Re: systemd prerelease 243-rc1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mi, 31.07.19 13:52, Stefan Tatschner (stefan@xxxxxxxxxxxxxx) wrote:

> On Wed, 2019-07-31 at 13:47 +0200, Lennart Poettering wrote:
> > > What is this “strict” mode exactly?
> >
> > It just means resolved will insist on DNS-over-TLS to talk to the
> > configured DNS servers, instead of trying to use it and falling back
> > automatically if it's not available.
>
> Ahh. Thanks for the explanation. I was just wondering if certificate
> checks have been implemented. IIRC resolved does not check/validate the
> certificate (chain) of the DNS server.

Certificate checks have been implemented as well. And they are
controlled by the same setting. If strict mode is on, only verifiable
certificates are accepted.

See: 4310bfc20b84127e19bed68701caa3820c844682

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux