diff options
| author | Ted Hess <thess@kitschensync.net> | 2023-08-21 18:39:28 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-21 18:39:28 -0400 |
| commit | 676c3edc634e1709a0f20b54b51545a9959cb22b (patch) | |
| tree | 9b7396764335cf9cdc69bb4f22fe38263198f11f /net | |
| parent | db334337b70e7ddf204e4e22a212d20e1a7774c6 (diff) | |
| parent | 2a71e17ca12341682430e587889d8fb7af58ae30 (diff) | |
Merge pull request #21874 from thess/unbound-SSL-workaround
Unbound: Silence SSL unexpected eof messages
Diffstat (limited to 'net')
| -rw-r--r-- | net/unbound/Makefile | 2 | ||||
| -rw-r--r-- | net/unbound/patches/200-remove-SSL-unexpected-eof-messages.patch | 37 |
2 files changed, 38 insertions, 1 deletions
diff --git a/net/unbound/Makefile b/net/unbound/Makefile index 0620944cf..9626c4e29 100644 --- a/net/unbound/Makefile +++ b/net/unbound/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=unbound PKG_VERSION:=1.17.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://nlnetlabs.nl/downloads/unbound diff --git a/net/unbound/patches/200-remove-SSL-unexpected-eof-messages.patch b/net/unbound/patches/200-remove-SSL-unexpected-eof-messages.patch new file mode 100644 index 000000000..3f7d62b40 --- /dev/null +++ b/net/unbound/patches/200-remove-SSL-unexpected-eof-messages.patch @@ -0,0 +1,37 @@ +--- a/util/net_help.c ++++ b/util/net_help.c +@@ -1005,6 +1005,16 @@ listen_sslctx_setup(void* ctxt) + log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list"); + } + #endif ++#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) ++ /* ignore errors when peers do not send the mandatory close_notify ++ * alert on shutdown. ++ * Relevant for openssl >= 3 */ ++ if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & ++ SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { ++ log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); ++ return 0; ++ } ++#endif + + if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) & + SSL_OP_CIPHER_SERVER_PREFERENCE) != +@@ -1233,6 +1243,17 @@ void* connect_sslctx_create(char* key, c + SSL_CTX_free(ctx); + return 0; + } ++#endif ++#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF) ++ /* ignore errors when peers do not send the mandatory close_notify ++ * alert on shutdown. ++ * Relevant for openssl >= 3 */ ++ if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) & ++ SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) { ++ log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF"); ++ SSL_CTX_free(ctx); ++ return 0; ++ } + #endif + if(key && key[0]) { + if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) { |