diff options
Diffstat (limited to 'smallapp')
| -rw-r--r-- | smallapp/unbound-control.c | 12 | ||||
| -rw-r--r-- | smallapp/worker_cb.c | 4 |
2 files changed, 13 insertions, 3 deletions
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c index 086afa8dddeb..2337e7a73728 100644 --- a/smallapp/unbound-control.c +++ b/smallapp/unbound-control.c @@ -142,6 +142,7 @@ usage(void) printf(" ratelimit_list [+a] list ratelimited domains\n"); printf(" ip_ratelimit_list [+a] list ratelimited ip addresses\n"); printf(" +a list all, also not ratelimited\n"); + printf(" list_auth_zones list auth zones\n"); printf(" view_list_local_zones view list local-zones in view\n"); printf(" view_list_local_data view list local-data RRs in view\n"); printf(" view_local_zone view name type add local-zone in view\n"); @@ -349,6 +350,8 @@ static void print_extended(struct ub_stats_info* s) PR_UL("num.answer.secure", s->svr.ans_secure); PR_UL("num.answer.bogus", s->svr.ans_bogus); PR_UL("num.rrset.bogus", s->svr.rrset_bogus); + PR_UL("num.query.aggressive.NOERROR", s->svr.num_neg_cache_noerror); + PR_UL("num.query.aggressive.NXDOMAIN", s->svr.num_neg_cache_nxdomain); /* threat detection */ PR_UL("unwanted.queries", s->svr.unwanted_queries); PR_UL("unwanted.replies", s->svr.unwanted_replies); @@ -366,6 +369,8 @@ static void print_extended(struct ub_stats_info* s) PR_UL("num.query.dnscrypt.replay", s->svr.num_query_dnscrypt_replay); #endif /* USE_DNSCRYPT */ + PR_UL("num.query.authzone.up", s->svr.num_query_authzone_up); + PR_UL("num.query.authzone.down", s->svr.num_query_authzone_down); } /** print statistics out of memory structures */ @@ -476,10 +481,15 @@ setup_ctx(struct config_file* cfg) free(c_cert); } else { /* Use ciphers that don't require authentication */ +#if defined(SSL_OP_NO_TLSv1_3) + /* in openssl 1.1.1, negotiation code for tls 1.3 does + * not allow the unauthenticated aNULL and eNULL ciphers */ + SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3); +#endif #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL SSL_CTX_set_security_level(ctx, 0); #endif - if(!SSL_CTX_set_cipher_list(ctx, "aNULL, eNULL")) + if(!SSL_CTX_set_cipher_list(ctx, "aNULL:eNULL")) ssl_err("Error setting NULL cipher!"); } return ctx; diff --git a/smallapp/worker_cb.c b/smallapp/worker_cb.c index e88e8c8d754b..dda94cc670cf 100644 --- a/smallapp/worker_cb.c +++ b/smallapp/worker_cb.c @@ -105,7 +105,7 @@ struct outbound_entry* worker_send_query( int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), - struct module_qstate* ATTR_UNUSED(q)) + char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; @@ -137,7 +137,7 @@ struct outbound_entry* libworker_send_query( int ATTR_UNUSED(nocaps), struct sockaddr_storage* ATTR_UNUSED(addr), socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone), size_t ATTR_UNUSED(zonelen), int ATTR_UNUSED(ssl_upstream), - struct module_qstate* ATTR_UNUSED(q)) + char* ATTR_UNUSED(tls_auth_name), struct module_qstate* ATTR_UNUSED(q)) { log_assert(0); return 0; |