git.ipfire.org Git - thirdparty/bind9.git/commit

author	Artem Boldariev <artem@boldariev.com>
	Thu, 23 Dec 2021 14:08:41 +0000 (16:08 +0200)
committer	Artem Boldariev <artem@boldariev.com>
	Wed, 29 Dec 2021 08:25:15 +0000 (10:25 +0200)
commit	64f7c5566214a5fe9b6fac63f53e741b20cbbda0
tree	3d921dbfe2577b6fcd97dafabd72780f8559845e	tree \| snapshot
parent	5b7d4341fe19be0f1dce3e575383860ab64bde3b	commit \| diff

Use the TLS context cache for client-side contexts (XoT)

This commit enables client-side TLS contexts re-use for zone transfers
over TLS. That, in turn, makes it possible to use the internal session
cache associated with the contexts, allowing the TLS connections to be
established faster and requiring fewer resources by not going through
the full TLS handshake procedure.

Previously that would recreate the context on every connection, making
TLS session resumption impossible.

Also, this change lays down a foundation for Strict TLS (when the
client validates a server certificate), as the TLS context cache can
be extended to store additional data required for validation (like
intermediates CA chain).

bin/named/include/named/server.h		diff \| blob \| blame \| history
bin/named/server.c		diff \| blob \| blame \| history
bin/named/transportconf.c		diff \| blob \| blame \| history
lib/dns/include/dns/transport.h		diff \| blob \| blame \| history
lib/dns/include/dns/xfrin.h		diff \| blob \| blame \| history
lib/dns/include/dns/zone.h		diff \| blob \| blame \| history
lib/dns/transport.c		diff \| blob \| blame \| history
lib/dns/xfrin.c		diff \| blob \| blame \| history
lib/dns/zone.c		diff \| blob \| blame \| history