- Note in documentation that the cert name match code needs

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index c4c1e1864aac5240554750f14189f5aed3c48fcb..a1c853897a1c20f98e4ad99ebe9868fd1fc6416e 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+10 July 2018: Wouter
+       - Note in documentation that the cert name match code needs
+         OpenSSL 1.1.0 or later to be enabled.
+
  6 July 2018: Wouter
         - Fix documentation ambiguity for tls-win-cert in tls-upstream and
           forward-tls-upstream docs.
diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in

index c3a4c14c15e7be56e2b625f366f6d53c3a316257..4698c38e97b3df029fc1972f7faa47d98881882e 100644 (file)
--- a/doc/unbound.conf.5.in
+++ b/doc/unbound.conf.5.in
@@ -1504,6 +1504,7 @@ the '@' and '#', the '@' comes first.
  At high verbosity it logs the TLS certificate, with TLS enabled.
  If you leave out the '#' and auth name from the forward\-addr, any
  name is accepted.  The cert must also match a CA from the tls\-cert\-bundle.
+The cert name match code needs OpenSSL 1.1.0 or later to be enabled.
  .TP
  .B forward\-first: \fI<yes or no>
  If enabled, a query is attempted without the forward clause if it fails.
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 10 Jul 2018 08:02:32 +0000 (08:02 +0000)
doc/Changelog		patch \| blob \| blame \| history
doc/unbound.conf.5.in		patch \| blob \| blame \| history