summaryrefslogtreecommitdiffstats
path: root/usr.sbin/nsd/nsd.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/nsd/nsd.c')
-rw-r--r--usr.sbin/nsd/nsd.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c
index c773fc99d34..9434bff7c9b 100644
--- a/usr.sbin/nsd/nsd.c
+++ b/usr.sbin/nsd/nsd.c
@@ -661,6 +661,9 @@ main(int argc, char *argv[])
nsd.outgoing_tcp_mss = nsd.options->outgoing_tcp_mss;
nsd.ipv4_edns_size = nsd.options->ipv4_edns_size;
nsd.ipv6_edns_size = nsd.options->ipv6_edns_size;
+#ifdef HAVE_SSL
+ nsd.tls_ctx = NULL;
+#endif
if(udp_port == 0)
{
@@ -942,11 +945,20 @@ main(int argc, char *argv[])
"not be started", argv0);
}
#if defined(HAVE_SSL)
+ if(nsd.options->control_enable || (nsd.options->tls_service_key && nsd.options->tls_service_key[0])) {
+ perform_openssl_init();
+ }
if(nsd.options->control_enable) {
/* read ssl keys while superuser and outside chroot */
if(!(nsd.rc = daemon_remote_create(nsd.options)))
error("could not perform remote control setup");
}
+ if(nsd.options->tls_service_key && nsd.options->tls_service_key[0]
+ && nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) {
+ if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL,
+ nsd.options->tls_service_ocsp)))
+ error("could not set up tls SSL_CTX");
+ }
#endif /* HAVE_SSL */
/* Unless we're debugging, fork... */
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.