- Fix that tls-session-ticket-keys: "" on its own in unbound.conf

  disables the tls session ticker key calls into the OpenSSL API.

git-svn-id: file:///svn/unbound/trunk@5140 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/daemon/unbound.c b/daemon/unbound.c
index 4a508c13878b9458ac6e887f34ed4dbea02f6e46..6cc8225f5d183727fb41773368c789d16fef3501 100644 (file)
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -443,7 +443,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                        }
                }
 #endif
-               if(cfg->tls_session_ticket_keys.first) {
+               if(cfg->tls_session_ticket_keys.first &&
+                       cfg->tls_session_ticket_keys.first->str[0] != 0) {
                        if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys.first)) {
                                fatal_exit("could not set session ticket SSL_CTX");
                        }

diff --git a/doc/Changelog b/doc/Changelog
index 7a07b999ae5958a941c86d605c84b36fcdd1fb31..28ff7f89ccc979eb4ae4d027a413c44cd8b6aced 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+25 March 2019: Wouter
+       - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
+         disables the tls session ticker key calls into the OpenSSL API.
+
 21 March 2019: Wouter
        - Fix #4240: Fix whitespace cleanup in example.conf.