Git-Mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2025-08-12 02:50:15 -04:00
Code Issues Projects Releases Packages Wiki Activity

update unbound

Browse source
This commit is contained in:
Riccardo Spagni 2015-08-14 19:12:19 +02:00
parent 7792255968
commit 93944333c5
No known key found for this signature in database
GPG key ID: 55432DF31CCD4FCD
45 changed files with 2290 additions and 3300 deletions
Download patch file Download diff file Expand all files Collapse all files

22
external/unbound/daemon/remote.c vendored
View file

@ -243,9 +243,9 @@ daemon_remote_create(struct config_file* cfg)
goto setup_error;
}
verbose(VERB_ALGO, "setup SSL certificates");
if (!SSL_CTX_use_certificate_file(rc->ctx,s_cert,SSL_FILETYPE_PEM)) {
if (!SSL_CTX_use_certificate_chain_file(rc->ctx,s_cert)) {
log_err("Error for server-cert-file: %s", s_cert);
log_crypto_err("Error in SSL_CTX use_certificate_file");
log_crypto_err("Error in SSL_CTX use_certificate_chain_file");
goto setup_error;
}
if(!SSL_CTX_use_PrivateKey_file(rc->ctx,s_key,SSL_FILETYPE_PEM)) {
@ -258,6 +258,23 @@ daemon_remote_create(struct config_file* cfg)
log_crypto_err("Error in SSL_CTX check_private_key");
goto setup_error;
}
#if HAVE_DECL_SSL_CTX_SET_ECDH_AUTO
if(!SSL_CTX_set_ecdh_auto(rc->ctx,1)) {
log_crypto_err("Error in SSL_CTX_ecdh_auto, not enabling ECDHE");
}
#elif defined(USE_ECDSA)
if(1) {
EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
if (!ecdh) {
log_crypto_err("could not find p256, not enabling ECDHE");
} else {
if (1 != SSL_CTX_set_tmp_ecdh (rc->ctx, ecdh)) {
log_crypto_err("Error in SSL_CTX_set_tmp_ecdh, not enabling ECDHE");
}
EC_KEY_free (ecdh);
}
}
#endif
if(!SSL_CTX_load_verify_locations(rc->ctx, s_cert, NULL)) {
log_crypto_err("Error setting up SSL_CTX verify locations");
setup_error:
@ -1683,6 +1700,7 @@ parse_delegpt(SSL* ssl, char* args, uint8_t* nm, int allow_names)
}
}
}
dp->has_parent_side_NS = 1;
return dp;
}