unbound: Drop certificates for local control connection

These are a cause of worry because they are sometimes generated with
an invalid timestamp and therefore render unbound being unusable.

There is no strong reason to use self-signed certificates for extra
security here.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

config/rootfiles/core/128/filelists/files

@@ -5,8 +5,10 @@ var/ipfire/langs
 etc/rc.d/helper/aws-setup
 etc/rc.d/init.d/aws
 etc/rc.d/init.d/firewall
+etc/rc.d/init.d/unbound
 etc/ssl/openssl.cnf
 etc/sysctl.conf
+etc/unbound/unbound.conf
 srv/web/ipfire/cgi-bin/proxy.cgi
 usr/local/bin/xt_geoip_update
 var/ipfire/ovpn/openssl/ovpn.cnf

config/rootfiles/core/128/update.sh

@@ -62,6 +62,7 @@ if grep -q "ENABLED=on" /var/ipfire/vpn/settings; then
 fi
 /etc/init.d/sshd restart
 /etc/init.d/apache restart
+/etc/init.d/unbound restart
 
 # This update needs a reboot...
 touch /var/run/need_reboot

config/unbound/unbound.conf

@@ -83,12 +83,8 @@ server:
 
 remote-control:
 	control-enable: yes
-	control-use-cert: yes
+	control-use-cert: no
 	control-interface: 127.0.0.1
-	server-key-file: "/etc/unbound/unbound_server.key"
-	server-cert-file: "/etc/unbound/unbound_server.pem"
-	control-key-file: "/etc/unbound/unbound_control.key"
-	control-cert-file: "/etc/unbound/unbound_control.pem"
 
 # Import any local configurations
 include: "/etc/unbound/local.d/*.conf"

src/initscripts/system/unbound

@@ -507,11 +507,6 @@ case "$1" in
 
 		eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 
-		# Create control keys at first run
-		if [ ! -r "/etc/unbound/unbound_control.key" ]; then
-			unbound-control-setup -d /etc/unbound &>/dev/null
-		fi
-
 		# Update configuration files
 		write_tuning_conf
 		write_forward_conf