(cfg->tls_session_ticket_keys.first &&
cfg->tls_session_ticket_keys.first->str[0] != 0),
is_dot, is_doh, cfg->tls_protocols))) {
- fatal_exit("could not set up listen SSL_CTX");
+ log_err("could not set up listen SSL_CTX");
+ *ctx = NULL;
}
}
#endif /* HAVE_SSL */
pem += strlen(chroot);
if(!(ctx = quic_sslctx_create(key, pem, NULL))) {
- fatal_exit("could not set up quic SSL_CTX");
+ log_err("could not set up quic SSL_CTX");
+ return NULL;
}
return ctx;
}
bundle += strlen(chroot);
if(!(ctx = connect_sslctx_create(NULL, NULL, bundle,
- cfg->tls_win_cert)))
- fatal_exit("could not set up connect SSL_CTX");
+ cfg->tls_win_cert))) {
+ log_err("could not set up connect SSL_CTX");
+ return NULL;
+ }
return ctx;
}
#endif /* HAVE_SSL */
}
daemon->listen_dot_sslctx = daemon_setup_listen_dot_sslctx(
daemon, cfg);
+ if(!daemon->listen_dot_sslctx)
+ fatal_exit("Could not set up listen dot sslctx");
#ifdef HAVE_NGHTTP2_NGHTTP2_H
if(cfg_has_https(cfg)) {
daemon->listen_doh_sslctx =
daemon_setup_listen_doh_sslctx(daemon, cfg);
+ if(!daemon->listen_doh_sslctx)
+ fatal_exit("Could not set up listen doh sslctx");
}
#endif
#ifdef HAVE_NGTCP2
if(cfg_has_quic(cfg)) {
daemon->listen_quic_sslctx =
daemon_setup_listen_quic_sslctx(daemon, cfg);
+ if(!daemon->listen_quic_sslctx)
+ fatal_exit("Could not set up listen quic sslctx");
}
#endif /* HAVE_NGTCP2 */
}
daemon->connect_dot_sslctx = daemon_setup_connect_dot_sslctx(
daemon, cfg);
+ if(!daemon->connect_dot_sslctx)
+ fatal_exit("could not setup connect dot sslctx");
#else /* HAVE_SSL */
(void)daemon;(void)cfg;
#endif /* HAVE_SSL */
/* Leave listen ctxs and file str at NULL */
ct->connect_dot_sslctx = daemon_setup_connect_dot_sslctx(
daemon, newcfg);
+ if(!ct->connect_dot_sslctx)
+ return 0;
return 1;
}
pem += strlen(chroot);
ct->listen_dot_sslctx = daemon_setup_listen_dot_sslctx(daemon, newcfg);
+ if(!ct->listen_dot_sslctx)
+ return 0;
#ifdef HAVE_NGHTTP2_NGHTTP2_H
if(cfg_has_https(newcfg)) {
ct->listen_doh_sslctx = daemon_setup_listen_doh_sslctx(
daemon, newcfg);
+ if(!ct->listen_doh_sslctx)
+ return 0;
}
#endif
#ifdef HAVE_NGTCP2
if(cfg_has_quic(newcfg)) {
ct->listen_quic_sslctx = daemon_setup_listen_quic_sslctx(
daemon, newcfg);
+ if(!ct->listen_quic_sslctx)
+ return 0;
}
#endif /* HAVE_NGTCP2 */
ct->connect_dot_sslctx = daemon_setup_connect_dot_sslctx(daemon,
newcfg);
+ if(!ct->connect_dot_sslctx)
+ return 0;
/* Store mtime and names */
ct->ssl_service_key = strdup(newcfg->ssl_service_key);
- Fix integer overflow for very high values of
`sock-queue-timeout`. Thanks to Qifan Zhang, Palo Alto
Networks, for the report.
+ - Fix that fast_reload does not terminate the server for
+ errors in config, for key files. Thanks to Qifan Zhang,
+ Palo Alto Networks, for the report.
12 June 2026: Wouter
- Fix that for auth-zone and rpz zones the allow-notify
z->zonemd_reject_absence = c->zonemd_reject_absence;
if(c->isrpz && !z->rpz){
if(!(z->rpz = rpz_create(c))){
- fatal_exit("Could not setup RPZ zones");
+ log_err("Could not setup RPZ zones");
+ if(x) {
+ lock_basic_unlock(&x->lock);
+ }
+ lock_rw_unlock(&z->lock);
+ lock_rw_unlock(&az->rpz_lock);
return 0;
}
lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
z = local_zones_lookup(zones, rr_name, len, labs, rr_class, rr_type, 1);
if(!z) {
lock_rw_unlock(&zones->lock);
- fatal_exit("internal error: no zone for rr %s", rr);
+ log_err("internal error: no zone for rr %s", rr);
+ free(rr_name);
+ return 0;
}
lock_rw_wrlock(&z->lock);
lock_rw_unlock(&zones->lock);
while((c = getc(in)) != EOF ) {
if(comments && c == '#') { /* # blabla */
skip_to_eol(in, &c);
- if(c == EOF) return 0;
+ if(c == EOF) {
+ log_err("trusted-keys, %d, got EOF", *line);
+ return 0;
+ }
(*line)++;
continue;
} else if(comments && c=='/' && numdone>0 && /* /_/ bla*/
sldns_buffer_skip(buf, -1);
numdone--;
skip_to_eol(in, &c);
- if(c == EOF) return 0;
+ if(c == EOF) {
+ log_err("trusted-keys, %d, got EOF", *line);
+ return 0;
+ }
(*line)++;
continue;
} else if(comments && c=='*' && numdone>0 && /* /_* bla *_/ */
if(c == '\n')
(*line)++;
}
- if(c == EOF) return 0;
+ if(c == EOF) {
+ log_err("trusted-keys, %d, got EOF", *line);
+ return 0;
+ }
continue;
}
/* not a comment, complete the keyword */
}
/* space for 1 char + 0 string terminator */
if(sldns_buffer_remaining(buf) < 2) {
- fatal_exit("trusted-keys, %d, string too long", *line);
+ log_err("trusted-keys, %d, string too long", *line);
+ return 0;
}
sldns_buffer_write_u8(buf, (uint8_t)c);
numdone++;
break;
}
}
- if(c == EOF) return 0;
+ if(c == EOF) {
+ log_err("trusted-keys, %d, got EOF", *line);
+ return 0;
+ }
return numdone;
}
if(is_bind_special(c))
}
return 1;
}
- log_err("trusted-keys, line %d, expected %c got EOF", *line, spec);
+ log_err("trusted-keys, line %d, expected %c, read failed", *line, spec);
return 0;
}
projects / thirdparty / unbound.git / commitdiff
