From dcf7afd722df22d53ae12d50b4c3055d1b835d12 Mon Sep 17 00:00:00 2001 From: "W.C.A. Wijngaards" Date: Tue, 8 Oct 2024 15:29:03 +0200 Subject: [PATCH] - Fix #1128: Cannot override tcp-upstream and tls-upstream with forward-tcp-upstream and forward-tls-upstream. --- doc/Changelog | 2 ++ doc/unbound.conf.5.in | 3 +++ 2 files changed, 5 insertions(+) diff --git a/doc/Changelog b/doc/Changelog index c28f8b41c..62f25224d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 8 October 2024: Wouter - Fix #1149: unbound-control-setup hangs sometimes depending on the openssl version. + - Fix #1128: Cannot override tcp-upstream and tls-upstream with + forward-tcp-upstream and forward-tls-upstream. 3 October 2024: Yorgos - Fix CVE-2024-8508, unbounded name compression could lead to denial diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index bc48db478..2a5f6792a 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -566,6 +566,9 @@ tls\-system\-cert to load CA certs, otherwise the connections cannot be authenticated. This option enables TLS for all of them, but if you do not set this you can configure TLS specifically for some forward zones with forward\-tls\-upstream. And also with stub\-tls\-upstream. +If the tls\-upstream option is enabled, it is for all the forwards and stubs, +where the forward\-tls\-upstream and stub\-tls\-upstream options are ignored, +as if they had been set to yes. .TP .B ssl\-upstream: \fI Alternate syntax for \fBtls\-upstream\fR. If both are present in the config -- 2.47.2