domain names in the SOA rdata are checked before the
authority code picks up the zone serial.
Thanks to Halil Oktay for the report.
+ - Fix that upstream TLS connections are not reused as TLS
+ connections for a different name, at the same IP. This
+ checks that the tls name is correct when reusing the
+ upstream connections. Thanks to TaoFei Guo from Peking
+ University and JianJun Chen from Tsinghua University for
+ the report.
20 April 2026: Wouter
- Fix compile warnings for thread setname routine, and test compile.
return 1;
if(!r1->is_ssl && r2->is_ssl)
return -1;
+
+ /* compare tls_auth_name if SSL-enabled */
+ if(r1->is_ssl) {
+ if(r1->tls_auth_name && !r2->tls_auth_name)
+ return 1;
+ if(!r1->tls_auth_name && r2->tls_auth_name)
+ return -1;
+ if(r1->tls_auth_name && r2->tls_auth_name) {
+ r = strcmp(r1->tls_auth_name, r2->tls_auth_name);
+ if(r != 0)
+ return r;
+ }
+ }
return 0;
}
/** find reuse tcp stream to destination for query, or NULL if none */
static struct reuse_tcp*
reuse_tcp_find(struct outside_network* outnet, struct sockaddr_storage* addr,
- socklen_t addrlen, int use_ssl)
+ socklen_t addrlen, int use_ssl, char* tls_auth_name)
{
struct waiting_tcp key_w;
struct pending_tcp key_p;
key_p.c = &c;
key_p.reuse.pending = &key_p;
key_p.reuse.node.key = &key_p.reuse;
- if(use_ssl)
+ if(use_ssl) {
key_p.reuse.is_ssl = 1;
+ key_p.reuse.tls_auth_name = tls_auth_name;
+ }
if(addrlen > (socklen_t)sizeof(key_p.reuse.addr))
return NULL;
memmove(&key_p.reuse.addr, addr, addrlen);
outnet_tcp_take_into_use(struct waiting_tcp* w)
{
struct pending_tcp* pend = w->outnet->tcp_free;
+ char* tls_auth_name = NULL;
int s;
log_assert(pend);
log_assert(w->pkt);
comm_point_tcp_win_bio_cb(pend->c, pend->c->ssl);
#endif
pend->c->ssl_shake_state = comm_ssl_shake_write;
- if(!set_auth_name_on_ssl(pend->c->ssl, w->tls_auth_name,
+ if(w->tls_auth_name) {
+ /* strdup the auth name, while not linked the list yet,
+ * in case of failure, easy cleanup. */
+ tls_auth_name = strdup(w->tls_auth_name);
+ if(!tls_auth_name) {
+ log_err("out of memory: alloc tls auth name");
+ pend->c->fd = s;
+#ifdef HAVE_SSL
+ SSL_free(pend->c->ssl);
+#endif
+ pend->c->ssl = NULL;
+ comm_point_close(pend->c);
+ return 0;
+ }
+ }
+ if(!set_auth_name_on_ssl(pend->c->ssl, tls_auth_name,
w->outnet->tls_use_sni)) {
pend->c->fd = s;
#ifdef HAVE_SSL
#endif
pend->c->ssl = NULL;
comm_point_close(pend->c);
+ free(tls_auth_name);
return 0;
}
}
if(pend->reuse.node.key)
reuse_tcp_remove_tree_list(w->outnet, &pend->reuse);
- if(pend->c->ssl)
+ if(pend->c->ssl) {
pend->reuse.is_ssl = 1;
- else pend->reuse.is_ssl = 0;
+ if(pend->reuse.tls_auth_name)
+ free(pend->reuse.tls_auth_name);
+ pend->reuse.tls_auth_name = tls_auth_name;
+ tls_auth_name = NULL;
+ } else {
+ pend->reuse.is_ssl = 0;
+ if(pend->reuse.tls_auth_name)
+ free(pend->reuse.tls_auth_name);
+ pend->reuse.tls_auth_name = NULL;
+ }
+ /* free tls auth name if nonNULL */
+ free(tls_auth_name);
/* insert in reuse by address tree if not already inserted there */
(void)reuse_tcp_insert(w->outnet, pend);
reuse_tree_by_id_insert(&pend->reuse, w);
(!outnet->tcp_reuse_first && !outnet->tcp_reuse_last) ||
(outnet->tcp_reuse_first && outnet->tcp_reuse_last));
reuse = reuse_tcp_find(outnet, &w->addr, w->addrlen,
- w->ssl_upstream);
+ w->ssl_upstream, w->tls_auth_name);
/* re-select an ID when moving to a new TCP buffer */
w->id = tcp_select_id(outnet, reuse);
LDNS_ID_SET(w->pkt, w->id);
/* needs unlink from the reuse tree to get deleted */
reuse_tcp_remove_tree_list(outnet, &pend->reuse);
}
+ if(pend->reuse.tls_auth_name) {
+ free(pend->reuse.tls_auth_name);
+ pend->reuse.tls_auth_name = NULL;
+ }
/* free SSL structure after remove from outnet tcp reuse tree,
* because the c->ssl null or not is used for sorting in the tree */
if(pend->c->ssl) {
* the tcp conn is working on */
decommission_pending_tcp(outnet, pend);
}
+ if(pend->reuse.tls_auth_name) {
+ free(pend->reuse.tls_auth_name);
+ pend->reuse.tls_auth_name = NULL;
+ }
comm_point_delete(outnet->tcp_conns[i]->c);
free(outnet->tcp_conns[i]);
outnet->tcp_conns[i] = NULL;
/* find out if a reused stream to the target exists */
/* if so, take it into use */
reuse = reuse_tcp_find(sq->outnet, &sq->addr, sq->addrlen,
- sq->ssl_upstream);
+ sq->ssl_upstream, sq->tls_auth_name);
if(reuse) {
log_reuse_tcp(VERB_CLIENT, "pending_tcp_query: found reuse", reuse);
log_assert(reuse->pending);
socklen_t addrlen;
/** also key for tcp_reuse tree, if ssl is used */
int is_ssl;
+ /** If is_ssl is enabled, tls_auth_name is part of the key for
+ * tcp_reuse tree. If the string is NULL, it without a tls_auth_name */
+ char* tls_auth_name;
/** lru chain, so that the oldest can be removed to get a new
* connection when all are in (re)use. oldest is last in list.
* The lru only contains empty connections waiting for reuse,
--- /dev/null
+server:
+ verbosity: 5
+ # num-threads: 1
+ interface: 127.0.0.1
+ port: @PORT@
+ use-syslog: no
+ directory: .
+ pidfile: "unbound.pid"
+ chroot: ""
+ username: ""
+ do-not-query-localhost: no
+
+ tls-cert-bundle: "unbound_server.pem"
+ tls-upstream: yes
+
+forward-zone:
+ name: "."
+ forward-addr: "127.0.0.1@@TOPORT@#unbound"
+
+forward-zone:
+ name: "example.org."
+ forward-addr: "127.0.0.1@@TOPORT@#badname"
--- /dev/null
+# this is the upstream server that has pipelining and responds to queries.
+server:
+ verbosity: 1
+ # num-threads: 1
+ interface: 127.0.0.1@@PORT@
+ port: @PORT@
+ use-syslog: no
+ directory: .
+ pidfile: "unbound2.pid"
+ chroot: ""
+ username: ""
+ do-not-query-localhost: no
+ tls-port: @PORT@
+ tls-service-key: "unbound_server.key"
+ tls-service-pem: "unbound_server.pem"
+ tcp-idle-timeout: 10000
+
+ log-queries: yes
+ log-replies: yes
+ log-identity: "upstream"
+
+ local-zone: "." refuse
+ local-zone: "example.com" static
+ local-data: "www.example.com A 10.20.30.40"
+ local-data: "www1.example.com A 10.20.30.41"
+ local-data: "www2.example.com A 10.20.30.42"
+ local-data: "www3.example.com A 10.20.30.43"
+ local-data: "www4.example.com A 10.20.30.44"
+ local-data: "www5.example.com A 10.20.30.45"
+ local-data: "www6.example.com A 10.20.30.46"
+ local-data: "www7.example.com A 10.20.30.47"
+
+ local-data: "www.example.org A 10.20.31.40"
+ local-data: "badname.example.org A 10.20.31.41"
+
+# if queries escape, send them to localhost
+forward-zone:
+ name: "."
+ forward-tls-upstream: yes
+ forward-addr: "127.0.0.1@@TOPORT@"
--- /dev/null
+BaseName: tls_reuse_auth
+Version: 1.0
+Description: Test tls stream reuse with tls auth name.
+CreationDate: Thu Apr 02 11:11:00 CEST 2026
+Maintainer: Wouter Wijngaards
+Category:
+Component:
+CmdDepends:
+Depends:
+Help:
+Pre: tls_reuse_auth.pre
+Post: tls_reuse_auth.post
+Test: tls_reuse_auth.test
+AuxFiles:
+Passed:
+Failure:
--- /dev/null
+# #-- tls_reuse_auth.post --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# source the test var file when it's there
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+#
+# do your teardown here
+. ../common.sh
+kill_from_pidfile "unbound2.pid"
+if test -f unbound2.log; then
+ echo ">>> upstream log"
+ cat unbound2.log
+fi
+#kill_pid $UNBOUND_PID
+kill_from_pidfile "unbound.pid"
+if test -f unbound.log; then
+ echo ">>> unbound log"
+ cat unbound.log
+fi
--- /dev/null
+# #-- tls_reuse_auth.pre--#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+get_random_port 2
+UNBOUND_PORT=$RND_PORT
+UPSTREAM_PORT=$(($RND_PORT + 1))
+echo "UNBOUND_PORT=$UNBOUND_PORT" >> .tpkg.var.test
+echo "UPSTREAM_PORT=$UPSTREAM_PORT" >> .tpkg.var.test
+
+# make config file
+sed -e 's/@PORT\@/'$UNBOUND_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse_auth.conf > ub.conf
+# start unbound in the background
+#$PRE/unbound -d -c ub.conf >unbound.log 2>&1 &
+$PRE/unbound -d -c ub.conf 2>&1 | tee unbound.log &
+UNBOUND_PID=$!
+echo "UNBOUND_PID=$UNBOUND_PID" >> .tpkg.var.test
+wait_unbound_up unbound.log
+
+# make upstream config file
+sed -e 's/@PORT\@/'$UPSTREAM_PORT'/' -e 's/@TOPORT\@/'$UPSTREAM_PORT'/' < tls_reuse_auth.conf2 > ub2.conf
+# start upstream unbound in the background
+#$PRE/unbound -d -c ub2.conf >unbound2.log 2>&1 &
+$PRE/unbound -d -c ub2.conf 2>&1 | tee unbound2.log &
+UPSTREAM_PID=$!
+echo "UPSTREAM_PID=$UPSTREAM_PID" >> .tpkg.var.test
+wait_unbound_up unbound2.log
+
+cat .tpkg.var.test
+
--- /dev/null
+# #-- tls_reuse_auth.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+PRE="../.."
+. ../common.sh
+
+get_make
+(cd $PRE; $MAKE streamtcp)
+
+echo "> query www1.example.com."
+$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www1.example.com. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+ echo "exit status not OK"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+fi
+if grep "www1.example.com" outfile | grep "10.20.30.41"; then
+ echo "content OK"
+else
+ echo "result contents not OK, for www1.example.com"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "result contents not OK, for www1.example.com"
+ exit 1
+fi
+echo "OK"
+echo ""
+
+# this should be reused on the same tcp stream:
+echo "> query www2.example.com."
+$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT www2.example.com. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+ echo "exit status not OK"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+fi
+if grep "www2.example.com" outfile | grep "10.20.30.42"; then
+ echo "content OK"
+else
+ echo "result contents not OK, for www2.example.com"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "result contents not OK, for www2.example.com"
+ exit 1
+fi
+
+# bad query with different auth name.
+echo "> query badname.example.org."
+$PRE/streamtcp -f 127.0.0.1@$UNBOUND_PORT badname.example.org. A IN >outfile 2>&1
+cat outfile
+if test "$?" -ne 0; then
+ echo "exit status not OK"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "Not OK"
+ exit 1
+fi
+if grep "badname.example.org" outfile | grep "10.20.31.41"; then
+ echo "result contents not OK, for badname.example.org"
+ echo "> cat logfiles"
+ cat outfile
+ cat unbound2.log
+ cat unbound.log
+ echo "result contents not OK, for badname.example.org"
+ exit 1
+else
+ echo "content OK"
+fi
+
+echo "OK"
+exit 0
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAstEp+Pyh8XGrtZ77A4FhYjvbeB3dMa7Q2rGWxobzlA9przhA
+1aChAvUtCOAuM+rB6NTNB8YWfZJbQHawyMNpmC77cg6vXLYCGUQHZyAqidN049RJ
+F5T7j4N8Vniv17LiRdr0S6swy4PRvEnIPPV43EQHZqC5jVvHsKkhIfmBF/Dj5TXR
+ypeawWV/m5jeU6/4HRYMfytBZdO1mPXuWLh0lgbQ4SCbgrOUVD3rniMk1yZIbQOm
+vlDHYqekjDb/vOW2KxUQLG04aZMJ1mWfdbwG0CKQkSjISEDZ1l76vhM6mTM0fwXb
+IvyFZ9yPPCle1mF5aSlxS2cmGuGVSRQaw8XF9fe3a9ACJJTr33HdSpyaZkKRAUzL
+cKqLCl323daKv3NwwAT03Tj4iQM416ASMoiyfFa/2GWTKQVjddu8Crar7tGaf5xr
+lig4DBmrBvdYA3njy72/RD71hLwmlRoCGU7dRuDr9O6KASUm1Ri91ONZ/qdjMvov
+15l2vj4GV+KXR00dAgMBAAECggGAHepIL1N0dEQkCdpy+/8lH54L9WhpnOo2HqAf
+LU9eaKK7d4jdr9+TkD8cLaPzltPrZNxVALvu/0sA4SP6J1wpyj/x6P7z73qzly5+
+Xo5PD4fEwmi9YaiW/UduAblnEZrnp/AddptJKoL/D5T4XtpiQddPtael4zQ7kB57
+YIexRSQTvEDovA/o3/nvA0TrzOxfgd4ycQP3iOWGN/TMzyLsvjydrUwbOB567iz9
+whL3Etdgvnwh5Sz2blbFfH+nAR8ctvFFz+osPvuIVR21VMEI6wm7kTpSNnQ6sh/c
+lrLb/bTADn4g7z/LpIZJ+MrLvyEcoqValrLYeFBhM9CV8woPxvkO2P3pU47HVGax
+tC7GV6a/kt5RoKFd/TNdiA3OC7NGZtaeXv9VkPf4fVwBtSO9d5ZZXTGEynDD/rUQ
+U4KFJe6OD23APjse08HiiKqTPhsOneOONU67iqoaTdIkT2R4EdlkVEDpXVtWb+G9
+Q+IqYzVljlzuyHrhWXLJw/FMa2aBAoHBAOnZbi4gGpH+P6886WDWVgIlTccuXoyc
+Mg9QQYk9UDeXxL0AizR5bZy49Sduegz9vkHpAiZARQsUnizHjZ8YlRcrmn4t6tx3
+ahTIKAjdprnxJfYINM580j8CGbXvX5LhIlm3O267D0Op+co3+7Ujy+cjsIuFQrP+
+1MqMgXSeBjzC1APivmps7HeFE+4w0k2PfN5wSMDNCzLo99PZuUG5XZ93OVOS5dpN
+b+WskdcD8NOoJy/X/5A08veEI/jYO/DyqQKBwQDDwUQCOWf41ecvJLtBHKmEnHDz
+ftzHino9DRKG8a9XaN4rmetnoWEaM2vHGX3pf3mwH+dAe8vJdAQueDhBKYeEpm6C
+TYNOpou1+Zs5s99BilCTNYo8fkMOAyqwRwmz9zgHS6QxXuPwsghKefLJGt6o6RFF
+tfWVTfLlYJ+I3GQe3ySsk3wjVz4oUTKiyiq5+KzD+HhEkS7u+RQ7Z0ZI2xd2cF8Y
+aN2hjKDpcOiFf3CDoqka5D1qMNLgIHO52AHww1UCgcA1h7o7AMpURRka6hyaODY0
+A4oMYEbwdQjYjIyT998W+rzkbu1us6UtzQEBZ760npkgyU/epbOoV63lnkCC/MOU
+LD0PST+L/CHiY/cWIHb79YG1EifUZKpUFg0Aoq0EGFkepF0MefGCkbRGYA5UZr9U
+R80wAu9D+L+JJiS0J0BSRF74DL196zUuHt5zFeXuLzxsRtPAnq9DliS08BACRYZy
+7H3I7cWD9Vn5/0jbKWHFcaaWwyETR6uekTcSzZzbCRECgcBeoE3/xUA9SSk34Mmj
+7/cB4522Ft0imA3+9RK/qJTZ7Bd5fC4PKjOGNtUiqW/0L2rjeIiQ40bfWvWqgPKw
+jSK1PL6uvkl6+4cNsFsYyZpiVDoe7wKju2UuoNlB3RUTqa2r2STFuNj2wRjA57I1
+BIgdnox65jqQsd14g/yaa+75/WP9CE45xzKEyrtvdcqxm0Pod3OrsYK+gikFjiar
+kT0GQ8u0QPzh2tjt/2ZnIfOBrl+QYERP0MofDZDjhUdq2wECgcB0Lu841+yP5cdR
+qbJhXO4zJNh7oWNcJlOuQp3ZMNFrA1oHpe9pmLukiROOy01k9WxIMQDzU5GSqRv3
+VLkYOIcbhJ3kClKAcM3j95SkKbU2H5/RENb3Ck52xtl4pNU1x/3PnVFZfDVuuHO9
+MZ9YBcIeK98MyP2jr5JtFKnOyPE7xKq0IHIhXadpbc2wjje5FtZ1cUtMyEECCXNa
+C1TpXebHGyXGpY9WdWXhjdE/1jPvfS+uO5WyuDpYPr339gsdq1g=
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDszCCAhsCFGD5193whHQ2bVdzbaQfdf1gc4SkMA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjMwWhcNNDAwMzI1MTMzMjMw
+WjAaMRgwFgYDVQQDDA91bmJvdW5kLWNvbnRyb2wwggGiMA0GCSqGSIb3DQEBAQUA
+A4IBjwAwggGKAoIBgQCy0Sn4/KHxcau1nvsDgWFiO9t4Hd0xrtDasZbGhvOUD2mv
+OEDVoKEC9S0I4C4z6sHo1M0HxhZ9kltAdrDIw2mYLvtyDq9ctgIZRAdnICqJ03Tj
+1EkXlPuPg3xWeK/XsuJF2vRLqzDLg9G8Scg89XjcRAdmoLmNW8ewqSEh+YEX8OPl
+NdHKl5rBZX+bmN5Tr/gdFgx/K0Fl07WY9e5YuHSWBtDhIJuCs5RUPeueIyTXJkht
+A6a+UMdip6SMNv+85bYrFRAsbThpkwnWZZ91vAbQIpCRKMhIQNnWXvq+EzqZMzR/
+Bdsi/IVn3I88KV7WYXlpKXFLZyYa4ZVJFBrDxcX197dr0AIklOvfcd1KnJpmQpEB
+TMtwqosKXfbd1oq/c3DABPTdOPiJAzjXoBIyiLJ8Vr/YZZMpBWN127wKtqvu0Zp/
+nGuWKDgMGasG91gDeePLvb9EPvWEvCaVGgIZTt1G4Ov07ooBJSbVGL3U41n+p2My
++i/XmXa+PgZX4pdHTR0CAwEAATANBgkqhkiG9w0BAQsFAAOCAYEAd++Wen6l8Ifj
+4h3p/y16PhSsWJWuJ4wdNYy3/GM84S26wGjzlEEwiW76HpH6VJzPOiBAeWnFKE83
+hFyetEIxgJeIPbcs9ZP/Uoh8GZH9tRISBSN9Hgk2Slr9llo4t1H0g/XTgA5HqMQU
+9YydlBh43G7Vw3FVwh09OM6poNOGQKNc/tq2/QdKeUMtyBbLWpRmjH5XcCT35fbn
+ZiVOUldqSHD4kKrFO4nJYXZyipRbcXybsLiX9GP0GLemc3IgIvOXyJ2RPp06o/SJ
+pzlMlkcAfLJaSuEW57xRakhuNK7m051TKKzJzIEX+NFYOVdafFHS8VwGrYsdrFvD
+72tMfu+Fu55y3awdWWGc6YlaGogZiuMnJkvQphwgn+5qE/7CGEckoKEsH601rqIZ
+muaIc85+nEcHJeijd/ZlBN9zeltjFoMuqTUENgmv8+tUAdVm/UMY9Vjme6b43ydP
+uv6DS02+k9z8toxXworLiPr94BGaiGV1NxgwZKLZigYJt/Fi2Qte
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI
+0x41iG32a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+Nqq
+GRS7XVQ24vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Z
+uh9MDgotaBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8K
+WaBe1ca4TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5
+FzUReSXZuTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xP
+q6O9UPj4+nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XL
+A5UoZgRzXgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP
+7kFZSngxdy1+A/bNAgMBAAECggGBALpTOIqQwVg4CFBylL/a8K1IWJTI/I65sklf
+XxYL7G7SB2HlEJ//z+E+F0+S4Vlao1vyLQ5QkgE82pAUB8FoMWvY1qF0Y8A5wtm6
+iZSGk4OLK488ZbT8Ii9i+AGKgPe2XbVxsJwj8N4k7Zooqec9hz73Up8ATEWJkRz7
+2u7oMGG4z91E0PULA64dOi3l/vOQe5w/Aa+CwVbAWtI05o7kMvQEBMDJn6C7CByo
+MB5op9wueJMnz7PM7hns+U7Dy6oE4ljuolJUy51bDzFWwoM54cRoQqLFNHd8JVQj
+WxldCkbfF43iyprlsEcUrTyUjtdA+ZeiG39vg/mtdmgNpGmdupHJZQvSuG8IcVlz
+O+eMSeQS1QXPD6Ik8UK4SU0h+zOl8xIWtRrsxQuh4fnTN40udm/YUWl/6gOebsBI
+IrVLlKGqJSfB3tMjpCRqdTzJ0dA9keVpkqm2ugZkxEf1+/efq/rFIQ2pUBLCqNTN
+qpNqruK8y8FphP30I2uI4Ej2UIB8AQKBwQDd2Yptj2FyDyaXCycsyde0wYkNyzGU
+dRnzdibfHnMZwjgTjwAwgIUBVIS8H0/z7ZJQKN7osJfddMrtjJtYYUk9g/dCpHXs
+bNh2QSoWah3FdzNGuWd0iRf9+LFxhjAAMo/FS8zFJAJKrFsBdCGTfFUMdsLC0bjr
+YjiWBuvV72uKf8XIZX5KIZruKdWBBcWukcb21R1UDyFYyXRBsly5XHaIYKZql3km
+7pV7MKWO0IYgHbHIqGUqPQlzZ/lkunS1jKECgcEA23wHffD6Ou9/x3okPx2AWpTr
+gh8rgqbyo6hQkBW5Y90Wz824cqaYebZDaBR/xlVx/YwjKkohv8Bde2lpH/ZxRZ1Z
+5Sk2s6GJ/vU0L9RsJZgCgj4L6Coal1NMxuZtCXAlnOpiCdxSZgfqbshbTVz30KsG
+ZJG361Cua1ScdAHxlZBxT52/1Sm0zRC2hnxL7h4qo7Idmtzs40LAJvYOKekR0pPN
+oWeJfra7vgx/jVNvMFWoOoSLpidVO4g+ot4ery6tAoHAdW3rCic1C2zdnmH28Iw+
+s50l8Lk3mz+I5wgJd1zkzCO0DxZIoWPGA3g7cmCYr6N3KRsZMs4W9NAXgjpFGDkW
+zYsG3K21BdpvkdjYcFjnPVjlOXB2RIc0vehf9Jl02wXoeCSxVUDEPcaRvWk9RJYx
+ZpGOchUU7vNkxHURbIJ4yCzuAi9G8/Jp0dsu+kaV5tufF5SjG5WOrzKjaQsCbdN1
+oqaWMCHRrTvov/Z2C+xwsptFOdN5CSyZzg6hQiI4GMlBAoHAXyb6KINcOEi0YMp3
+BFXJ23tMTnEs78tozcKeipigcsbaqORK3omS+NEnj+uzKUzJyl4CsMbKstK2tFYS
+mSTCHqgE3PBtIpsZtEqhgUraR8IK9GPpzZDTTl9ynZgwFTNlWw3RyuyVXF56J+T8
+kCGJ3hEHCHqT/ZRQyX85BKIDFhA0z4tYKxWVqIFiYBNq56R0X9tMMmMs36mEnF93
+7Ht6mowxTZQRa7nU0qOgeKh/P7ki4Zus3y+WJ+T9IqahLtlRAoHBAIhqMrcxSAB8
+RpB9jukJlAnidw2jCMPgrFE8tP0khhVvGrXMldxAUsMKntDIo8dGCnG1KTcWDI0O
+jepvSPHSsxVLFugL79h0eVIS5z4huW48i9xgU8VlHdgAcgEPIAOFcOw2BCu/s0Vp
+O+MM/EyUOdo3NsibB3qc/GJI6iNBYS7AljYEVo6rXo5V/MZvZUF4vClen6Obzsre
+MTTb+4sJjfqleWuvr1XNMeu2mBfXBQkWGZP1byBK0MvD/aQ2PWq92A==
+-----END RSA PRIVATE KEY-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDqzCCAhMCFBHWXeQ6ZIa9QcQbXLFfC6tj+KA+MA0GCSqGSIb3DQEBCwUAMBIx
+EDAOBgNVBAMMB3VuYm91bmQwHhcNMjAwNzA4MTMzMjI5WhcNNDAwMzI1MTMzMjI5
+WjASMRAwDgYDVQQDDAd1bmJvdW5kMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+igKCAYEAvjSVSN2QMXudpzukdLCqgg/IOhCX8KYkD0FFFfWcQjgKq5wI0x41iG32
+a6wbGanre4IX7VxaSPu9kkHfnGgynCk5nwDRedE/FLFhAU78PoT0+NqqGRS7XVQ2
+4vLmIz9Hqc2Ozx1um1BXBTmIT0UfN2e22I0LWQ6a3seZlEDRj45gnk7Zuh9MDgot
+aBdm+v1JAbupSf6Zis4VEH3JNdvVGE3O1DHEIeuuz/3BDhpf6WBDH+8KWaBe1ca4
+TZHr9ThL2gEMEfAQl0wXDwRWRoi3NjNMH+mw0L1rjwThI5GXqNIee7o5FzUReSXZ
+uTdFMyGe3Owcx+XoYnwi6cplSNoGsDBu4B9bKKglR9YleJVw4L4Xi8xPq6O9UPj4
++nypHk/DOoC7DIM3ufN0yxPBsFo5TVowxfhdjZXJbbftd2TZv7AH8+XLA5UoZgRz
+XgzECelXSCTBFlMTnT48LfA9pMLydyjAz2UdPHs5Iv+TK5nnI+aJoeaP7kFZSngx
+dy1+A/bNAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABunf93MKaCUHiZgnoOTinsW
+84/EgInrgtKzAyH+BhnKkJOhhR0kkIAx5d9BpDlaSiRTACFon9moWCgDIIsK/Ar7
+JE0Kln9cV//wiiNoFU0O4mnzyGUIMvlaEX6QHMJJQYvL05+w/3AAcf5XmMJtR5ca
+fJ8FqvGC34b2WxX9lTQoyT52sRt+1KnQikiMEnEyAdKktMG+MwKsFDdOwDXyZhZg
+XZhRrfX3/NVJolqB6EahjWIGXDeKuSSKZVtCyib6LskyeMzN5lcRfvubKDdlqFVF
+qlD7rHBsKhQUWK/IO64mGf7y/de+CgHtED5vDvr/p2uj/9sABATfbrOQR3W/Of25
+sLBj4OEfrJ7lX8hQgFaxkMI3x6VFT3W8dTCp7xnQgb6bgROWB5fNEZ9jk/gjSRmD
+yIU+r0UbKe5kBk/CmZVFXL2TyJ92V5NYEQh8V4DGy19qZ6u/XKYyNJL4ocs35GGe
+CA8SBuyrmdhx38h1RHErR2Skzadi1S7MwGf1y431fQ==
+-----END CERTIFICATE-----
projects / thirdparty / unbound.git / commitdiff
