Be less strict regarding "tls" statements in the configuration file by allowing both "key-file" and "cert-file" be omitted (!5546) · Merge requests · ISC Open Source Projects / BIND

Artem Boldariev requested to merge artem/tls-do-not-strictly-require-key-and-cert into main Oct 29, 2021

In the 9.17.19 release "tls" statements verification code was added. The code was too strict and assumed that every such a statement should have both "cert-file" and "key-file" specified. This turned out to be a regression, as in some cases we plan to use the "tls" statement to specify TLS connection parameters.

This commit fixes this behaviour; now a "tls" statement should either have both "cert-file" and "key-file" specified, or both should be omitted.

The issue was mentioned mentioned in #2986 (closed):

Another issue that got me a bit confused is that on the tls section of the configuration file, the parameters cert-file and key-file now seem to required, which wasn't the case in the previous version.

Edited Oct 30, 2021 by Artem Boldariev

Be less strict regarding "tls" statements in the configuration file by allowing both "key-file" and "cert-file" be omitted

Merge request reports