/tcpiohandler.cc +++ b/pdns/tcpiohandler.cc @@ -1005,7 +1005,7 @@ private: #include #include -static void safe_memory_lock(void* data, size_t size) +static void safe_memory_lock([[maybe_unused]] void* data, [[maybe_unused]] size_t size) { #ifdef HAVE_LIBSODIUM sodium_mlock(data, size);