From: George Thessalonikefs Date: Sat, 29 Jan 2022 14:14:56 +0000 (+0100) Subject: - Better cleanup on failed DoT/DoH listening socket creation. X-Git-Tag: release-1.15.0rc1~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=888eb224a6a04da7f203795fd2305013010ddd6c;p=thirdparty%2Funbound.git - Better cleanup on failed DoT/DoH listening socket creation. --- diff --git a/doc/Changelog b/doc/Changelog index d9c30a99c..9b9dd0557 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 29 January 2022: George - Fix tls-* and ssl-* documented alternate syntax to also be available through remote-control and unbound-checkconf. + - Better cleanup on failed DoT/DoH listening socket creation. 26 January 2022: George - Fix #599: [FR] RFC 9156 (obsoletes RFC 7816), by noting the new RFC diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c index 6a33fbcda..983b96f09 100644 --- a/services/listen_dnsport.c +++ b/services/listen_dnsport.c @@ -1370,39 +1370,38 @@ listen_create(struct comm_base* base, struct listen_port* ports, struct comm_point* cp = NULL; if(ports->ftype == listen_type_udp || ports->ftype == listen_type_udp_dnscrypt) - cp = comm_point_create_udp(base, ports->fd, + cp = comm_point_create_udp(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_tcp || ports->ftype == listen_type_tcp_dnscrypt) - cp = comm_point_create_tcp(base, ports->fd, + cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, 0, NULL, tcp_conn_limit, bufsize, front->udp_buff, ports->ftype, cb, cb_arg, ports->socket); else if(ports->ftype == listen_type_ssl || ports->ftype == listen_type_http) { - cp = comm_point_create_tcp(base, ports->fd, + cp = comm_point_create_tcp(base, ports->fd, tcp_accept_count, tcp_idle_timeout, harden_large_queries, http_max_streams, http_endpoint, tcp_conn_limit, bufsize, front->udp_buff, ports->ftype, cb, cb_arg, ports->socket); - if(http_notls && ports->ftype == listen_type_http) - cp->ssl = NULL; - else - cp->ssl = sslctx; if(ports->ftype == listen_type_http) { if(!sslctx && !http_notls) { - log_warn("HTTPS port configured, but no TLS " - "tls-service-key or tls-service-pem " - "set"); + log_warn("HTTPS port configured, but " + "no TLS tls-service-key or " + "tls-service-pem set"); } #ifndef HAVE_SSL_CTX_SET_ALPN_SELECT_CB - if(!http_notls) - log_warn("Unbound is not compiled with an " - "OpenSSL version supporting ALPN " - " (OpenSSL >= 1.0.2). This is required " - "to use DNS-over-HTTPS"); + if(!http_notls) { + log_warn("Unbound is not compiled " + "with an OpenSSL version " + "supporting ALPN " + "(OpenSSL >= 1.0.2). This " + "is required to use " + "DNS-over-HTTPS"); + } #endif #ifndef HAVE_NGHTTP2_NGHTTP2_H log_warn("Unbound is not compiled with " @@ -1412,13 +1411,17 @@ listen_create(struct comm_base* base, struct listen_port* ports, } } else if(ports->ftype == listen_type_udpancil || ports->ftype == listen_type_udpancil_dnscrypt) - cp = comm_point_create_udp_ancil(base, ports->fd, + cp = comm_point_create_udp_ancil(base, ports->fd, front->udp_buff, cb, cb_arg, ports->socket); if(!cp) { - log_err("can't create commpoint"); + log_err("can't create commpoint"); listen_delete(front); return NULL; } + if(http_notls && ports->ftype == listen_type_http) + cp->ssl = NULL; + else + cp->ssl = sslctx; cp->dtenv = dtenv; cp->do_not_close = 1; #ifdef USE_DNSCRYPT