tls-session-ticket-keys (for DoT) fails in Windows #158
Assignees
Comments
|
Thank you for reporting this issue and proposing the fix! |
jedisct1
added a commit
to jedisct1/unbound
that referenced
this issue
Mar 20, 2020
* nlnet/master: (149 commits) - Fix .travis.yml error, missing 'env' option. - Merge PR#194: Add libevent testing to Travis, by Jeffrey Walton. Add changelog entries for PR#134. - Log warning when using outgoing-port-permit and outgoing-port-avoid while explicit port randomisation is disabled. - Fix NLnetLabs#158: open tls-session-ticket-keys as binary, for Windows. By Daisuke HIGASHI. - Merge PR#191: Update iOS testing on Travis, by Jeffrey Walton. Add libevent testing to Travis Sync with upstream - Fix NLnetLabs#192: In the unbound-checkconf tool, the module config of dns64 subnetcache respip validator iterator is whitelisted, it was reported it seems to work. - Fix compile of test tools without protobuf. - Add check to make sure RPZ records are subdomain of configured zone origin. - Changelog entry for (Fix NLnetLabs#189, Merge PR NLnetLabs#190). Changelog for NLnetLabs#188 and configure script created. Removed unneeded whitespace. Fix NLnetLabs#188: unbound-control.c:882:6: error: 'execlp' is unavailable: not available on tvOS Fix NetBSD compile (GH NLnetLabs#189) - Changelog note for PR NLnetLabs#186: Fix unrecognized 'echo -n' option on OS X, by noloader. Fix unrecognized 'echo -n' option on OS X Also see NLnetLabs#183. This PR also updates a few typos in README-Travis.md, and expands the discussion of PKG_CONFIG_PATH for those who are not familiar with it. Fix changelog note, it is NLnetLabs#182, not NLnetLabs#184. Changelog note for NLnetLabs#184. - Fix PR NLnetLabs#184 from noloader: Add iOS testing to Travis. Add iOS testing to Travis ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
** Windows only issue **
Unbound fails to read
tls-session-ticket-keysfiles containing byte sequence 0x0d 0x0a (CRLF) or 0x1a (EOF) complaining that size of file is too short (<80 bytes), probably because Unbound fopen()s key files in text mode.service.conf:
Examples of "bad" key files:
unbound.log
Probably because Unbound fopen()s key files in text mode. (Sorry I can't create patch since I don't have development environment for Windows)
listen_sslctx_setup_ticket_keys()inutil/net_help.c:int listen_sslctx_setup_ticket_keys(void* sslctx, struct config_strlist* tls_session_ticket_keys) { ... for(p = tls_session_ticket_keys; p; p = p->next) { ... f = fopen(p->str, "r"); /* <=== it should be "rb". */ ... n = fread(data, 1, 80, f); ... if(n != 80) { log_err("tls-session-ticket-key %s is %d bytes, must be 80 bytes", p->str, (int)n); } }The text was updated successfully, but these errors were encountered: