From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 25 Mar 2021 18:17:24 +0000 (+0100)
Subject: dnsdist: Disable client-initiated renegotiation with LibreSSL
X-Git-Tag: rec-4.6.0-alpha0~3^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F10218%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Disable client-initiated renegotiation with LibreSSL
---

diff --git a/pdns/libssl.cc b/pdns/libssl.cc
index 0e0dd0a73e..a01eda0d6c 100644
--- a/pdns/libssl.cc
+++ b/pdns/libssl.cc
@@ -681,6 +681,8 @@ std::unique_ptr<SSL_CTX, void(*)(SSL_CTX*)> libssl_init_server_context(const TLS
   if (!config.d_enableRenegotiation) {
 #ifdef SSL_OP_NO_RENEGOTIATION
     sslOptions |= SSL_OP_NO_RENEGOTIATION;
+#elif defined(SSL_OP_NO_CLIENT_RENEGOTIATION)
+    sslOptions |= SSL_OP_NO_CLIENT_RENEGOTIATION;
 #endif
   }