Setting trustanchorfile will override trustanchros #14999
Comments
|
I'm not convinced the current behaviour is a bug, but at the very least the documentation is wrong: |
|
From admin point of view this is problematic behaviour, on the other hand you want to be able to use the system shipped trust anchor file, but the anchor file setting only accepts a file. So if you need to add some extra TAs, you either have to modify a system shipped file, you need to have automation that merges the system shipped file with your TAs, or you have to manually convert the system shipped TA into a trustanchor setting. |
|
I was worried this would be a regression introduced by the YAML setting code, but the present behavior (TA's read from file overriding all existing TA's, including root trust anchors) is already present since the introduction of this feature in 4.2.0. I do follow your reasoning that merging the TA's defined an external file and the settings would be better, but it would introduce a behavior change, so extra care is needed. Anyway, not something for 5.2.0, lets revisit for the next release cycle. |
This is not a support question, I have read about opensource and will send support questions to the IRC channel, GitHub Discussions or the mailing list.
I have read and understood the 'out in the open' support policy
Program: Recursor
Issue type: Bug report
Short description
When trustanchorfile is set in the yaml config file, all trustanchors are ignored.
Environment
Steps to reproduce
Expected behaviour
See all configured trust anchors
Actual behaviour
You only see what it is in trustanchorfile
The text was updated successfully, but these errors were encountered: