updated packages. The other option is to build and install `libuv` from
source.
-Certain optional BIND features have additional library dependencies.
-These include `libxml2` and `libjson-c` for statistics, `libmaxminddb` for
-geolocation, `libfstrm` and `libprotobuf-c` for DNSTAP, and `libidn2` for
-internationalized domain name conversion.
+Certain optional BIND features have additional library dependencies:
+
+* `libfstrm` and `libprotobuf-c` for DNSTAP
+* `libidn2` for internationalized domain name conversion.
+* `libmaxminddb` for geolocation
+* `libnghttp2` for DNS over HTTPS
+* `libxml2` and `libjson-c` for statistics channel
ISC regularly tests BIND on many operating systems and architectures, but
lacks the resources to test all of them. Consequently, ISC is only able to
To see a full list of configuration options, run `configure --help`.
For the server to support DNSSEC, you need to build it with crypto support.
-To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the
+To use OpenSSL, you must have OpenSSL 1.0.2e or newer installed. If the
OpenSSL library is installed in a nonstandard location, specify the prefix
using `--with-openssl=<PREFIX>` on the configure command line. To use a
PKCS#11 hardware service module for cryptographic operations, specify the
path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
configure BIND with `--enable-native-pkcs11`.
+To support DNS over HTTPS, the server must be linked with `libnghttp2`.
+
To support the HTTP statistics channel, the server must be linked with at
least one of the following libraries: `libxml2`
[http://xmlsoft.org](http://xmlsoft.org) or `json-c`
FULLCHECK6("https", "https-get", "https-post",
"http-plain", "http-plain-get",
"http-plain-post");
+#if HAVE_LIBNGHTTP2
if (lookup->https_path != NULL) {
isc_mem_free(mctx, lookup->https_path);
lookup->https_path = NULL;
lookup->https_path = isc_mem_strdup(mctx,
value);
}
+#else
+ fprintf(stderr, ";; DoH support not enabled\n");
+#endif
break;
default:
goto invalid_option;
&query->sockaddr, tcp_connected,
query, local_timeout, 0,
query->tlsctx);
+#if HAVE_LIBNGHTTP2
} else if (query->lookup->https_mode) {
char uri[4096] = { 0 };
snprintf(uri, sizeof(uri), "https://%s:%u%s",
uri, !query->lookup->https_get,
tcp_connected, query, query->tlsctx,
local_timeout, 0);
+#endif
} else {
isc_nm_tcpdnsconnect(netmgr, &localaddr,
&query->sockaddr, tcp_connected,
$(JSON_C_CFLAGS)
endif HAVE_JSON_C
+if HAVE_LIBNGHTTP2
+AM_CPPFLAGS += \
+ $(LIBNGHTTP2_CFLAGS)
+endif HAVE_LIBNGHTTP2
+
if HAVE_LIBXML2
AM_CPPFLAGS += \
$(LIBXML2_CFLAGS)
$(JSON_C_LIBS)
endif HAVE_JSON_C
+if HAVE_LIBNGHTTP2
+named_LDADD += \
+ $(LIBNGHTTP2_LIBS)
+endif HAVE_LIBNGHTTP2
+
MAINTAINERCLEANFILES = \
named.conf.rst
nta-recheck 300;\n\
# pid-file \"" NAMED_LOCALSTATEDIR "/run/named/named.pid\"; \n\
port 53;\n\
- tls-port 853;\n\
- http-port 80;\n\
- https-port 443;\n\
+ tls-port 853;\n"
+#if HAVE_LIBNGHTTP2
+ "http-port 80;\n"
+ "https-port 443;\n"
+#endif
+ "\
prefetch 2 9;\n\
recursing-file \"named.recursing\";\n\
recursive-clients 1000;\n\
cfg_obj_t *config = NULL;
const cfg_obj_t *defaults = NULL, *obj = NULL;
#endif /* if defined(HAVE_GEOIP2) */
- nghttp2_info *nginfo = NULL;
printf("%s%s <id:%s>\n", PACKAGE_STRING, PACKAGE_DESCRIPTION,
PACKAGE_SRCID);
printf("compiled with libuv version: %d.%d.%d\n", UV_VERSION_MAJOR,
UV_VERSION_MINOR, UV_VERSION_PATCH);
printf("linked to libuv version: %s\n", uv_version_string());
+#if HAVE_LIBNGHTTP2
+ nghttp2_info *nginfo = NULL;
printf("compiled with libnghttp2 version: %s\n", NGHTTP2_VERSION);
nginfo = nghttp2_version(1);
printf("linked to libnghttp2 version: %s\n", nginfo->version_str);
+#endif
#ifdef HAVE_LIBXML2
printf("compiled with libxml2 version: %s\n", LIBXML_DOTTED_VERSION);
printf("linked to libxml2 version: %s\n", xmlParserVersion);
maps[i++] = named_g_defaults;
maps[i] = NULL;
+#if HAVE_LIBNGHTTP2
obj = NULL;
result = named_config_get(maps, "http-port", &obj);
INSIST(result == ISC_R_SUCCESS);
result = named_config_get(maps, "https-port", &obj);
INSIST(result == ISC_R_SUCCESS);
named_g_httpsport = (in_port_t)cfg_obj_asuint32(obj);
+#endif
/*
* If bind.keys exists, load it. If "dnssec-validation auto"
n=`expr $n + 1`
echo_i "checking that named-checkconf detects no error in $good ($n)"
ret=0
+ if ! $FEATURETEST --with-libnghttp2
+ then
+ case $good in
+ good-doh-*.conf) continue;
+ esac
+ fi
$CHECKCONF $good > checkconf.out$n 2>&1
if [ $? != 0 ]; then echo_i "failed"; ret=1; fi
status=`expr $status + $ret`
fprintf(stderr, "\t--with-dlz-filesystem\n");
fprintf(stderr, "\t--with-idn\n");
fprintf(stderr, "\t--with-lmdb\n");
+ fprintf(stderr, "\t--with-libnghttp2\n");
}
int
#endif /* ifdef HAVE_LMDB */
}
+ if (strcmp(argv[1], "--with-libnghttp2") == 0) {
+#ifdef HAVE_LIBNGHTTP2
+ return (0);
+#else /* ifdef HAVE_LMDB */
+ return (1);
+#endif /* ifdef HAVE_LMDB */
+ }
+
fprintf(stderr, "unknown arg: %s\n", argv[1]);
usage();
return (1);
isc_nm_send(handle, &message, send_cb, NULL);
}
+#if HAVE_LIBNGHTTP2
static void
sockaddr_to_url(isc_sockaddr_t *sa, const bool https, char *outbuf,
size_t outbuf_len, const char *append) {
saddr, sa_family == AF_INET ? "" : "]", sa_port,
append ? append : "");
}
+#endif
static void
run(void) {
connect_cb, NULL, timeout, 0, tls_ctx);
break;
}
+#if HAVE_LIBNGHTTP2
case HTTP_GET:
case HTTPS_GET:
case HTTPS_POST:
req_url, is_post, connect_cb, NULL, tls_ctx,
timeout, 0);
} break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
tls_ctx, &sock);
break;
}
+#if HAVE_LIBNGHTTP2
case HTTPS:
case HTTP: {
bool is_https = protocol == HTTPS;
read_cb, NULL, 0);
}
} break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
PKG_CHECK_MODULES([LIBUV], [libuv >= 1.0.0], [],
[AC_MSG_ERROR([libuv not found])])
-# libnghttp2
-AC_MSG_CHECKING([for libnghttp2])
-PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0], [],
- [AC_MSG_ERROR([libnghttp2 not found])])
-AX_SAVE_FLAGS([libnghttp2])
-
-CFLAGS="$CFLAGS $LIBNGHTTP2_CFLAGS"
-LIBS="$LIBS $LIBNGHTTP2_LIBS"
+# [pairwise: --enable-doh --with-libnghttp2=auto, --enable-doh --with-libnghttp2=yes, --disable-doh]
+AC_ARG_ENABLE([doh],
+ [AS_HELP_STRING([--disable-doh], [enable DNS over HTTPS, requires libnghttp2 (default=yes)])],
+ [], [enable_doh=yes])
+
+# [pairwise: skip]
+AC_ARG_WITH([libnghttp2],
+ [AS_HELP_STRING([--with-libnghttp2],
+ [build with libnghttp2 library [yes|no|auto] (default is auto)])],
+ [], [with_libnghttp2="auto"])
+
+AS_IF([test "$enable_doh" = "yes"],
+ [AS_CASE([$with_libnghttp2],
+ [no],[AC_MSG_ERROR([Use '--disable-doh' to disable DoH])],
+ [auto|yes],[PKG_CHECK_MODULES([LIBNGHTTP2], [libnghttp2 >= 1.6.0],
+ [AC_DEFINE([HAVE_LIBNGHTTP2], [1], [Build with DoH support])],
+ [AC_MSG_ERROR([DoH requested, but libnghttp2 not found])])],
+ [AC_MSG_ERROR([Specifying libnghttp2 installation path is not supported, adjust PKG_CONFIG_PATH instead])])])
+
+AM_CONDITIONAL([HAVE_LIBNGHTTP2], [test -n "$LIBNGHTTP2_LIBS"])
+
#
# flockfile is usually provided by pthreads
libbind9_la_LDFLAGS = \
$(AM_LDFLAGS) \
-release "$(PACKAGE_VERSION)"
+
+if HAVE_DNSTAP
+libbind9_la_CPPFLAGS += $(DNSTAP_CFLAGS)
+endif
$(libisc_la_HEADERS) \
$(pk11_HEADERS) \
$(pkcs11_HEADERS) \
- netmgr/http.c \
netmgr/netmgr-int.h \
netmgr/netmgr.c \
netmgr/tcp.c \
netmgr/tcpdns.c \
netmgr/tlsdns.c \
- netmgr/tlsstream.c \
netmgr/udp.c \
netmgr/uv-compat.c \
netmgr/uv-compat.h \
$(OPENSSL_LIBS) \
$(ZLIB_LIBS)
+if HAVE_LIBNGHTTP2
+libisc_la_SOURCES += \
+ netmgr/http.c \
+ netmgr/tlsstream.c
+
+libisc_la_CPPFLAGS += \
+ $(LIBNGHTTP2_CFLAGS)
+
+libisc_la_LIBADD += \
+ $(LIBNGHTTP2_LIBS)
+endif
+
if HAVE_JSON_C
libisc_la_CPPFLAGS += \
$(JSON_C_CFLAGS)
* full range of socket-related stats counter numbers.
*/
-isc_result_t
-isc_nm_listentls(isc_nm_t *mgr, isc_sockaddr_t *iface,
- isc_nm_accept_cb_t accept_cb, void *accept_cbarg,
- size_t extrahandlesize, int backlog, isc_quota_t *quota,
- isc_tlsctx_t *sslctx, isc_nmsocket_t **sockp);
-
-void
-isc_nm_tlsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
- isc_nm_cb_t cb, void *cbarg, isc_tlsctx_t *ctx,
- unsigned int timeout, size_t extrahandlesize);
-
void
isc_nm_tcpdnsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
isc_nm_cb_t cb, void *cbarg, unsigned int timeout,
* 'cb'.
*/
+#if HAVE_LIBNGHTTP2
+isc_result_t
+isc_nm_listentls(isc_nm_t *mgr, isc_sockaddr_t *iface,
+ isc_nm_accept_cb_t accept_cb, void *accept_cbarg,
+ size_t extrahandlesize, int backlog, isc_quota_t *quota,
+ isc_tlsctx_t *sslctx, isc_nmsocket_t **sockp);
+
+void
+isc_nm_tlsconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
+ isc_nm_cb_t cb, void *cbarg, isc_tlsctx_t *ctx,
+ unsigned int timeout, size_t extrahandlesize);
+
void
isc_nm_httpconnect(isc_nm_t *mgr, isc_sockaddr_t *local, isc_sockaddr_t *peer,
const char *uri, bool POST, isc_nm_cb_t cb, void *cbarg,
isc_result_t
isc_nm_http_endpoint(isc_nmsocket_t *sock, const char *uri, isc_nm_recv_cb_t cb,
void *cbarg, size_t extrahandlesize);
+#endif
bool
isc_nm_is_http_handle(isc_nmhandle_t *handle);
isc__nm_tlsdns_send(isc_nmhandle_t *handle, isc_region_t *region,
isc_nm_cb_t cb, void *cbarg);
-void
-isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region,
- isc_nm_cb_t cb, void *cbarg);
-
-void
-isc__nm_tls_cancelread(isc_nmhandle_t *handle);
-
-/*%<
- * Back-end implementation of isc_nm_send() for TLSDNS handles.
- */
-
void
isc__nm_tlsdns_shutdown(isc_nmsocket_t *sock);
* Stop reading on a connected TLSDNS handle.
*/
+#if HAVE_LIBNGHTTP2
+void
+isc__nm_tls_send(isc_nmhandle_t *handle, const isc_region_t *region,
+ isc_nm_cb_t cb, void *cbarg);
+
+void
+isc__nm_tls_cancelread(isc_nmhandle_t *handle);
+
+/*%<
+ * Back-end implementation of isc_nm_send() for TLSDNS handles.
+ */
+
void
isc__nm_tls_read(isc_nmhandle_t *handle, isc_nm_recv_cb_t cb, void *cbarg);
void
isc__nm_httpsession_detach(isc_nm_http_session_t **sessionp);
+#endif
+
#define isc__nm_uverr2result(x) \
isc___nm_uverr2result(x, true, __FILE__, __LINE__, __func__)
isc_result_t
NETIEVENT_CASE(tcpdnsread);
NETIEVENT_CASE(tcpdnsstop);
- NETIEVENT_CASE(tlsstartread);
- NETIEVENT_CASE(tlssend);
- NETIEVENT_CASE(tlsclose);
- NETIEVENT_CASE(tlsdobio);
- NETIEVENT_CASE(tlscancel);
-
NETIEVENT_CASE(tlsdnscycle);
NETIEVENT_CASE(tlsdnsaccept);
NETIEVENT_CASE(tlsdnslisten);
NETIEVENT_CASE(tlsdnsstop);
NETIEVENT_CASE(tlsdnsshutdown);
+#if HAVE_LIBNGHTTP2
+ NETIEVENT_CASE(tlsstartread);
+ NETIEVENT_CASE(tlssend);
+ NETIEVENT_CASE(tlsclose);
+ NETIEVENT_CASE(tlsdobio);
+ NETIEVENT_CASE(tlscancel);
+
NETIEVENT_CASE(httpstop);
NETIEVENT_CASE(httpsend);
NETIEVENT_CASE(httpclose);
+#endif
NETIEVENT_CASE(connectcb);
NETIEVENT_CASE(readcb);
isc_mem_free(sock->mgr->mctx, sock->ah_handles);
isc_mutex_destroy(&sock->lock);
isc_condition_destroy(&sock->scond);
+#if HAVE_LIBNGHTTP2
isc__nm_tls_cleanup_data(sock);
isc__nm_http_cleanup_data(sock);
+#endif
#ifdef NETMGR_TRACE
LOCK(&sock->mgr->lock);
ISC_LIST_UNLINK(sock->mgr->active_sockets, sock, active_link);
case isc_nm_tcpdnssocket:
isc__nm_tcpdns_close(sock);
return;
- case isc_nm_tlssocket:
- isc__nm_tls_close(sock);
- break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_close(sock);
return;
+#if HAVE_LIBNGHTTP2
+ case isc_nm_tlssocket:
+ isc__nm_tls_close(sock);
+ break;
case isc_nm_httpsocket:
isc__nm_http_close(sock);
return;
+#endif
default:
break;
}
atomic_init(&sock->active_child_connections, 0);
+#if HAVE_LIBNGHTTP2
isc__nm_http_initsocket(sock);
+#endif
sock->magic = NMSOCK_MAGIC;
}
break;
}
+#if HAVE_LIBNGHTTP2
if (sock->type == isc_nm_httpsocket && sock->h2.session) {
isc__nm_httpsession_attach(sock->h2.session,
&handle->httpsession);
}
+#endif
return (handle);
}
handle->doreset(handle->opaque);
}
+#if HAVE_LIBNGHTTP2
if (sock->type == isc_nm_httpsocket && handle->httpsession != NULL) {
isc__nm_httpsession_detach(&handle->httpsession);
}
+#endif
nmhandle_deactivate(sock, handle);
REQUIRE(VALID_NMSOCK(handle->sock));
switch (handle->sock->type) {
+#if HAVE_LIBNGHTTP2
case isc_nm_httpsocket:
isc__nm_http_cleartimeout(handle);
return;
case isc_nm_tlssocket:
isc__nm_tls_cleartimeout(handle);
return;
+#endif
default:
handle->sock->read_timeout = 0;
REQUIRE(VALID_NMSOCK(handle->sock));
switch (handle->sock->type) {
+#if HAVE_LIBNGHTTP2
case isc_nm_httpsocket:
isc__nm_http_settimeout(handle, timeout);
return;
case isc_nm_tlssocket:
isc__nm_tls_settimeout(handle, timeout);
return;
+#endif
default:
handle->sock->read_timeout = timeout;
isc__nmsocket_timer_restart(handle->sock);
case isc_nm_tcpdnssocket:
isc__nm_tcpdns_send(handle, region, cb, cbarg);
break;
- case isc_nm_tlssocket:
- isc__nm_tls_send(handle, region, cb, cbarg);
- break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_send(handle, region, cb, cbarg);
break;
+#if HAVE_LIBNGHTTP2
+ case isc_nm_tlssocket:
+ isc__nm_tls_send(handle, region, cb, cbarg);
+ break;
case isc_nm_httpsocket:
isc__nm_http_send(handle, region, cb, cbarg);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
case isc_nm_tcpdnssocket:
isc__nm_tcpdns_read(handle, cb, cbarg);
break;
- case isc_nm_tlssocket:
- isc__nm_tls_read(handle, cb, cbarg);
- break;
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_read(handle, cb, cbarg);
break;
+#if HAVE_LIBNGHTTP2
+ case isc_nm_tlssocket:
+ isc__nm_tls_read(handle, cb, cbarg);
+ break;
case isc_nm_httpsocket:
isc__nm_http_read(handle, cb, cbarg);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
case isc_nm_tlsdnssocket:
isc__nm_tlsdns_cancelread(handle);
break;
+#if HAVE_LIBNGHTTP2
case isc_nm_tlssocket:
isc__nm_tls_cancelread(handle);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
case isc_nm_tcpsocket:
isc__nm_tcp_pauseread(handle);
break;
+#if HAVE_LIBNGHTTP2
case isc_nm_tlssocket:
isc__nm_tls_pauseread(handle);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
case isc_nm_tcpsocket:
isc__nm_tcp_resumeread(handle);
break;
+#if HAVE_LIBNGHTTP2
case isc_nm_tlssocket:
isc__nm_tls_resumeread(handle);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
case isc_nm_tcplistener:
isc__nm_tcp_stoplistening(sock);
break;
- case isc_nm_tlslistener:
- isc__nm_tls_stoplistening(sock);
- break;
case isc_nm_tlsdnslistener:
isc__nm_tlsdns_stoplistening(sock);
break;
+#if HAVE_LIBNGHTTP2
+ case isc_nm_tlslistener:
+ isc__nm_tls_stoplistening(sock);
+ break;
case isc_nm_httplistener:
isc__nm_http_stoplistening(sock);
break;
+#endif
default:
INSIST(0);
ISC_UNREACHABLE();
buffer_test \
counter_test \
crc64_test \
- doh_test \
errno_test \
file_test \
hash_test \
time_test \
timer_test
+if HAVE_LIBNGHTTP2
+check_PROGRAMS += \
+ doh_test
+
doh_test_CPPFLAGS = \
$(AM_CPPFLAGS) \
$(LIBUV_CFLAGS) \
+ $(LIBNGHTTP2_CFLAGS) \
$(OPENSSL_CFLAGS)
doh_test_LDADD = \
$(LDADD) \
- $(LIBUV_LIBS) \
- $(OPENSSL_LIBS)
+ $(LIBNGHTTP2_LIBS) \
+ $(LIBUV_LIBS)
+endif HAVE_LIBNGHTTP2
hmac_test_CPPFLAGS = \
$(AM_CPPFLAGS) \
connect_connect_cb, NULL, T_CONNECT, 0);
}
+#if HAVE_LIBNGHTTP2
static void
tls_connect(isc_nm_t *nm);
+#endif
static stream_connect_function
get_stream_connect_function(void) {
+#if HAVE_LIBNGHTTP2
if (stream_use_TLS) {
return (tls_connect);
}
+#endif
return (tcp_connect);
}
size_t extrahandlesize, int backlog, isc_quota_t *quota,
isc_nmsocket_t **sockp) {
isc_result_t result = ISC_R_SUCCESS;
+
+#if HAVE_LIBNGHTTP2
if (stream_use_TLS) {
result = isc_nm_listentls(listen_nm, &tcp_listen_addr,
accept_cb, accept_cbarg,
extrahandlesize, backlog, quota,
tcp_listen_tlsctx, sockp);
- } else {
- result = isc_nm_listentcp(
- listen_nm, &tcp_listen_addr, accept_cb, accept_cbarg,
- extrahandlesize, backlog, quota, sockp);
+ return (result);
}
+#endif
+ result = isc_nm_listentcp(listen_nm, &tcp_listen_addr, accept_cb,
+ accept_cbarg, extrahandlesize, backlog, quota,
+ sockp);
return (result);
}
static void
stream_connect(isc_nm_cb_t cb, void *cbarg, unsigned int timeout,
size_t extrahandlesize) {
+#if HAVE_LIBNGHTTP2
if (stream_use_TLS) {
isc_nm_tlsconnect(connect_nm, &tcp_connect_addr,
&tcp_listen_addr, cb, cbarg,
tcp_connect_tlsctx, timeout, extrahandlesize);
- } else {
- isc_nm_tcpconnect(connect_nm, &tcp_connect_addr,
- &tcp_listen_addr, cb, cbarg, timeout,
- extrahandlesize);
+ return;
}
+#endif
+ isc_nm_tcpconnect(connect_nm, &tcp_connect_addr, &tcp_listen_addr, cb,
+ cbarg, timeout, extrahandlesize);
}
static void
/* TLS */
+#if HAVE_LIBNGHTTP2
static void
tls_connect(isc_nm_t *nm) {
isc_nm_tlsconnect(nm, &tcp_connect_addr, &tcp_listen_addr,
atomic_store(&check_listener_quota, true);
stream_half_recv_half_send(state);
}
+#endif
/* TLSDNS */
cmocka_unit_test_setup_teardown(tcpdns_half_recv_half_send,
nm_setup, nm_teardown),
+#if HAVE_LIBNGHTTP2
/* TLS */
cmocka_unit_test_setup_teardown(tls_noop, nm_setup,
nm_teardown),
cmocka_unit_test_setup_teardown(
tls_half_recv_half_send_quota_sendback, nm_setup,
nm_teardown),
+#endif
/* TLSDNS */
cmocka_unit_test_setup_teardown(tlsdns_recv_one, nm_setup,
#include <setjmp.h>
#include <stdarg.h>
#include <stddef.h>
+#include <stdio.h>
#include <stdlib.h>
#include <string.h>
assert_non_null(str);
assert_string_not_equal(str, "(result code text not "
"available)");
+ fprintf(stderr, "%u < %u\n", result, (unsigned)ISC_R_NRESULTS);
}
str = isc_result_toid(result);
*/
#include <inttypes.h>
+#if HAVE_LIBNGHTTP2
#include <nghttp2/nghttp2.h>
+#endif /* HAVE_LIBNGHTTP2 */
#include <openssl/bn.h>
#include <openssl/conf.h>
*tlsp = NULL;
}
+#if HAVE_LIBNGHTTP2
#ifndef OPENSSL_NO_NEXTPROTONEG
/*
* NPN TLS extension client callback.
}
#endif
}
+#endif /* HAVE_LIBNGHTTP2 */
static cfg_tuplefielddef_t listenon_tuple_fields[] = {
{ "port", &cfg_type_optional_port, 0 },
{ "dscp", &cfg_type_uint32, 0 },
+#if HAVE_LIBNGHTTP2
{ "tls", &cfg_type_astring, 0 },
{ "http", &cfg_type_astring, 0 },
+#else
+ { "tls", &cfg_type_astring, CFG_CLAUSEFLAG_NOTCONFIGURED },
+ { "http", &cfg_type_astring, CFG_CLAUSEFLAG_NOTCONFIGURED },
+#endif
{ NULL, NULL, 0 }
};
static cfg_type_t cfg_type_listen_tuple = {
{ "pid-file", &cfg_type_qstringornone, 0 },
{ "port", &cfg_type_uint32, 0 },
{ "tls-port", &cfg_type_uint32, 0 },
+#if HAVE_LIBNGHTTP2
{ "http-port", &cfg_type_uint32, 0 },
{ "https-port", &cfg_type_uint32, 0 },
+#else
+ { "http-port", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED },
+ { "https-port", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED },
+#endif
{ "querylog", &cfg_type_boolean, 0 },
{ "random-device", &cfg_type_qstringornone, 0 },
{ "recursing-file", &cfg_type_qstring, 0 },
static isc_result_t
ns_interface_listenhttp(ns_interface_t *ifp, isc_tlsctx_t *sslctx, char **eps,
size_t neps) {
+#if HAVE_LIBNGHTTP2
isc_result_t result;
isc_nmsocket_t *sock = NULL;
}
return (result);
+#else
+ UNUSED(ifp);
+ UNUSED(sslctx);
+ UNUSED(eps);
+ UNUSED(neps);
+ return (ISC_R_NOTIMPLEMENTED);
+#endif
}
static isc_result_t
break; /* Let the query logic handle it. */
case dns_rdatatype_ixfr:
case dns_rdatatype_axfr:
+#if HAVE_LIBNGHTTP2
if (isc_nm_is_http_handle(handle)) {
/* We cannot use DoH for zone transfers.
* According to RFC8484 a DoH request contains
* the best thing we can do is to return "not
* implemented". */
query_error(client, DNS_R_NOTIMP, __LINE__);
- } else {
- ns_xfr_start(client, rdataset->type);
+ return;
}
+#endif
+ ns_xfr_start(client, rdataset->type);
return;
case dns_rdatatype_maila:
case dns_rdatatype_mailb:
projects / thirdparty / bind9.git / commitdiff
