+17 March 2023: George
+ - Fix #812, fix #846, by using the SSL_OP_IGNORE_UNEXPECTED_EOF option
+ to ignore the unexpected eof while reading in openssl >= 3.
+
16 March 2023: Wouter
- Fix ssl.h include brackets, instead of quotes.
log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
}
#endif
+#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
+ /* ignore errors when peers do not send the mandatory close_notify
+ * alert on shutdown.
+ * Relevant for openssl >= 3 */
+ if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
+ SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
+ log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
+ return 0;
+ }
+#endif
if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) &
SSL_OP_CIPHER_SERVER_PREFERENCE) !=
SSL_CTX_free(ctx);
return 0;
}
+#endif
+#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
+ /* ignore errors when peers do not send the mandatory close_notify
+ * alert on shutdown.
+ * Relevant for openssl >= 3 */
+ if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
+ SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
+ log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
+ SSL_CTX_free(ctx);
+ return 0;
+ }
#endif
if(key && key[0]) {
if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) {
projects / thirdparty / unbound.git / commitdiff
