From: Wouter Wijngaards Date: Wed, 4 Jul 2012 12:33:32 +0000 (+0000) Subject: - compile libunbound with libnss on Suse, passes regression tests. X-Git-Tag: release-1.4.18rc1~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f37bd4f2ce406d52b1832ae0236de93c3c627f87;p=thirdparty%2Funbound.git - compile libunbound with libnss on Suse, passes regression tests. git-svn-id: file:///svn/unbound/trunk@2710 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/unbound.c b/daemon/unbound.c index 4e647c765..d64751ab5 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -454,6 +454,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, * given to unbound on the commandline. */ /* read ssl keys while superuser and outside chroot */ +#ifdef HAVE_SSL if(!(daemon->rc = daemon_remote_create(cfg))) fatal_exit("could not set up remote-control"); if(cfg->ssl_service_key && cfg->ssl_service_key[0]) { @@ -463,6 +464,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, } if(!(daemon->connect_sslctx = connect_sslctx_create(NULL, NULL, NULL))) fatal_exit("could not set up connect SSL_CTX"); +#endif #ifdef HAVE_KILL /* check old pid file before forking */ diff --git a/doc/Changelog b/doc/Changelog index 543a113d9..58e6e7608 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,6 @@ +4 July 2012: Wouter + - compile libunbound with libnss on Suse, passes regression tests. + 3 July 2012: Wouter - FIPS_mode openssl does not use arc4random but RAND_pseudo_bytes. diff --git a/util/net_help.c b/util/net_help.c index 964ecf2e6..d8c624fd6 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -579,6 +579,8 @@ log_crypto_err(const char* str) ERR_error_string_n(e, buf, sizeof(buf)); log_err("and additionally crypto %s", buf); } +#else + (void)str; #endif /* HAVE_SSL */ } @@ -626,6 +628,9 @@ void* listen_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } return ctx; +#else + (void)key; (void)pem; (void)verifypem; + return NULL; #endif } @@ -671,6 +676,9 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem) SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); } return ctx; +#else + (void)key; (void)pem; (void)verifypem; + return NULL; #endif } @@ -690,6 +698,9 @@ void* incoming_ssl_fd(void* sslctx, int fd) return NULL; } return ssl; +#else + (void)sslctx; (void)fd; + return NULL; #endif } @@ -709,5 +720,8 @@ void* outgoing_ssl_fd(void* sslctx, int fd) return NULL; } return ssl; +#else + (void)sslctx; (void)fd; + return NULL; #endif } diff --git a/util/netevent.c b/util/netevent.c index 1998d646a..3c1c69d7e 100644 --- a/util/netevent.c +++ b/util/netevent.c @@ -899,10 +899,10 @@ tcp_callback_reader(struct comm_point* c) } /** continue ssl handshake */ +#ifdef HAVE_SSL static int ssl_handshake(struct comm_point* c) { -#ifdef HAVE_SSL int r; if(c->ssl_shake_state == comm_ssl_shake_hs_read) { /* read condition satisfied back to writing */ @@ -961,8 +961,8 @@ ssl_handshake(struct comm_point* c) } c->ssl_shake_state = comm_ssl_shake_none; return 1; -#endif /* HAVE_SSL */ } +#endif /* HAVE_SSL */ /** ssl read callback on TCP */ static int @@ -1045,6 +1045,9 @@ ssl_handle_read(struct comm_point* c) tcp_callback_reader(c); } return 1; +#else + (void)c; + return 0; #endif /* HAVE_SSL */ } @@ -1126,6 +1129,9 @@ ssl_handle_write(struct comm_point* c) tcp_callback_writer(c); } return 1; +#else + (void)c; + return 0; #endif /* HAVE_SSL */ }