[prev in list] [next in list] [prev in thread] [next in thread] 

List:       unbound-users
Subject:    Re: TLS and local unbound-control
From:       Stuart Henderson via Unbound-users <unbound-users () unbound ! net>
Date:       2018-05-09 20:33:07
Message-ID: slrnpf6ms6.1nd6.stu () naiad ! spacehopper ! org
[Download RAW message or body]

On 2018-05-04, Simon Deziel via Unbound-users <unbound-users@unbound.net> wrote:
> On 2018-05-04 04:41 PM, Marc Branchaud wrote:
>> On 2018-05-04 04:21 PM, Simon Deziel via Unbound-users wrote:
>>> Hi Marc,
>>>
>>> On 2018-05-04 04:12 PM, Marc Branchaud via Unbound-users wrote:
>>>> So I'd like to request that: (a) unbound-control avoids using TLS when
>>>> communicating over a local socket

(sorry for the late reply), I'd quite like that too...

>>> You can use "control-use-cert: no" in the remote-control section.
>> 
>> (Sorry for the duplicate, Simon -- replying to the list this time.)
>> 
>> Thanks, I'd neglected to mention my remote config.   I do have that
>> already set to no:
>> 
>>         remote-control:
>>                control-enable: yes
>>                control-use-cert: no
>
> I just tested "control-use-cert: no" locally. `unbound-control status`
> says "options: control(ssl)" but strace'ing the process shows no access
> to the control cert/key. Toggling it to yes shows it in strace. So it
> seems to work here despite having misleading status output.

It doesn't use a cert, but it does use SSL.


[prev in list] [next in list] [prev in thread] [next in thread]