unbound: log openssl-1.0.2 lacks TLS host verification

ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do host cert verification. DNS over TLS connects, but hosts are unverified. A patch for log err is added with a noitce in README.md. (see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658) Also, squash some minor robustness and TLS usability fixes. Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
author: Eric Luehrsen <ericluehrsen@gmail.com> 2018-08-08 21:21:17 -0400
committer: Eric Luehrsen <ericluehrsen@gmail.com> 2018-08-10 02:11:13 -0400
commit: 1cccacf359ab99ec26bfc66ebd0e0a27053bfcef (patch)
tree: bed6639537d049f2bbe70734a83bbfad69903dd7 /net/unbound/files/unbound.init
parent: ba5e9aa9458c6d12ec8acc3798ea95c3c0cc897a (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index ff827c4f0..c90839964 100755
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -64,10 +64,9 @@ service_triggers() {
   if [ ! -f "$UB_TOTAL_CONF" -o -n "$UB_BOOT" ] ; then
     # Unbound is can be a bit heavy, so wait some on first start but any
     # interface coming up affects the trigger and delay so guarantee start
-    procd_add_raw_trigger "interface.*.up" 5000 /etc/init.d/unbound restart
+    procd_add_raw_trigger "interface.*.up" 3000 /etc/init.d/unbound restart
 
   elif [ -n "$triggers" ] ; then
-    PROCD_RELOAD_DELAY=2000
     procd_add_reload_trigger "unbound" "dhcp"
 
 
@@ -77,7 +76,6 @@ service_triggers() {
     done
 
   else
-    PROCD_RELOAD_DELAY=2000
     procd_add_reload_trigger "unbound" "dhcp"
   fi
 }
author	Eric Luehrsen <ericluehrsen@gmail.com>	2018-08-08 21:21:17 -0400
committer	Eric Luehrsen <ericluehrsen@gmail.com>	2018-08-10 02:11:13 -0400
commit	1cccacf359ab99ec26bfc66ebd0e0a27053bfcef (patch)
tree	bed6639537d049f2bbe70734a83bbfad69903dd7 /net/unbound/files/unbound.init
parent	ba5e9aa9458c6d12ec8acc3798ea95c3c0cc897a (diff)