Hi,
we have another feature suggestion for unbound server 
Currently, unbound-control interacts with unbound using SSL-protected IP port.
For this to function properly, certain SSL-related files should be generated
and then maintained. These include client and server certificates and private
keys.
However, when unbound-control and unbound both reside on the same machine,
then using SSL may be an overkill. Of course, not always But in our case,
when we have a product that contains unbound server and needs to interact
with it using unbound-control, we would really like to turn SSL off.
Actually, it's enough to use an SSL algorithm that does not require
authentication, in this case we don't need certificates and keys. A list of
such algorithms may be seen by typing 'openssl ciphers -v "aNULL"'.
Attached patch forces using any algorithm that doesn't require authentication
when a certain option is present in the config file. I have called
it 'control-use-cert', it may be "yes" or "no". With this option it's
possible to have such configuration:
remote-control:
control-enable: yes
control-use-cert: no
Note that connection is still encrypted, but not authenticated. And we don't
need to maintain any additional SSL-related files, that's good
Another approach is disabling SSL completely, but that requires many
additional if's in the source code, that's why I thought that modifying SSL
parameters is the way to go.
Please review attached patch and post your suggestions!
Thanks!
(attachments)
unbound-nocert.diff (11.5 KB)