From 1cccacf359ab99ec26bfc66ebd0e0a27053bfcef Mon Sep 17 00:00:00 2001
From: Eric Luehrsen <ericluehrsen@gmail.com>
Date: Wed, 8 Aug 2018 21:21:17 -0400
Subject: unbound: log openssl-1.0.2 lacks TLS host verification

ssl_set1_host() is not available without openssl-1.1.0. Unbound can not do
host cert verification. DNS over TLS connects, but hosts are unverified. A
patch for log err is added with a noitce in README.md.
(see: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=658)

Also, squash some minor robustness and TLS usability fixes.

Signed-off-by: Eric Luehrsen <ericluehrsen@gmail.com>
---
 net/unbound/files/unbound.init | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'net/unbound/files/unbound.init')

diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index ff827c4f0..c90839964 100755
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -64,10 +64,9 @@ service_triggers() {
   if [ ! -f "$UB_TOTAL_CONF" -o -n "$UB_BOOT" ] ; then
     # Unbound is can be a bit heavy, so wait some on first start but any
     # interface coming up affects the trigger and delay so guarantee start
-    procd_add_raw_trigger "interface.*.up" 5000 /etc/init.d/unbound restart
+    procd_add_raw_trigger "interface.*.up" 3000 /etc/init.d/unbound restart
 
   elif [ -n "$triggers" ] ; then
-    PROCD_RELOAD_DELAY=2000
     procd_add_reload_trigger "unbound" "dhcp"
 
 
@@ -77,7 +76,6 @@ service_triggers() {
     done
 
   else
-    PROCD_RELOAD_DELAY=2000
     procd_add_reload_trigger "unbound" "dhcp"
   fi
 }
-- 
cgit v1.2.3