Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove left-over requirements on OpenSSL >= 1.1.0 for cert name matching #13

wants to merge 2 commits into from


Copy link

@dne dne commented Feb 6, 2019

When bug #4206 was resolved, some bits remained that still indicate that OpenSSL 1.1.0 or later is required:

  • Invalid error logging when name verification is enabled with older OpenSSL (or LibreSSL).
  • Outdated note in the unbound.conf(5) man page.
Copy link

@wcawijngaards wcawijngaards commented Feb 11, 2019

Thanks, doc updated.


jedisct1 added a commit to jedisct1/unbound that referenced this issue Feb 15, 2019
* nlnet/master:
  - Fix capsforid canonical sort qsort callback.
  - make depend, with newer gcc, nicer layout.
  - Fix NLnetLabs#13: Remove left-over requirements on OpenSSL >= 1.1.0 for   cert name matching, from man page.
  Also fix this unit test for qname minimisation asked queries that have to be added to the provided answer list.
  - Fix recursion lame test for qname minimisation asked queries,   that were not present in the set of prepared answers.
  - Note default for module-config in man page.
  - Fix #4225: clients seem to erroneously receive no answer with   DNS-over-TLS and qname-minimisation.
  - Fix that qname minimisation does not skip a label when missing   nameserver targets need to be fetched.
  - Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
@xiangbao227 xiangbao227 mentioned this pull request Jan 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants