From 6b28c8ace2ec76b061563e166ba8626131928cd0 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Thu, 24 May 2018 12:30:13 +0000 Subject: [PATCH] - unbound-host initializes ssl (for potential DNS-over-TLS usage inside libunbound). git-svn-id: file:///svn/unbound/trunk@4690 be551aaa-1e26-0410-a405-d3ace91eadb9 --- Makefile.in | 2 +- doc/Changelog | 2 ++ smallapp/unbound-host.c | 28 ++++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/Makefile.in b/Makefile.in index 1b1503632..f104fdb9b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -327,7 +327,7 @@ unbound-control$(EXEEXT): $(CONTROL_OBJ_LINK) libunbound.la $(LINK) -o $@ $(CONTROL_OBJ_LINK) $(EXTRALINK) $(SSLLIB) $(LIBS) unbound-host$(EXEEXT): $(HOST_OBJ_LINK) libunbound.la - $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(LIBS) + $(LINK) -o $@ $(HOST_OBJ_LINK) -L. -L.libs -lunbound $(SSLLIB) $(LIBS) unbound-anchor$(EXEEXT): $(UBANCHOR_OBJ_LINK) libunbound.la $(LINK) -o $@ $(UBANCHOR_OBJ_LINK) -L. -L.libs -lunbound -lexpat $(SSLLIB) $(LIBS) diff --git a/doc/Changelog b/doc/Changelog index 30a077e05..e46e7aad6 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 24 May 2018: Wouter - Fix that libunbound can do DNS-over-TLS, when configured. - Fix that windows unbound service can use DNS-over-TLS. + - unbound-host initializes ssl (for potential DNS-over-TLS usage + inside libunbound). 23 May 2018: Wouter - Use accept4 to speed up incoming TCP (and TLS) connections, diff --git a/smallapp/unbound-host.c b/smallapp/unbound-host.c index 93b5e4870..cd1ffe335 100644 --- a/smallapp/unbound-host.c +++ b/smallapp/unbound-host.c @@ -66,6 +66,14 @@ /* nss3 */ #include "nss.h" #endif +#ifdef HAVE_SSL +#ifdef HAVE_OPENSSL_SSL_H +#include +#endif +#ifdef HAVE_OPENSSL_ERR_H +#include +#endif +#endif /* HAVE_SSL */ /** verbosity for unbound-host app */ static int verb = 0; @@ -487,6 +495,26 @@ int main(int argc, char* argv[]) if(argc != 1) usage(); +#ifdef HAVE_SSL +#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS + ERR_load_crypto_strings(); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + ERR_load_SSL_strings(); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_CRYPTO) + OpenSSL_add_all_algorithms(); +#else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); +#endif +#if OPENSSL_VERSION_NUMBER < 0x10100000 || !defined(HAVE_OPENSSL_INIT_SSL) + (void)SSL_library_init(); +#else + (void)OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); +#endif +#endif /* HAVE_SSL */ #ifdef HAVE_NSS if(NSS_NoDB_Init(".") != SECSuccess) { fprintf(stderr, "could not init NSS\n"); -- 2.47.3