From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 10 Jul 2018 08:02:32 +0000 (+0000)
Subject: - Note in documentation that the cert name match code needs
X-Git-Tag: release-1.8.0rc1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23dc22b78dd0d30e7cbe782138a2fa36a54b0200;p=thirdparty%2Funbound.git

- Note in documentation that the cert name match code needs


git-svn-id: file:///svn/unbound/trunk@4777 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index c4c1e1864..a1c853897 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+10 July 2018: Wouter
+	- Note in documentation that the cert name match code needs
+	  OpenSSL 1.1.0 or later to be enabled.
+
 6 July 2018: Wouter
 	- Fix documentation ambiguity for tls-win-cert in tls-upstream and
 	  forward-tls-upstream docs.
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in
index c3a4c14c1..4698c38e9 100644
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1504,6 +1504,7 @@ the '@' and '#', the '@' comes first.
 At high verbosity it logs the TLS certificate, with TLS enabled.
 If you leave out the '#' and auth name from the forward\-addr, any
 name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
+The cert name match code needs OpenSSL 1.1.0 or later to be enabled.
 .TP
 .B forward\-first: \fI<yes or no>
 If enabled, a query is attempted without the forward clause if it fails.