unbound: log openssl-1.0.2 lacks TLS host verification

ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do host cert verification. DNS over TLS connects, but hosts are unverified. A patch for log err is added with a noitce in README.md. (see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658) Also, squash some minor robustness and TLS usability fixes. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
2026-04-30 15:38:40 +01:00 · 2018-08-08 21:21:17 -04:00
parent ba5e9aa945
commit 1cccacf359
8 changed files with 118 additions and 23 deletions
@@ -124,6 +124,20 @@ valid_subnet4() {

 ##############################################################################

+valid_subnet_any() {
+  local subnet=$1
+  local validip4=$( valid_subnet4 $subnet )
+  local validip6=$( valid_subnet6 $subnet )
+
+
+  if [ "$validip4" = "ok" -o "$validip6" = "ok" ] ; then
+    echo "ok"
+  else
+    echo "not"
+  fi
+}
+##############################################################################
+
 private_subnet() {
  case "$1" in
    10"."*) echo "ok" ;;