- Print error if SSL name verification configured but not available

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)
diff --git a/daemon/remote.c b/daemon/remote.c

index fa620a47ffacbccec5df6f6223e4f934365eb8c1..9f46df0810103f161680b7f211f823be8cec5a1a 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1950,6 +1950,11 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int allow_names)
                                 return NULL;
                         }
                 } else {
+#ifndef HAVE_SSL_SET1_HOST
+                       if(auth_name)
+                         log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", p->str);
+#endif
                         /* add address */
                         if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
                                 auth_name)) {
diff --git a/doc/Changelog b/doc/Changelog

index 67080ae533d40a41cd6b55abefde77244c23c5c9..367451e7b9d84100e2f63c40f92b52814e2f7991 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,5 +1,7 @@
  17 July 2018: Wouter
         - Fix #4127 unbound -h does not list -p help.
+       - Print error if SSL name verification configured but not available
+         in the ssl library.
  
  16 July 2018: Wouter
         - Fix qname minimisation NXDOMAIN validation lookup failures causing
diff --git a/iterator/iter_fwd.c b/iterator/iter_fwd.c

index a44f54386dc4b4b89eaf57fda0b0be4c6a0f8e2b..96860c002c6e7dcc6b29216ea51ee90b552c7d07 100644 (file)
--- a/iterator/iter_fwd.c
+++ b/iterator/iter_fwd.c
@@ -239,6 +239,11 @@ read_fwds_addr(struct config_stub* s, struct delegpt* dp)
                                 s->name, p->str);
                         return 0;
                 }
+#ifndef HAVE_SSL_SET1_HOST
+               if(tls_auth_name)
+                       log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", p->str);
+#endif
                 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
                         tls_auth_name)) {
                         log_err("out of memory");
diff --git a/iterator/iter_hints.c b/iterator/iter_hints.c

index e8d09338e9749fd54eb5c2fe9f1b73a7281459c0..5a0bc904bc2c26ace4248e4fb0439125e3965345 100644 (file)
--- a/iterator/iter_hints.c
+++ b/iterator/iter_hints.c
@@ -252,6 +252,11 @@ read_stubs_addr(struct config_stub* s, struct delegpt* dp)
                                 s->name, p->str);
                         return 0;
                 }
+#ifndef HAVE_SSL_SET1_HOST
+               if(auth_name)
+                       log_err("no name verification functionality in "
+                               "ssl library, ignored name for %s", p->str);
+#endif
                 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
                         auth_name)) {
                         log_err("out of memory");
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 17 Jul 2018 12:26:32 +0000 (12:26 +0000)
daemon/remote.c		patch \| blob \| blame \| history
doc/Changelog		patch \| blob \| blame \| history
iterator/iter_fwd.c		patch \| blob \| blame \| history
iterator/iter_hints.c		patch \| blob \| blame \| history