Permalink
Browse files

Fix DNS over TLS host validation w/OpenSSL 1.0.2. Issue #8602

  • Loading branch information...
jim-p committed Feb 6, 2019
1 parent 33e1d1c commit af2c493a0dfa99e2afc6e3f9236aad10021d6b39
@@ -3,6 +3,7 @@

PORTNAME= unbound
PORTVERSION= 1.9.0
PORTREVISION= 1
CATEGORIES= dns
MASTER_SITES= https://www.nlnetlabs.nl/downloads/unbound/ \
https://distfiles.crux.guru/
@@ -0,0 +1,11 @@
--- daemon/remote.c.orig 2019-02-06 17:15:09 UTC
+++ daemon/remote.c
@@ -1987,7 +1987,7 @@ parse_delegpt(RES* ssl, char* args, uint8_t* nm, int a
return NULL;
}
} else {
-#ifndef HAVE_SSL_SET1_HOST
+#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
if(auth_name)
log_err("no name verification functionality in "
"ssl library, ignored name for %s", todo);
@@ -0,0 +1,11 @@
--- iterator/iter_fwd.c.orig 2019-02-06 17:15:35 UTC
+++ iterator/iter_fwd.c
@@ -239,7 +239,7 @@ read_fwds_addr(struct config_stub* s, struct delegpt*
s->name, p->str);
return 0;
}
-#ifndef HAVE_SSL_SET1_HOST
+#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
if(tls_auth_name)
log_err("no name verification functionality in "
"ssl library, ignored name for %s", p->str);
@@ -0,0 +1,11 @@
--- iterator/iter_hints.c.orig 2019-02-06 17:15:55 UTC
+++ iterator/iter_hints.c
@@ -252,7 +252,7 @@ read_stubs_addr(struct config_stub* s, struct delegpt*
s->name, p->str);
return 0;
}
-#ifndef HAVE_SSL_SET1_HOST
+#if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
if(auth_name)
log_err("no name verification functionality in "
"ssl library, ignored name for %s", p->str);

0 comments on commit af2c493

Please sign in to comment.