Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Sep 2018 17:37:35 +0000 (UTC)
From:      =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r338569 - in head/contrib/unbound: . daemon doc iterator services services/cache smallapp util
Message-ID:  <201809101737.w8AHbZb1014564@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: des
Date: Mon Sep 10 17:37:34 2018
New Revision: 338569
URL: https://svnweb.freebsd.org/changeset/base/338569

Log:
  Upgrade Unbound to 1.7.3.  More to follow.
  
  Approved by:	re (kib@)

Modified:
  head/contrib/unbound/Makefile.in
  head/contrib/unbound/config.h
  head/contrib/unbound/configure
  head/contrib/unbound/configure.ac
  head/contrib/unbound/daemon/cachedump.c
  head/contrib/unbound/daemon/cachedump.h
  head/contrib/unbound/daemon/remote.c
  head/contrib/unbound/daemon/remote.h
  head/contrib/unbound/doc/Changelog
  head/contrib/unbound/doc/README
  head/contrib/unbound/doc/example.conf
  head/contrib/unbound/doc/example.conf.in
  head/contrib/unbound/doc/libunbound.3
  head/contrib/unbound/doc/libunbound.3.in
  head/contrib/unbound/doc/unbound-anchor.8
  head/contrib/unbound/doc/unbound-anchor.8.in
  head/contrib/unbound/doc/unbound-checkconf.8
  head/contrib/unbound/doc/unbound-checkconf.8.in
  head/contrib/unbound/doc/unbound-control.8
  head/contrib/unbound/doc/unbound-control.8.in
  head/contrib/unbound/doc/unbound-host.1
  head/contrib/unbound/doc/unbound-host.1.in
  head/contrib/unbound/doc/unbound.8
  head/contrib/unbound/doc/unbound.8.in
  head/contrib/unbound/doc/unbound.conf.5
  head/contrib/unbound/doc/unbound.conf.5.in
  head/contrib/unbound/iterator/iterator.c
  head/contrib/unbound/services/authzone.c
  head/contrib/unbound/services/cache/infra.c
  head/contrib/unbound/services/listen_dnsport.c
  head/contrib/unbound/smallapp/unbound-checkconf.c
  head/contrib/unbound/smallapp/unbound-control.c
  head/contrib/unbound/util/config_file.c
  head/contrib/unbound/util/config_file.h
  head/contrib/unbound/util/configlexer.lex
  head/contrib/unbound/util/configparser.y
Directory Properties:
  head/contrib/unbound/   (props changed)

Modified: head/contrib/unbound/Makefile.in
==============================================================================
--- head/contrib/unbound/Makefile.in	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/Makefile.in	Mon Sep 10 17:37:34 2018	(r338569)
@@ -858,10 +858,11 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/util/fptr_wlist.
  $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h $(srcdir)/validator/val_nsec3.h \
  $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h $(srcdir)/validator/val_neg.h \
  $(srcdir)/validator/autotrust.h $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h \
- $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h $(PYTHONMOD_HEADER) \
- $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h $(srcdir)/edns-subnet/subnetmod.h \
- $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h $(srcdir)/edns-subnet/edns-subnet.h
+ $(srcdir)/util/alloc.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/util/config_file.h $(srcdir)/respip/respip.h \
+ $(PYTHONMOD_HEADER) $(srcdir)/cachedb/cachedb.h $(srcdir)/ipsecmod/ipsecmod.h \
+ $(srcdir)/edns-subnet/subnetmod.h $(srcdir)/util/net_help.h $(srcdir)/edns-subnet/addrtree.h \
+ $(srcdir)/edns-subnet/edns-subnet.h
 locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/checklocks.h
 log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h $(srcdir)/util/locks.h $(srcdir)/testcode/checklocks.h \
@@ -1257,8 +1258,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h
  $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
  $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/util/shm_side/shm_main.h
+ $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
 testbound.lo testbound.o: $(srcdir)/testcode/testbound.c config.h $(srcdir)/testcode/testpkts.h \
  $(srcdir)/testcode/replay.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
   $(srcdir)/dnscrypt/cert.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
@@ -1291,8 +1292,8 @@ worker.lo worker.o: $(srcdir)/daemon/worker.c config.h
  $(srcdir)/services/localzone.h $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h \
  $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h \
  $(srcdir)/validator/autotrust.h $(srcdir)/validator/val_anchor.h $(srcdir)/respip/respip.h \
- $(srcdir)/libunbound/context.h $(srcdir)/libunbound/libworker.h $(srcdir)/sldns/wire2str.h \
- $(srcdir)/util/shm_side/shm_main.h
+ $(srcdir)/libunbound/context.h $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/libworker.h \
+ $(srcdir)/sldns/wire2str.h $(srcdir)/util/shm_side/shm_main.h
 acl_list.lo acl_list.o: $(srcdir)/daemon/acl_list.c config.h $(srcdir)/daemon/acl_list.h \
  $(srcdir)/util/storage/dnstree.h $(srcdir)/util/rbtree.h $(srcdir)/services/view.h $(srcdir)/util/locks.h \
  $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h \
@@ -1375,22 +1376,22 @@ unbound-checkconf.lo unbound-checkconf.o: $(srcdir)/sm
  $(PYTHONMOD_HEADER) $(srcdir)/edns-subnet/subnet-whitelist.h
 worker_cb.lo worker_cb.o: $(srcdir)/smallapp/worker_cb.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/sldns/sbuffer.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
   $(srcdir)/dnscrypt/cert.h $(srcdir)/util/module.h \
  $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
  $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
 context.lo context.o: $(srcdir)/libunbound/context.c config.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
- $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/config_file.h \
- $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h $(srcdir)/util/storage/dnstree.h \
- $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
-  $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h \
- $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
+ $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/services/localzone.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/services/view.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h \
+ $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h  \
+ $(srcdir)/dnscrypt/cert.h $(srcdir)/services/authzone.h $(srcdir)/services/mesh.h $(srcdir)/sldns/sbuffer.h
 libunbound.lo libunbound.o: $(srcdir)/libunbound/libunbound.c $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/unbound-event.h config.h $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h \
  $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
@@ -1407,7 +1408,7 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libwork
  $(srcdir)/libunbound/libworker.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
  $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h $(srcdir)/libunbound/context.h \
  $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/libunbound/worker.h $(srcdir)/sldns/sbuffer.h \
  $(srcdir)/services/outside_network.h $(srcdir)/util/netevent.h $(srcdir)/dnscrypt/dnscrypt.h \
   $(srcdir)/dnscrypt/cert.h  \
  $(srcdir)/services/mesh.h $(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \
@@ -1419,11 +1420,14 @@ libworker.lo libworker.o: $(srcdir)/libunbound/libwork
  $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h \
  $(srcdir)/iterator/iter_hints.h $(srcdir)/sldns/str2wire.h
 unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h $(srcdir)/libunbound/unbound.h \
- $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h
+ $(srcdir)/sldns/rrdef.h $(srcdir)/sldns/wire2str.h \
+ 
 asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h $(srcdir)/libunbound/unbound.h \
  $(srcdir)/libunbound/context.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/testcode/checklocks.h \
- $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h $(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h
+ $(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h $(srcdir)/services/modstack.h \
+ $(srcdir)/libunbound/unbound-event.h $(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/rrdef.h \
+ 
 streamtcp.lo streamtcp.o: $(srcdir)/testcode/streamtcp.c config.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
  $(srcdir)/testcode/checklocks.h $(srcdir)/util/net_help.h $(srcdir)/util/data/msgencode.h \
  $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h \

Modified: head/contrib/unbound/config.h
==============================================================================
--- head/contrib/unbound/config.h	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/config.h	Mon Sep 10 17:37:34 2018	(r338569)
@@ -631,7 +631,7 @@
 #define PACKAGE_NAME "unbound"
 
 /* Define to the full name and version of this package. */
-#define PACKAGE_STRING "unbound 1.7.2"
+#define PACKAGE_STRING "unbound 1.7.3"
 
 /* Define to the one symbol short name of this package. */
 #define PACKAGE_TARNAME "unbound"
@@ -640,7 +640,7 @@
 #define PACKAGE_URL ""
 
 /* Define to the version of this package. */
-#define PACKAGE_VERSION "1.7.2"
+#define PACKAGE_VERSION "1.7.3"
 
 /* default pidfile location */
 #define PIDFILE "/var/unbound/unbound.pid"
@@ -659,7 +659,7 @@
 #define ROOT_CERT_FILE "/var/unbound/icannbundle.pem"
 
 /* version number for resource files */
-#define RSRC_PACKAGE_VERSION 1,7,2,0
+#define RSRC_PACKAGE_VERSION 1,7,3,0
 
 /* Directory to chdir to */
 #define RUN_DIR "/var/unbound"

Modified: head/contrib/unbound/configure
==============================================================================
--- head/contrib/unbound/configure	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/configure	Mon Sep 10 17:37:34 2018	(r338569)
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.7.2.
+# Generated by GNU Autoconf 2.69 for unbound 1.7.3.
 #
 # Report bugs to <unbound-bugs@nlnetlabs.nl>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='unbound'
 PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.7.2'
-PACKAGE_STRING='unbound 1.7.2'
+PACKAGE_VERSION='1.7.3'
+PACKAGE_STRING='unbound 1.7.3'
 PACKAGE_BUGREPORT='unbound-bugs@nlnetlabs.nl'
 PACKAGE_URL=''
 
@@ -1440,7 +1440,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures unbound 1.7.2 to adapt to many kinds of systems.
+\`configure' configures unbound 1.7.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1505,7 +1505,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of unbound 1.7.2:";;
+     short | recursive ) echo "Configuration of unbound 1.7.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1722,7 +1722,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-unbound configure 1.7.2
+unbound configure 1.7.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2431,7 +2431,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by unbound $as_me 1.7.2, which was
+It was created by unbound $as_me 1.7.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2783,11 +2783,11 @@ UNBOUND_VERSION_MAJOR=1
 
 UNBOUND_VERSION_MINOR=7
 
-UNBOUND_VERSION_MICRO=2
+UNBOUND_VERSION_MICRO=3
 
 
 LIBUNBOUND_CURRENT=7
-LIBUNBOUND_REVISION=10
+LIBUNBOUND_REVISION=11
 LIBUNBOUND_AGE=5
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -2849,6 +2849,7 @@ LIBUNBOUND_AGE=5
 # 1.7.0 had 7:8:5
 # 1.7.1 had 7:9:5
 # 1.7.2 had 7:10:5
+# 1.7.3 had 7:11:5
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -19762,7 +19763,7 @@ done
 
 
 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
-if echo $build_os | grep darwin8 > /dev/null; then
+if echo $target_os | grep darwin8 > /dev/null; then
 
 $as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h
 
@@ -21044,7 +21045,7 @@ _ACEOF
 
 
 
-version=1.7.2
+version=1.7.3
 
 date=`date +'%b %e, %Y'`
 
@@ -21563,7 +21564,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by unbound $as_me 1.7.2, which was
+This file was extended by unbound $as_me 1.7.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -21629,7 +21630,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-unbound config.status 1.7.2
+unbound config.status 1.7.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

Modified: head/contrib/unbound/configure.ac
==============================================================================
--- head/contrib/unbound/configure.ac	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/configure.ac	Mon Sep 10 17:37:34 2018	(r338569)
@@ -11,14 +11,14 @@ sinclude(dnscrypt/dnscrypt.m4)
 # must be numbers. ac_defun because of later processing
 m4_define([VERSION_MAJOR],[1])
 m4_define([VERSION_MINOR],[7])
-m4_define([VERSION_MICRO],[2])
+m4_define([VERSION_MICRO],[3])
 AC_INIT(unbound, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), unbound-bugs@nlnetlabs.nl, unbound)
 AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
 AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
 AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
 
 LIBUNBOUND_CURRENT=7
-LIBUNBOUND_REVISION=10
+LIBUNBOUND_REVISION=11
 LIBUNBOUND_AGE=5
 # 1.0.0 had 0:12:0
 # 1.0.1 had 0:13:0
@@ -80,6 +80,7 @@ LIBUNBOUND_AGE=5
 # 1.7.0 had 7:8:5
 # 1.7.1 had 7:9:5
 # 1.7.2 had 7:10:5
+# 1.7.3 had 7:11:5
 
 #   Current  -- the number of the binary API that we're implementing
 #   Revision -- which iteration of the implementation of the binary
@@ -1324,7 +1325,7 @@ AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid]
 AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
 
 # check if setreuid en setregid fail, on MacOSX10.4(darwin8).
-if echo $build_os | grep darwin8 > /dev/null; then
+if echo $target_os | grep darwin8 > /dev/null; then
 	AC_DEFINE(DARWIN_BROKEN_SETREUID, 1, [Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work])
 fi
 AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [

Modified: head/contrib/unbound/daemon/cachedump.c
==============================================================================
--- head/contrib/unbound/daemon/cachedump.c	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/daemon/cachedump.c	Mon Sep 10 17:37:34 2018	(r338569)
@@ -62,7 +62,7 @@
 
 /** dump one rrset zonefile line */
 static int
-dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
+dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
 {
 	char s[65535];
 	if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
@@ -73,7 +73,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* 
 
 /** dump rrset key and data info */
 static int
-dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, 
+dump_rrset(RES* ssl, struct ub_packed_rrset_key* k, 
 	struct packed_rrset_data* d, time_t now)
 {
 	size_t i;
@@ -99,7 +99,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k, 
 
 /** dump lruhash rrset cache */
 static int
-dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
+dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
 {
 	struct lruhash_entry* e;
 	/* lruhash already locked by caller */
@@ -118,7 +118,7 @@ dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t
 
 /** dump rrset cache */
 static int
-dump_rrset_cache(SSL* ssl, struct worker* worker)
+dump_rrset_cache(RES* ssl, struct worker* worker)
 {
 	struct rrset_cache* r = worker->env.rrset_cache;
 	size_t slab;
@@ -137,7 +137,7 @@ dump_rrset_cache(SSL* ssl, struct worker* worker)
 
 /** dump message to rrset reference */
 static int
-dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
+dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
 {
 	char* nm, *tp, *cl;
 	nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
@@ -164,7 +164,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
 
 /** dump message entry */
 static int
-dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d, 
+dump_msg(RES* ssl, struct query_info* k, struct reply_info* d, 
 	time_t now)
 {
 	size_t i;
@@ -246,7 +246,7 @@ copy_msg(struct regional* region, struct lruhash_entry
 
 /** dump lruhash msg cache */
 static int
-dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
+dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
 {
 	struct lruhash_entry* e;
 	struct query_info* k;
@@ -274,7 +274,7 @@ dump_msg_lruhash(SSL* ssl, struct worker* worker, stru
 
 /** dump msg cache */
 static int
-dump_msg_cache(SSL* ssl, struct worker* worker)
+dump_msg_cache(RES* ssl, struct worker* worker)
 {
 	struct slabhash* sh = worker->env.msg_cache;
 	size_t slab;
@@ -291,7 +291,7 @@ dump_msg_cache(SSL* ssl, struct worker* worker)
 }
 
 int
-dump_cache(SSL* ssl, struct worker* worker)
+dump_cache(RES* ssl, struct worker* worker)
 {
 	if(!dump_rrset_cache(ssl, worker))
 		return 0;
@@ -302,7 +302,7 @@ dump_cache(SSL* ssl, struct worker* worker)
 
 /** read a line from ssl into buffer */
 static int
-ssl_read_buf(SSL* ssl, sldns_buffer* buf)
+ssl_read_buf(RES* ssl, sldns_buffer* buf)
 {
 	return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf), 
 		sldns_buffer_capacity(buf));
@@ -310,7 +310,7 @@ ssl_read_buf(SSL* ssl, sldns_buffer* buf)
 
 /** check fixed text on line */
 static int
-read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
+read_fixed(RES* ssl, sldns_buffer* buf, const char* str)
 {
 	if(!ssl_read_buf(ssl, buf)) return 0;
 	return (strcmp((char*)sldns_buffer_begin(buf), str) == 0);
@@ -318,7 +318,7 @@ read_fixed(SSL* ssl, sldns_buffer* buf, const char* st
 
 /** load an RR into rrset */
 static int
-load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
+load_rr(RES* ssl, sldns_buffer* buf, struct regional* region,
 	struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
 	unsigned int i, int is_rrsig, int* go_on, time_t now)
 {
@@ -435,7 +435,7 @@ move_into_cache(struct ub_packed_rrset_key* k, 
 
 /** load an rrset entry */
 static int
-load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
+load_rrset(RES* ssl, sldns_buffer* buf, struct worker* worker)
 {
 	char* s = (char*)sldns_buffer_begin(buf);
 	struct regional* region = worker->scratchpad;
@@ -519,7 +519,7 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker*
 
 /** load rrset cache */
 static int
-load_rrset_cache(SSL* ssl, struct worker* worker)
+load_rrset_cache(RES* ssl, struct worker* worker)
 {
 	sldns_buffer* buf = worker->env.scratch_buffer;
 	if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
@@ -575,7 +575,7 @@ load_qinfo(char* str, struct query_info* qinfo, struct
 
 /** load a msg rrset reference */
 static int
-load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker, 
+load_ref(RES* ssl, sldns_buffer* buf, struct worker* worker, 
 	struct regional *region, struct ub_packed_rrset_key** rrset, 
 	int* go_on)
 {
@@ -620,7 +620,7 @@ load_ref(SSL* ssl, sldns_buffer* buf, struct worker* w
 
 /** load a msg entry */
 static int
-load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
+load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
 {
 	struct regional* region = worker->scratchpad;
 	struct query_info qinf;
@@ -685,7 +685,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* w
 
 /** load msg cache */
 static int
-load_msg_cache(SSL* ssl, struct worker* worker)
+load_msg_cache(RES* ssl, struct worker* worker)
 {
 	sldns_buffer* buf = worker->env.scratch_buffer;
 	if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
@@ -698,7 +698,7 @@ load_msg_cache(SSL* ssl, struct worker* worker)
 }
 
 int
-load_cache(SSL* ssl, struct worker* worker)
+load_cache(RES* ssl, struct worker* worker)
 {
 	if(!load_rrset_cache(ssl, worker))
 		return 0;
@@ -709,7 +709,7 @@ load_cache(SSL* ssl, struct worker* worker)
 
 /** print details on a delegation point */
 static void
-print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
+print_dp_details(RES* ssl, struct worker* worker, struct delegpt* dp)
 {
 	char buf[257];
 	struct delegpt_addr* a;
@@ -785,7 +785,7 @@ print_dp_details(SSL* ssl, struct worker* worker, stru
 
 /** print main dp info */
 static void
-print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
+print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
 {
 	size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
 
@@ -813,7 +813,7 @@ print_dp_main(SSL* ssl, struct delegpt* dp, struct dns
 		return;
 }
 
-int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
+int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
 	size_t nmlen, int ATTR_UNUSED(nmlabs))
 {
 	/* deep links into the iterator module */

Modified: head/contrib/unbound/daemon/cachedump.h
==============================================================================
--- head/contrib/unbound/daemon/cachedump.h	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/daemon/cachedump.h	Mon Sep 10 17:37:34 2018	(r338569)
@@ -72,6 +72,7 @@
 #ifndef DAEMON_DUMPCACHE_H
 #define DAEMON_DUMPCACHE_H
 struct worker;
+#include "daemon/remote.h"
 
 /**
  * Dump cache(s) to text
@@ -80,7 +81,7 @@ struct worker;
  * 	ptrs to the caches.
  * @return false on ssl print error.
  */
-int dump_cache(SSL* ssl, struct worker* worker);
+int dump_cache(RES* ssl, struct worker* worker);
 
 /**
  * Load cache(s) from text 
@@ -89,7 +90,7 @@ int dump_cache(SSL* ssl, struct worker* worker);
  * 	ptrs to the caches.
  * @return false on ssl error.
  */
-int load_cache(SSL* ssl, struct worker* worker);
+int load_cache(RES* ssl, struct worker* worker);
 
 /**
  * Print the delegation used to lookup for this name.
@@ -101,7 +102,7 @@ int load_cache(SSL* ssl, struct worker* worker);
  * @param nmlabs: labels in name.
  * @return false on ssl error.
  */
-int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
+int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
 	size_t nmlen, int nmlabs);
 
 #endif /* DAEMON_DUMPCACHE_H */

Modified: head/contrib/unbound/daemon/remote.c
==============================================================================
--- head/contrib/unbound/daemon/remote.c	Mon Sep 10 16:56:44 2018	(r338568)
+++ head/contrib/unbound/daemon/remote.c	Mon Sep 10 17:37:34 2018	(r338569)
@@ -142,130 +142,20 @@ timeval_divide(struct timeval* avg, const struct timev
 #endif
 }
 
-/*
- * The following function was generated using the openssl utility, using
- * the command : "openssl dhparam -C 2048"
- * (some openssl versions reject DH that is 'too small', eg. 512).
- */
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
-#ifndef S_SPLINT_S
-static DH *get_dh2048(void)
+static int
+remote_setup_ctx(struct daemon_remote* rc, struct config_file* cfg)
 {
-	static unsigned char dh2048_p[]={
-		0xE7,0x36,0x28,0x3B,0xE4,0xC3,0x32,0x1C,0x01,0xC3,0x67,0xD6,
-		0xF5,0xF3,0xDA,0xDC,0x71,0xC0,0x42,0x8B,0xE6,0xEB,0x8D,0x80,
-		0x35,0x7F,0x09,0x45,0x30,0xE5,0xB2,0x92,0x81,0x3F,0x08,0xCD,
-		0x36,0x5E,0x19,0x83,0x62,0xCC,0xAE,0x9B,0x81,0x66,0x24,0xEE,
-		0x16,0x6F,0xA9,0x9E,0xF4,0x82,0x1B,0xDD,0x46,0xC7,0x33,0x5D,
-		0xF4,0xCA,0xE6,0x8F,0xFC,0xD4,0xD8,0x58,0x94,0x24,0x5D,0xFF,
-		0x0A,0xE8,0xEF,0x3D,0xCE,0xBB,0x50,0x94,0xE0,0x5F,0xE8,0x41,
-		0xC3,0x35,0x30,0x37,0xD5,0xCB,0x8F,0x3D,0x95,0x15,0x1A,0x77,
-		0x42,0xB2,0x06,0x86,0xF6,0x09,0x66,0x0E,0x9A,0x25,0x94,0x3E,
-		0xD2,0x04,0x25,0x25,0x1D,0x23,0xEB,0xDC,0x4D,0x0C,0x83,0x28,
-		0x2E,0x15,0x81,0x2D,0xC1,0xAF,0x8D,0x36,0x64,0xE3,0x9A,0x83,
-		0x78,0xC2,0x8D,0xC0,0x9D,0xD9,0x3A,0x1C,0xC5,0x2B,0x50,0x68,
-		0x07,0xA9,0x4B,0x8C,0x07,0x57,0xD6,0x15,0x03,0x4E,0x9E,0x01,
-		0xF2,0x6F,0x35,0xAC,0x26,0x9C,0x92,0x68,0x61,0x13,0xFB,0x01,
-		0xBA,0x22,0x36,0x01,0x55,0xB6,0x62,0xD9,0xB2,0x98,0xCE,0x5D,
-		0x4B,0xA5,0x41,0xD6,0xE5,0x70,0x78,0x12,0x1F,0x64,0xB6,0x6F,
-		0xB0,0x91,0x51,0x91,0x92,0xC0,0x94,0x3A,0xD1,0x28,0x4D,0x30,
-		0x84,0x3E,0xE4,0xE4,0x7F,0x47,0x89,0xB1,0xB6,0x8C,0x8E,0x0E,
-		0x26,0xDB,0xCD,0x17,0x07,0x2A,0x21,0x7A,0xCC,0x68,0xE8,0x57,
-		0x94,0x9E,0x59,0x61,0xEC,0x20,0x34,0x26,0x0D,0x66,0x44,0xEB,
-		0x6F,0x02,0x58,0xE2,0xED,0xF6,0xF3,0x1B,0xBF,0x9E,0x45,0x52,
-		0x5A,0x49,0xA1,0x5B,
-		};
-	static unsigned char dh2048_g[]={
-		0x02,
-		};
-	DH *dh = NULL;
-	BIGNUM *p = NULL, *g = NULL;
-
-	dh = DH_new();
-	p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
-	g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
-	if (!dh || !p || !g)
-		goto err;
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
-	dh->p = p;
-	dh->g = g;
-#else
-	if (!DH_set0_pqg(dh, p, NULL, g))
-		goto err;
-#endif
-	return dh;
-err:
-	if (p)
-		BN_free(p);
-	if (g)
-		BN_free(g);
-	if (dh)
-		DH_free(dh);
-	return NULL;
-}
-#endif /* SPLINT */
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
-
-struct daemon_remote*
-daemon_remote_create(struct config_file* cfg)
-{
 	char* s_cert;
 	char* s_key;
-	struct daemon_remote* rc = (struct daemon_remote*)calloc(1, 
-		sizeof(*rc));
-	if(!rc) {
-		log_err("out of memory in daemon_remote_create");
-		return NULL;
-	}
-	rc->max_active = 10;
-
-	if(!cfg->remote_control_enable) {
-		rc->ctx = NULL;
-		return rc;
-	}
 	rc->ctx = SSL_CTX_new(SSLv23_server_method());
 	if(!rc->ctx) {
 		log_crypto_err("could not SSL_CTX_new");
-		free(rc);
-		return NULL;
+		return 0;
 	}
 	if(!listen_sslctx_setup(rc->ctx)) {
-		daemon_remote_delete(rc);
-		return NULL;
+		return 0;
 	}
 
-	if (cfg->remote_control_use_cert == 0) {
-		/* No certificates are requested */
-#if defined(SSL_OP_NO_TLSv1_3)
-		/* in openssl 1.1.1, negotiation code for tls 1.3 does
-		 * not allow the unauthenticated aNULL and eNULL ciphers */
-		SSL_CTX_set_options(rc->ctx, SSL_OP_NO_TLSv1_3);
-#endif
-#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
-		SSL_CTX_set_security_level(rc->ctx, 0);
-#endif
-		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL:eNULL")) {
-			log_crypto_err("Failed to set aNULL cipher list");
-			daemon_remote_delete(rc);
-			return NULL;
-		}
-
-		/* in openssl 1.1, the securitylevel 0 allows eNULL, that
-		 * does not need the DH */
-#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
-		/* Since we have no certificates and hence no source of
-		 * DH params, let's generate and set them
-		 */
-		if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh2048())) {
-			log_crypto_err("Wanted to set DH param, but failed");
-			daemon_remote_delete(rc);
-			return NULL;
-		}
-#endif
-		return rc;
-	}
-	rc->use_cert = 1;
 	s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
 	s_key = fname_after_chroot(cfg->server_key_file, cfg, 1);
 	if(!s_cert || !s_key) {
@@ -294,14 +184,46 @@ daemon_remote_create(struct config_file* cfg)
 	setup_error:
 		free(s_cert);
 		free(s_key);
-		daemon_remote_delete(rc);
-		return NULL;
+		return 0;
 	}
 	SSL_CTX_set_client_CA_list(rc->ctx, SSL_load_client_CA_file(s_cert));
 	SSL_CTX_set_verify(rc->ctx, SSL_VERIFY_PEER, NULL);
 	free(s_cert);
 	free(s_key);
+	return 1;
+}
 
+struct daemon_remote*
+daemon_remote_create(struct config_file* cfg)
+{
+	struct daemon_remote* rc = (struct daemon_remote*)calloc(1, 
+		sizeof(*rc));
+	if(!rc) {
+		log_err("out of memory in daemon_remote_create");
+		return NULL;
+	}
+	rc->max_active = 10;
+
+	if(!cfg->remote_control_enable) {
+		rc->ctx = NULL;
+		return rc;
+	}
+	if(options_remote_is_address(cfg) && cfg->control_use_cert) {
+		if(!remote_setup_ctx(rc, cfg)) {
+			daemon_remote_delete(rc);
+			return NULL;
+		}
+		rc->use_cert = 1;
+	} else {
+		struct config_strlist* p;
+		rc->ctx = NULL;
+		rc->use_cert = 0;
+		if(!options_remote_is_address(cfg))
+		  for(p = cfg->control_ifs.first; p; p = p->next) {
+			if(p->str && p->str[0] != '/')
+				log_warn("control-interface %s is not using TLS, but plain transfer, because first control-interface in config file is a local socket (starts with a /).", p->str);
+		}
+	}
 	return rc;
 }
 
@@ -442,9 +364,9 @@ struct listen_port* daemon_remote_open_ports(struct co
 {
 	struct listen_port* l = NULL;
 	log_assert(cfg->remote_control_enable && cfg->control_port);
-	if(cfg->control_ifs) {
+	if(cfg->control_ifs.first) {
 		struct config_strlist* p;
-		for(p = cfg->control_ifs; p; p = p->next) {
+		for(p = cfg->control_ifs.first; p; p = p->next) {
 			if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
 				listening_ports_free(l);
 				return NULL;
@@ -551,6 +473,7 @@ int remote_accept_callback(struct comm_point* c, void*
 		log_err("out of memory");
 		goto close_exit;
 	}
+	n->fd = newfd;
 	/* start in reading state */
 	n->c = comm_point_create_raw(rc->worker->base, newfd, 0, 
 		&remote_control_callback, n);
@@ -565,23 +488,27 @@ int remote_accept_callback(struct comm_point* c, void*
 	comm_point_start_listening(n->c, -1, REMOTE_CONTROL_TCP_TIMEOUT);
 	memcpy(&n->c->repinfo.addr, &addr, addrlen);
 	n->c->repinfo.addrlen = addrlen;
-	n->shake_state = rc_hs_read;
-	n->ssl = SSL_new(rc->ctx);
-	if(!n->ssl) {
-		log_crypto_err("could not SSL_new");
-		comm_point_delete(n->c);
-		free(n);
-		goto close_exit;
+	if(rc->use_cert) {
+		n->shake_state = rc_hs_read;
+		n->ssl = SSL_new(rc->ctx);
+		if(!n->ssl) {
+			log_crypto_err("could not SSL_new");
+			comm_point_delete(n->c);
+			free(n);
+			goto close_exit;
+		}
+		SSL_set_accept_state(n->ssl);
+		(void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
+		if(!SSL_set_fd(n->ssl, newfd)) {
+			log_crypto_err("could not SSL_set_fd");
+			SSL_free(n->ssl);
+			comm_point_delete(n->c);
+			free(n);
+			goto close_exit;
+		}
+	} else {
+		n->ssl = NULL;
 	}
-	SSL_set_accept_state(n->ssl);
-        (void)SSL_set_mode(n->ssl, SSL_MODE_AUTO_RETRY);
-	if(!SSL_set_fd(n->ssl, newfd)) {
-		log_crypto_err("could not SSL_set_fd");
-		SSL_free(n->ssl);
-		comm_point_delete(n->c);
-		free(n);
-		goto close_exit;
-	}
 
 	n->rc = rc;
 	n->next = rc->busy_list;
@@ -622,27 +549,45 @@ clean_point(struct daemon_remote* rc, struct rc_state*
 }
 
 int
-ssl_print_text(SSL* ssl, const char* text)
+ssl_print_text(RES* res, const char* text)
 {
 	int r;
-	if(!ssl) 
+	if(!res) 
 		return 0;
-	ERR_clear_error();
-	if((r=SSL_write(ssl, text, (int)strlen(text))) <= 0) {
-		if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
-			verbose(VERB_QUERY, "warning, in SSL_write, peer "
-				"closed connection");
+	if(res->ssl) {
+		ERR_clear_error();
+		if((r=SSL_write(res->ssl, text, (int)strlen(text))) <= 0) {
+			if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) {
+				verbose(VERB_QUERY, "warning, in SSL_write, peer "
+					"closed connection");
+				return 0;
+			}
+			log_crypto_err("could not SSL_write");
 			return 0;
 		}
-		log_crypto_err("could not SSL_write");
-		return 0;
+	} else {
+		size_t at = 0;
+		while(at < strlen(text)) {
+			ssize_t r = send(res->fd, text+at, strlen(text)-at, 0);
+			if(r == -1) {
+				if(errno == EAGAIN || errno == EINTR)
+					continue;
+#ifndef USE_WINSOCK
+				log_err("could not send: %s", strerror(errno));
+#else
+				log_err("could not send: %s", wsa_strerror(WSAGetLastError()));
+#endif
+				return 0;
+			}
+			at += r;
+		}
 	}
 	return 1;
 }
 
 /** print text over the ssl connection */
 static int
-ssl_print_vmsg(SSL* ssl, const char* format, va_list args)
+ssl_print_vmsg(RES* ssl, const char* format, va_list args)
 {
 	char msg[1024];
 	vsnprintf(msg, sizeof(msg), format, args);
@@ -650,7 +595,7 @@ ssl_print_vmsg(SSL* ssl, const char* format, va_list a
 }
 
 /** printf style printing to the ssl connection */
-int ssl_printf(SSL* ssl, const char* format, ...)
+int ssl_printf(RES* ssl, const char* format, ...)
 {
 	va_list args;
 	int ret;
@@ -661,21 +606,42 @@ int ssl_printf(SSL* ssl, const char* format, ...)
 }
 
 int
-ssl_read_line(SSL* ssl, char* buf, size_t max)
+ssl_read_line(RES* res, char* buf, size_t max)
 {
 	int r;
 	size_t len = 0;
-	if(!ssl)
+	if(!res)
 		return 0;
 	while(len < max) {
-		ERR_clear_error();
-		if((r=SSL_read(ssl, buf+len, 1)) <= 0) {
-			if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
-				buf[len] = 0;
-				return 1;
+		if(res->ssl) {
+			ERR_clear_error();
+			if((r=SSL_read(res->ssl, buf+len, 1)) <= 0) {
+				if(SSL_get_error(res->ssl, r) == SSL_ERROR_ZERO_RETURN) {
+					buf[len] = 0;
+					return 1;
+				}
+				log_crypto_err("could not SSL_read");
+				return 0;
 			}
-			log_crypto_err("could not SSL_read");
-			return 0;
+		} else {
+			while(1) {
+				ssize_t rr = recv(res->fd, buf+len, 1, 0);
+				if(rr <= 0) {
+					if(rr == 0) {
+						buf[len] = 0;
+						return 1;
+					}
+					if(errno == EINTR || errno == EAGAIN)
+						continue;
+#ifndef USE_WINSOCK
+					log_err("could not recv: %s", strerror(errno));
+#else
+					log_err("could not recv: %s", wsa_strerror(WSAGetLastError()));
+#endif
+					return 0;
+				}
+				break;
+			}
 		}
 		if(buf[len] == '\n') {
 			/* return string without \n */
@@ -700,14 +666,14 @@ skipwhite(char* str)
 }
 
 /** send the OK to the control client */
-static void send_ok(SSL* ssl)
+static void send_ok(RES* ssl)
 {
 	(void)ssl_printf(ssl, "ok\n");
 }
 
 /** do the stop command */
 static void
-do_stop(SSL* ssl, struct daemon_remote* rc)
+do_stop(RES* ssl, struct daemon_remote* rc)
 {
 	rc->worker->need_to_exit = 1;
 	comm_base_exit(rc->worker->base);
@@ -716,7 +682,7 @@ do_stop(SSL* ssl, struct daemon_remote* rc)
 
 /** do the reload command */
 static void
-do_reload(SSL* ssl, struct daemon_remote* rc)
+do_reload(RES* ssl, struct daemon_remote* rc)
 {
 	rc->worker->need_to_exit = 0;
 	comm_base_exit(rc->worker->base);
@@ -725,7 +691,7 @@ do_reload(SSL* ssl, struct daemon_remote* rc)
 
 /** do the verbosity command */
 static void
-do_verbosity(SSL* ssl, char* str)
+do_verbosity(RES* ssl, char* str)
 {
 	int val = atoi(str);
 	if(val == 0 && strcmp(str, "0") != 0) {
@@ -738,7 +704,7 @@ do_verbosity(SSL* ssl, char* str)
 
 /** print stats from statinfo */
 static int
-print_stats(SSL* ssl, const char* nm, struct ub_stats_info* s)
+print_stats(RES* ssl, const char* nm, struct ub_stats_info* s)
 {
 	struct timeval sumwait, avg;
 	if(!ssl_printf(ssl, "%s.num.queries"SQ"%lu\n", nm, 
@@ -797,7 +763,7 @@ print_stats(SSL* ssl, const char* nm, struct ub_stats_
 
 /** print stats for one thread */
 static int
-print_thread_stats(SSL* ssl, int i, struct ub_stats_info* s)
+print_thread_stats(RES* ssl, int i, struct ub_stats_info* s)
 {
 	char nm[32];
 	snprintf(nm, sizeof(nm), "thread%d", i);
@@ -807,7 +773,7 @@ print_thread_stats(SSL* ssl, int i, struct ub_stats_in
 
 /** print long number */
 static int
-print_longnum(SSL* ssl, const char* desc, size_t x)
+print_longnum(RES* ssl, const char* desc, size_t x)
 {
 	if(x > 1024*1024*1024) {
 		/* more than a Gb */
@@ -822,7 +788,7 @@ print_longnum(SSL* ssl, const char* desc, size_t x)
 
 /** print mem stats */
 static int
-print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
+print_mem(RES* ssl, struct worker* worker, struct daemon* daemon)
 {
 	size_t msg, rrset, val, iter, respip;
 #ifdef CLIENT_SUBNET
@@ -885,7 +851,7 @@ print_mem(SSL* ssl, struct worker* worker, struct daem
 
 /** print uptime stats */
 static int
-print_uptime(SSL* ssl, struct worker* worker, int reset)
+print_uptime(RES* ssl, struct worker* worker, int reset)
 {
 	struct timeval now = *worker->env.now_tv;
 	struct timeval up, dt;
@@ -904,7 +870,7 @@ print_uptime(SSL* ssl, struct worker* worker, int rese
 
 /** print extended histogram */
 static int
-print_hist(SSL* ssl, struct ub_stats_info* s)
+print_hist(RES* ssl, struct ub_stats_info* s)
 {
 	struct timehist* hist;
 	size_t i;
@@ -932,7 +898,7 @@ print_hist(SSL* ssl, struct ub_stats_info* s)
 
 /** print extended stats */
 static int
-print_ext(SSL* ssl, struct ub_stats_info* s)
+print_ext(RES* ssl, struct ub_stats_info* s)
 {
 	int i;
 	char nm[16];
@@ -1089,7 +1055,7 @@ print_ext(SSL* ssl, struct ub_stats_info* s)
 
 /** do the stats command */
 static void
-do_stats(SSL* ssl, struct daemon_remote* rc, int reset)
+do_stats(RES* ssl, struct daemon_remote* rc, int reset)
 {
 	struct daemon* daemon = rc->worker->daemon;
 	struct ub_stats_info total;
@@ -1123,7 +1089,7 @@ do_stats(SSL* ssl, struct daemon_remote* rc, int reset
 
 /** parse commandline argument domain name */
 static int
-parse_arg_name(SSL* ssl, char* str, uint8_t** res, size_t* len, int* labs)
+parse_arg_name(RES* ssl, char* str, uint8_t** res, size_t* len, int* labs)
 {
 	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
 	size_t nmlen = sizeof(nm);
@@ -1149,7 +1115,7 @@ parse_arg_name(SSL* ssl, char* str, uint8_t** res, siz
 
 /** find second argument, modifies string */
 static int
-find_arg2(SSL* ssl, char* arg, char** arg2)
+find_arg2(RES* ssl, char* arg, char** arg2)
 {
 	char* as = strchr(arg, ' ');

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201809101737.w8AHbZb1014564>