unbound: Drop certificates for local control connection

These are a cause of worry because they are sometimes generated with an invalid timestamp and therefore render unbound being unusable. There is no strong reason to use self-signed certificates for extra security here. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-25 10:22:59 +02:00 · 2019-02-17 13:46:51 +00:00
parent 256070e92f
commit 9bc1760052
4 changed files with 4 additions and 10 deletions
--- a/src/initscripts/system/unbound
+++ b/src/initscripts/system/unbound
@@ -507,11 +507,6 @@ case "$1" in

 		eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)

-		# Create control keys at first run
-		if [ ! -r "/etc/unbound/unbound_control.key" ]; then
-			unbound-control-setup -d /etc/unbound &>/dev/null
-		fi
-
 		# Update configuration files
 		write_tuning_conf
 		write_forward_conf