From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 25 Mar 2019 08:47:14 +0000 (+0000)
Subject: - Fix that tls-session-ticket-keys: "" on its own in unbound.conf
X-Git-Tag: final-svn-state~35
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b75c37252cdcd973d3e1dddfa51f4df90ff6d850;p=thirdparty%2Funbound.git

- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
  disables the tls session ticker key calls into the OpenSSL API.


git-svn-id: file:///svn/unbound/trunk@5140 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/daemon/unbound.c b/daemon/unbound.c
index 4a508c138..6cc8225f5 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -443,7 +443,8 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
 			}
 		}
 #endif
-		if(cfg->tls_session_ticket_keys.first) {
+		if(cfg->tls_session_ticket_keys.first &&
+			cfg->tls_session_ticket_keys.first->str[0] != 0) {
 			if(!listen_sslctx_setup_ticket_keys(daemon->listen_sslctx, cfg->tls_session_ticket_keys.first)) {
 				fatal_exit("could not set session ticket SSL_CTX");
 			}
diff --git a/doc/Changelog b/doc/Changelog
index 7a07b999a..28ff7f89c 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+25 March 2019: Wouter
+	- Fix that tls-session-ticket-keys: "" on its own in unbound.conf
+	  disables the tls session ticker key calls into the OpenSSL API.
+
 21 March 2019: Wouter
 	- Fix #4240: Fix whitespace cleanup in example.conf.