Be less strict regarding "tls" statements in the configuration file by allowing both "key-file" and "cert-file" be omitted (!5546) · Merge requests · ISC Open Source Projects / BIND

Merged Artem Boldariev requested to merge artem/tls-do-not-strictly-require-key-and-cert into main Oct 29, 2021

In the 9.17.19 release "tls" statements verification code was added. The code was too strict and assumed that every such a statement should have both "cert-file" and "key-file" specified. This turned out to be a regression, as in some cases we plan to use the "tls" statement to specify TLS connection parameters.

This commit fixes this behaviour; now a "tls" statement should either have both "cert-file" and "key-file" specified, or both should be omitted.

The issue was mentioned mentioned in #2986 (closed):

Another issue that got me a bit confused is that on the tls section of the configuration file, the parameters cert-file and key-file now seem to required, which wasn't the case in the previous version.

Edited Oct 30, 2021 by Artem Boldariev