On 2021-07-22 13:25 UTC, Lucas <lu...@sexy.is> wrote: > Updated patch. It now: > > - Allows using a custom CA > - Reconfigure DoT resolvers' config when just the CA changed (previous > version only impacted CA changes when there were also resolvers > changes) > > Have been running it without problems so far, and it seemed to work in > the early boot process too. If anyone has a better way to test that > other than "ntpd works", am all ears. > > I'd really like to see this merged. Comments? >
I'm not a fan and I'm not personally interested in the functionality. I'd suggest getting a certificate from a recognized CA or add your CA to /etc/ssl/cert.pem if it's trustworthy enough. Removing the unveil(2) call shows that you don't understand what that does. Hint: you opened up the whole filesystem to the resolver process. $ find sbin/unwind/libunbound -name \*.c -o -name \*.h | xargs cat | wc -l 114617 -- I'm not entirely sure you are real.
