LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

stubby: add support for tls_port resolver config option (#8889) 

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
lilik-openwrt-22.03
Jonathan G. Underwood 5 years ago
parent
2391c91afe
commit
b0cc47b143
3 changed files with 14 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -0
      net/stubby/files/README.md
  2. +4
    -0
      net/stubby/files/stubby.conf
  3. +5
    -0
      net/stubby/files/stubby.init

+ 5
- 0
net/stubby/files/README.md View File

@ -385,6 +385,11 @@ IPv6 address.
This option specifies the upstream domain name used for TLS authentication with
the supplied server certificate
#### `option tls_port`
This option specifies the TLS port for the upstream resolver. If not specified,
this defaults to 853.
#### `list spki`
This list specifies the SPKI pinset which is verified against the keys in the


+ 4
- 0
net/stubby/files/stubby.conf View File

@ -24,19 +24,23 @@ config stubby 'global'
config resolver
option address '2606:4700:4700::1111'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver
option address '2606:4700:4700::1001'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver
option address '1.1.1.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver
option address '1.0.0.1'
option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='

+ 5
- 0
net/stubby/files/stubby.init View File

@ -122,6 +122,7 @@ generate_config()
local config=$1
local address
local tls_auth_name
local tls_port
local tls_pubkey_pinset_section=0
if [ "$upstream_recursive_servers_section" = 0 ]; then
@ -130,8 +131,12 @@ generate_config()
fi
config_get address "$config" address
config_get tls_auth_name "$config" tls_auth_name
config_get tls_auth_port "$config" tls_port ""
echo " - address_data: $address" >> "$config_file"
echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
if [ -n "$tls_port" ]; then
echo " tls_port: $tls_port" >> "$config_file"
fi
handle_resolver_spki()
{


Write Preview
Loading…
Cancel
Save