From: Wouter Wijngaards Date: Mon, 10 Dec 2018 14:36:43 +0000 (+0000) Subject: - Fixup openssl 1.0.2 compile X-Git-Tag: release-1.9.0rc1~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1b72e814e791e9c78769161258ec0717ad889367;p=thirdparty%2Funbound.git - Fixup openssl 1.0.2 compile git-svn-id: file:///svn/unbound/trunk@5019 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index f20bdffc8..8fefb0130 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,7 @@ - Fix for FreeBSD port make with dnscrypt and dnstap enabled. - Fix #4206: support openssl 1.0.2 for TLS hostname verification, alongside the 1.1.0 and later support that is already there. + - Fixup openssl 1.0.2 compile 6 December 2018: Wouter - Fix dns64 allocation in wrong region for returned internal queries. diff --git a/services/outside_network.c b/services/outside_network.c index 18385825b..1badb5116 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -63,6 +63,9 @@ #ifdef HAVE_OPENSSL_SSL_H #include #endif +#ifdef HAVE_X509_VERIFY_PARAM_SET1_HOST +#include +#endif #ifdef HAVE_NETDB_H #include @@ -399,7 +402,7 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) comm_point_close(pend->c); return 0; } - SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL); + SSL_set_verify(pend->c->ssl, SSL_VERIFY_PEER, NULL); } #endif /* HAVE_SSL_SET1_HOST */ } @@ -2423,7 +2426,7 @@ outnet_comm_point_for_http(struct outside_network* outnet, /* openssl 1.0.2 has this function that can be used for * set1_host like verification */ if((SSL_CTX_get_verify_mode(outnet->sslctx)&SSL_VERIFY_PEER)) { - X509_VERIFY_PARAM* param = SSL_get0_param(pend->c->ssl); + X509_VERIFY_PARAM* param = SSL_get0_param(cp->ssl); X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); if(!X509_VERIFY_PARAM_set1_host(param, host, strlen(host))) { log_err("X509_VERIFY_PARAM_set1_host failed");