Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: add support for password protected PCKS12 files for TLS configuration #11027

Merged
merged 3 commits into from
Dec 16, 2021

Conversation

chbruyand
Copy link
Member

@chbruyand chbruyand commented Nov 23, 2021

Short description

This adds support for password protected PCKS12 files. addDOHLocal and addTLSLocal now accept either a single cert parameter (without any key) and thus try to open it as a PCKS12 file or directly a TLSCertificate object initialized via newTLSCertificate.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

Copy link
Member

@rgacogne rgacogne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good! A regression test creating a password-protected PKCS12 file in runtests then loading it in test_DOH and/or test_TLS would be nice :)

pdns/dnsdist-lua.cc Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
@rgacogne
Copy link
Member

Test failures are unrelated:

  • rec regression (ubsan+asan):
FAIL: testNotify (test_Notify.NotifyRecursorTest)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "/home/runner/work/pdns/pdns/regression-tests.recursor-dnssec/test_Notify.py", line 117, in testNotify
      self.checkRecordCacheMetrics(4, 2)
    File "/home/runner/work/pdns/pdns/regression-tests.recursor-dnssec/test_Notify.py", line 64, in checkRecordCacheMetrics
      self.assertEqual(int(entry['value']), expectedHits)
  AssertionError: 3 != 4
  • test-recursor-bulk:
Upgrade your pricing plan to take advantage of longer build times

context deadline exceeded

@rgacogne rgacogne added this to the dnsdist-1.8.0 milestone Dec 3, 2021
@rgacogne
Copy link
Member

Eww, using the GH editor to fix a conflict in the documentation resulted in a big merge commit. @chbruyand Shall I rebase your branch on master instead?

@chbruyand chbruyand force-pushed the dnsdist-pcks12-certs branch from 7a2754c to afdad06 Compare December 16, 2021 09:09
@chbruyand
Copy link
Member Author

Rebased to fix conflict

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants