LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

stubby: add support for tls_port resolver config option (#8889) 

Signed-off-by: Jonathan G. Underwood <jonathan.underwood@gmail.com>
lilik-openwrt-22.03
Jonathan G. Underwood 5 years ago
parent
2391c91afe
commit
b0cc47b143
3 changed files with 14 additions and 0 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -0
      net/stubby/files/README.md
  2. +4
    -0
      net/stubby/files/stubby.conf
  3. +5
    -0
      net/stubby/files/stubby.init

+ 5
- 0
net/stubby/files/README.md View File

@ -385,6 +385,11 @@ IPv6 address.
This option specifies the upstream domain name used for TLS authentication with This option specifies the upstream domain name used for TLS authentication with
the supplied server certificate the supplied server certificate
#### `option tls_port`
This option specifies the TLS port for the upstream resolver. If not specified,
this defaults to 853.
#### `list spki` #### `list spki`
This list specifies the SPKI pinset which is verified against the keys in the This list specifies the SPKI pinset which is verified against the keys in the


+ 4
- 0
net/stubby/files/stubby.conf View File

@ -24,19 +24,23 @@ config stubby 'global'
config resolver config resolver
option address '2606:4700:4700::1111' option address '2606:4700:4700::1111'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '2606:4700:4700::1001' option address '2606:4700:4700::1001'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '1.1.1.1' option address '1.1.1.1'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='
config resolver config resolver
option address '1.0.0.1' option address '1.0.0.1'
option tls_auth_name 'cloudflare-dns.com' option tls_auth_name 'cloudflare-dns.com'
# option tls_port 853
# list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc=' # list spki 'sha256/yioEpqeR4WtDwE9YxNVnCEkTxIjx6EEIwFSQW+lJsbc='

+ 5
- 0
net/stubby/files/stubby.init View File

@ -122,6 +122,7 @@ generate_config()
local config=$1 local config=$1
local address local address
local tls_auth_name local tls_auth_name
local tls_port
local tls_pubkey_pinset_section=0 local tls_pubkey_pinset_section=0
if [ "$upstream_recursive_servers_section" = 0 ]; then if [ "$upstream_recursive_servers_section" = 0 ]; then
@ -130,8 +131,12 @@ generate_config()
fi fi
config_get address "$config" address config_get address "$config" address
config_get tls_auth_name "$config" tls_auth_name config_get tls_auth_name "$config" tls_auth_name
config_get tls_auth_port "$config" tls_port ""
echo " - address_data: $address" >> "$config_file" echo " - address_data: $address" >> "$config_file"
echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file" echo " tls_auth_name: \"$tls_auth_name\"" >> "$config_file"
if [ -n "$tls_port" ]; then
echo " tls_port: $tls_port" >> "$config_file"
fi
handle_resolver_spki() handle_resolver_spki()
{ {


Write Preview
Loading…
Cancel
Save