TLS and local unbound-control

Simon Deziel simon+unbound at sdeziel.info
Fri May 4 21:19:55 UTC 2018


On 2018-05-04 04:41 PM, Marc Branchaud wrote:
> On 2018-05-04 04:21 PM, Simon Deziel via Unbound-users wrote:
>> Hi Marc,
>>
>> On 2018-05-04 04:12 PM, Marc Branchaud via Unbound-users wrote:
>>> So I'd like to request that: (a) unbound-control avoids using TLS when
>>> communicating over a local socket
>> You can use "control-use-cert: no" in the remote-control section.
> 
> (Sorry for the duplicate, Simon -- replying to the list this time.)
> 
> Thanks, I'd neglected to mention my remote config.  I do have that
> already set to no:
> 
>     remote-control:
>         control-enable: yes
>         control-use-cert: no

I just tested "control-use-cert: no" locally. `unbound-control status`
says "options: control(ssl)" but strace'ing the process shows no access
to the control cert/key. Toggling it to yes shows it in strace. So it
seems to work here despite having misleading status output.

Simon



More information about the Unbound-users mailing list