- Fix for FreeBSD port make with dnscrypt and dnstap enabled.
- Fix #4206: support openssl 1.0.2 for TLS hostname verification,
alongside the 1.1.0 and later support that is already there.
+ - Fixup openssl 1.0.2 compile
6 December 2018: Wouter
- Fix dns64 allocation in wrong region for returned internal queries.
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
#endif
+#ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST
+#include <openssl/x509v3.h>
+#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
comm_point_close(pend->c);
return 0;
}
- SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);
+ SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL);
}
#endif /* HAVE_SSL_SET1_HOST */
}
/* openssl 1.0.2 has this function that can be used for
* set1_host like verification */
if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) {
- X509_VERIFY_PARAM* param = SSL_get0_param(pend->c->ssl);
+ X509_VERIFY_PARAM* param = SSL_get0_param(cp->ssl);
X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS);
if(!X509_VERIFY_PARAM_set1_host(param, host, strlen(host))) {
log_err("X509_VERIFY_PARAM_set1_host failed");
projects / thirdparty / unbound.git / commitdiff
