Only enable certficates in http module if conf.tls is explicitly true (!759) · Merge requests · Knot projects / Knot Resolver

Jonathan Coetzee requested to merge jono/knot-resolver:http_tls_cert into master Jan 18, 2019

I noticed that even if I didn't have conf.tls set to true I still ended up with cert being generated/rerolled. Looking at the code if conf.tls is set to nil then certificates are set up, including rerolling ephemeral certs even though TLS on the web server itself remains disabled.

Admin message

Admin message

Only enable certficates in http module if conf.tls is explicitly true

Merge request reports