From: Frantisek Tobias Date: Fri, 21 Mar 2025 09:42:39 +0000 (+0100) Subject: Datamodel: Add tls field for CA trust whitelist file X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58263c7889dc181686a5993e33c16295b1b8e519;p=thirdparty%2Fknot-resolver.git Datamodel: Add tls field for CA trust whitelist file --- diff --git a/doc/_static/config.schema.json b/doc/_static/config.schema.json index 1c4fc9f94..72962a4cb 100644 --- a/doc/_static/config.schema.json +++ b/doc/_static/config.schema.json @@ -372,12 +372,12 @@ "description": "EDNS(0) padding of queries and answers sent over an encrypted channel.", "default": true }, - "whitelist": { + "whitelist-file": { "type": [ "string", "null" ], - "description": "Path to certificate authority whitelist file", + "description": "Path to certificate authority whitelist.", "default": null } }, @@ -389,7 +389,7 @@ "sticket_secret_file": null, "auto_discovery": false, "padding": true, - "whitelist": null + "whitelist_file": null } }, "proxy-protocol": { @@ -549,7 +549,7 @@ "sticket_secret_file": null, "auto_discovery": false, "padding": true, - "whitelist": null + "whitelist_file": null }, "proxy_protocol": false, "listen": [ diff --git a/python/knot_resolver/datamodel/network_schema.py b/python/knot_resolver/datamodel/network_schema.py index 7810d33d6..35766e02d 100644 --- a/python/knot_resolver/datamodel/network_schema.py +++ b/python/knot_resolver/datamodel/network_schema.py @@ -61,7 +61,7 @@ class TLSSchema(ConfigSchema): sticket_secret_file: Path to file with secret for TLS session resumption via tickets. (RFC 5077). auto_discovery: Experimental automatic discovery of authoritative servers supporting DNS-over-TLS. padding: EDNS(0) padding of queries and answers sent over an encrypted channel. - whitelist: Path to certificate authority whitelist file + whitelist_file: Path to certificate authority whitelist. """ files_watchdog: Union[Literal["auto"], bool] = "auto" @@ -71,7 +71,7 @@ class TLSSchema(ConfigSchema): sticket_secret_file: Optional[ReadableFile] = None auto_discovery: bool = False padding: Union[bool, Int0_512] = True - whitelist: Optional[ReadableFile] = None + whitelist_file: Optional[ReadableFile] = None _LAYER = Raw @@ -82,7 +82,7 @@ class TLSSchema(ConfigSchema): sticket_secret_file: Optional[ReadableFile] = None auto_discovery: bool = False padding: Union[bool, Int0_512] = True - whitelist: Optional[ReadableFile] = None + whitelist_file: Optional[ReadableFile] = None def _files_watchdog(self, obj: Raw) -> Any: if obj.files_watchdog == "auto": diff --git a/python/knot_resolver/datamodel/templates/network.lua.j2 b/python/knot_resolver/datamodel/templates/network.lua.j2 index c20648149..8190b2563 100644 --- a/python/knot_resolver/datamodel/templates/network.lua.j2 +++ b/python/knot_resolver/datamodel/templates/network.lua.j2 @@ -36,9 +36,9 @@ net.bufsize( net.tls('{{ cfg.network.tls.cert_file }}', '{{ cfg.network.tls.key_file }}') {% endif %} -{% if cfg.network.tls.whitelist %} --- network.tls_whitelist -net.tls_whitelist('{{ cfg.network.tls.whitelist }}') +{% if cfg.network.tls.whitelist_file %} +-- network.tls.whitelist-file +net.tls_whitelist('{{ cfg.network.tls.whitelist_file }}') {% endif %} {% if cfg.network.tls.sticket_secret %}