Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dohclient ssl shakehand failue #524

Closed
ghpass opened this issue Aug 13, 2021 · 2 comments
Closed

dohclient ssl shakehand failue #524

ghpass opened this issue Aug 13, 2021 · 2 comments
Assignees

Comments

@ghpass
Copy link

ghpass commented Aug 13, 2021

hi,
When dot and doh are tried, DoT is ok, but DoH doesn't work well.

#./dohclient -s 127.0.0.1 paypal.com A IN
[1628843078] unbound[22642:0] error: could not allocate SSL_CTX pointer crypto error:140A90A1:lib(20):func(169):reason(161)
[1628843078] unbound[22642:0] fatal error: cannot create ssl ctx

Enviroment is as follows:

  1. unbound 1.13.0
    ./configure --with-libevent --with-pthreads --enable-subnet --sysconfdir=/etc --with-ssl -with-libnghttp2
  2. version of openssl and openssl-devel
    #yum list openssl-devel openssl
    Installed Packages
    openssl.x86_64 1:1.0.2k-21.el7_9
    openssl-devel.x86_64 1:1.0.2k-21.el7_9
  3. 443 and 853 port are opened
    some of server configures:
    interface: 0.0.0.0@853 #ipv4 over TLS
    interface: ::0@853 #ipv4 over TLS
    interface: 0.0.0.0@443
    interface: ::0@443

    #netstat -aptn
    tcp 0 0 0.0.0.0:853 0.0.0.0:* LISTEN 22615/unbound
    tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 22615/unbound
    tcp6 0 0 :::443 :::* LISTEN 22615/unbound
    tcp6 0 0 :::853 :::* LISTEN 22615/unbound
  4. The certification is generated as follows:
    #openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
    in the server configure:
    tls-service-key: key.pem
    tls-service-pem: cert.pem
@ghpass
Copy link
Author

ghpass commented Aug 19, 2021

Resolved!
There is a bug in dohclient.c.
Add following line in the beginning of run() funtion, and ok!
SSL_library_init();

@gthess gthess self-assigned this Mar 17, 2023
@gthess
Copy link
Member

gthess commented Mar 17, 2023

Already fixed in 7226d2f.

@gthess gthess closed this as completed Mar 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants