From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 24 May 2018 09:23:24 +0000 (+0000)
Subject: - Fix that windows unbound service can use DNS-over-TLS.
X-Git-Tag: release-1.7.2rc1~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55088951c0f2f3595a96f7b4effd8a6fcc9b9220;p=thirdparty%2Funbound.git

- Fix that windows unbound service can use DNS-over-TLS.


git-svn-id: file:///svn/unbound/trunk@4689 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 167e5a33c..30a077e05 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,6 @@
 24 May 2018: Wouter
 	- Fix that libunbound can do DNS-over-TLS, when configured.
+	- Fix that windows unbound service can use DNS-over-TLS.
 
 23 May 2018: Wouter
 	- Use accept4 to speed up incoming TCP (and TLS) connections,
diff --git a/winrc/win_svc.c b/winrc/win_svc.c
index b755fb543..c5082ac3d 100644
--- a/winrc/win_svc.c
+++ b/winrc/win_svc.c
@@ -52,6 +52,7 @@
 #include "util/config_file.h"
 #include "util/netevent.h"
 #include "util/ub_event.h"
+#include "util/net_help.h"
 
 /** global service status */
 static SERVICE_STATUS	service_status;
@@ -357,6 +358,14 @@ service_init(int r, struct daemon** d, struct config_file** c)
 		config_delete(cfg);
 		return 0;
 	}
+	if(cfg->ssl_service_key && cfg->ssl_service_key[0]) {
+		if(!(daemon->listen_sslctx = listen_sslctx_create(
+			cfg->ssl_service_key, cfg->ssl_service_pem, NULL)))
+			fatal_exit("could not set up listen SSL_CTX");
+	}
+	if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL,
+		cfg->tls_cert_bundle)))
+		fatal_exit("could not set up connect SSL_CTX");
 
 	/* open ports */
 	/* keep reporting that we are busy starting */