|
Unbound (trunk):
|
|
For DNS over TLS service, it sets the configured tls auth name.
|
|
This is useful for hosts that apart from the DNS over TLS services
|
|
also provide other (web) services. Add SSL cleanup for tcp timeout.
|
|
|
|
Index: services/outside_network.c
|
|
===================================================================
|
|
--- a/services/outside_network.c
|
|
+++ b/services/outside_network.c
|
|
@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
|
|
if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
|
|
log_err("SSL_set1_host failed");
|
|
pend->c->fd = s;
|
|
+ SSL_free(pend->c->ssl);
|
|
+ pend->c->ssl = NULL;
|
|
comm_point_close(pend->c);
|
|
return 0;
|
|
}
|
|
@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg)
|
|
} else {
|
|
/* it was in use */
|
|
struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
|
|
+ if(pend->c->ssl) {
|
|
+#ifdef HAVE_SSL
|
|
+ SSL_shutdown(pend->c->ssl);
|
|
+ SSL_free(pend->c->ssl);
|
|
+ pend->c->ssl = NULL;
|
|
+#endif
|
|
+ }
|
|
comm_point_close(pend->c);
|
|
pend->query = NULL;
|
|
pend->next_free = outnet->tcp_free;
|