From: Philip Homburg Date: Thu, 23 Mar 2023 14:00:10 +0000 (+0100) Subject: Extra consistency check to make sure that when TLS is requested, either we X-Git-Tag: release-1.19.0rc1~38^2~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eb7eff4fc758d0977f15a7bd74e29504a958b346;p=thirdparty%2Funbound.git Extra consistency check to make sure that when TLS is requested, either we set up a TLS connection or we return an error. --- diff --git a/services/outside_network.c b/services/outside_network.c index a4529ade5..250440667 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -620,6 +620,15 @@ outnet_tcp_take_into_use(struct waiting_tcp* w) log_assert(w->addrlen > 0); pend->c->tcp_do_toggle_rw = 0; pend->c->tcp_do_close = 0; + + /* Consistency check, if we have ssl_upstream but no sslctx, then + * log an error and return failure. + */ + if (w->ssl_upstream && !w->outnet->sslctx) { + log_err("SSL upstream requested but no SSL context"); + return 0; + } + /* open socket */ s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp);