diff options
Diffstat (limited to 'usr.sbin/nsd/nsd.c')
-rw-r--r-- | usr.sbin/nsd/nsd.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/usr.sbin/nsd/nsd.c b/usr.sbin/nsd/nsd.c index c773fc99d34..9434bff7c9b 100644 --- a/usr.sbin/nsd/nsd.c +++ b/usr.sbin/nsd/nsd.c @@ -661,6 +661,9 @@ main(int argc, char *argv[]) nsd.outgoing_tcp_mss = nsd.options->outgoing_tcp_mss; nsd.ipv4_edns_size = nsd.options->ipv4_edns_size; nsd.ipv6_edns_size = nsd.options->ipv6_edns_size; +#ifdef HAVE_SSL + nsd.tls_ctx = NULL; +#endif if(udp_port == 0) { @@ -942,11 +945,20 @@ main(int argc, char *argv[]) "not be started", argv0); } #if defined(HAVE_SSL) + if(nsd.options->control_enable || (nsd.options->tls_service_key && nsd.options->tls_service_key[0])) { + perform_openssl_init(); + } if(nsd.options->control_enable) { /* read ssl keys while superuser and outside chroot */ if(!(nsd.rc = daemon_remote_create(nsd.options))) error("could not perform remote control setup"); } + if(nsd.options->tls_service_key && nsd.options->tls_service_key[0] + && nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) { + if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL, + nsd.options->tls_service_ocsp))) + error("could not set up tls SSL_CTX"); + } #endif /* HAVE_SSL */ /* Unless we're debugging, fork... */ |