log_err("dnstap setup: malloc failure");
return 0;
}
+ if(!check_auth_name_for_ssl(dtio->tls_server_name))
+ return 0;
}
if(cfg->dnstap_tls_client_key_file &&
cfg->dnstap_tls_client_key_file[0]) {
#endif
}
+int check_auth_name_for_ssl(char* auth_name)
+{
+ if(!auth_name) return 1;
+#ifdef HAVE_SSL
+#if !defined(HAVE_SSL_SET1_HOST) && !defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+ log_err("the query has an auth_name %s, but libssl has no call to "
+ "perform TLS authentication. Remove that name from config "
+ "or upgrade the ssl crypto library.", auth_name);
+#endif
+#endif
+ return 1;
+}
+
/** set the authname on an SSL structure, SSL* ssl */
int set_auth_name_on_ssl(void* ssl, char* auth_name)
{
*/
void* outgoing_ssl_fd(void* sslctx, int fd);
+/**
+ * check if authname SSL functionality is available, false if not
+ * @param auth_name: the name for the remote server, used for error print.
+ * @return false if SSL functionality to check the SSL name is not available.
+ */
+int check_auth_name_for_ssl(char* auth_name);
+
/**
* set auth name on SSL for verification
* @param ssl: SSL* to set
projects / thirdparty / unbound.git / commitdiff
