SNI for ldns-dane when available + Changelog org.

Changed Changelog entries from old to new.

diff --git a/Changelog b/Changelog
index 3f029590daa0ddcd120cbb9ac52d81667fce410f..3de96964d5ad6844623074e49ce4e09f7a7248b9 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,29 +1,30 @@
 1.6.17
-       * bugfix #497: Properly test for EOF when reading key files with drill.
-       * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
-       * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
-         for printing as unknown type
-       * New output format flag (and accompanying funtions) to print certain
-         RR's as unknown type
-       * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
-       * New RR type TKEY, but without operational practice.
-       * Fix b{32,64}_{ntop,pton} detection and handling.
-       * -T option for ldns-dane that has specific exit status for PKIX
-         validated connections without (secure) TLSA records.
-       * Bind to source address for resolvers. drill binds to source with -I.
-         Thanks Bryan Duff.
-       * README now shows preferred way to configure for examples and drill.
-       * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
-       * Make sure executables are linked against libcrypto with the 
-         LIBSSL_LDFLAGS. Thanks Leo Baltus.
-       * bugfix #490: Get rid of type-punned pointer warnings.
-         Thanks Adam Tkac.
-       * Add --disable-dane option to configure and check availability of the
-         for dane needed X509_check_ca function in openssl.
        * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a
          zone to be an NSEC3 (or its RRSIG) covering an empty non terminal.
+       * Add --disable-dane option to configure and check availability of the
+         for dane needed X509_check_ca function in openssl.
+       * bugfix #490: Get rid of type-punned pointer warnings.
+         Thanks Adam Tkac.
+       * Make sure executables are linked against libcrypto with the 
+         LIBSSL_LDFLAGS. Thanks Leo Baltus.
+       * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav.
+       * README now shows preferred way to configure for examples and drill.
+       * Bind to source address for resolvers. drill binds to source with -I.
+         Thanks Bryan Duff.
+       * -T option for ldns-dane that has specific exit status for PKIX
+         validated connections without (secure) TLSA records.
+       * Fix b{32,64}_{ntop,pton} detection and handling.
+       * New RR type TKEY, but without operational practice.
+       * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA.
+       * New output format flag (and accompanying funtions) to print certain
+         RR's as unknown type
+       * -u and -U parameter for ldns-read-zone to mark/unmark a RR type
+         for printing as unknown type
+       * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen.
+       * bugfix #497: Properly test for EOF when reading key files with drill.
        * New functions: ldns_pkt_ixfr_request_new and
          ldns_pkt_ixfr_request_new_frm_str.
+       * Use SNI with ldns-dane
        * bugfix #507: ldnsx Fix use of non-existent variables and not
          properly referring to instance variable.  Patch from shussain.
        * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type

diff --git a/examples/ldns-dane.c b/examples/ldns-dane.c
index 0aaf5979aa488522f0bbc98cfe4d8f2e8f828cc9..00ba602ba00d78aa9e51bea93c17caba5ca9db1c 100644 (file)
--- a/examples/ldns-dane.c
+++ b/examples/ldns-dane.c
@@ -268,7 +268,9 @@ ssl_connect_and_get_cert_chain(
                fprintf(stderr, "SSL_clear\n");
                return LDNS_STATUS_SSL_ERR;
        }
-       SSL_set_tlsext_host_name(ssl, name_str);
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+       (void) SSL_set_tlsext_host_name(ssl, name_str);
+#endif
        SSL_set_connect_state(ssl);
        (void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
        if (! SSL_set_fd(ssl, sock)) {