Fixup ssl authentication not available with check for it.

dnstap/dtstream.c

@@ -302,6 +302,8 @@ int dt_io_thread_apply_cfg(struct dt_io_thread* dtio, struct config_file *cfg)
 				log_err("dnstap setup: malloc failure");
 				return 0;
 			}
+			if(!check_auth_name_for_ssl(dtio->tls_server_name))
+				return 0;
 		}
 		if(cfg->dnstap_tls_client_key_file &&
 			cfg->dnstap_tls_client_key_file[0]) {

util/net_help.c

@@ -1217,6 +1217,19 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
 #endif
 }
 
+int check_auth_name_for_ssl(char* auth_name)
+{
+	if(!auth_name) return 1;
+#ifdef HAVE_SSL
+#if !defined(HAVE_SSL_SET1_HOST) && !defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
+	log_err("the query has an auth_name %s, but libssl has no call to "
+		"perform TLS authentication.  Remove that name from config "
+		"or upgrade the ssl crypto library.", auth_name);
+#endif
+#endif
+	return 1;
+}
+
 /** set the authname on an SSL structure, SSL* ssl */
 int set_auth_name_on_ssl(void* ssl, char* auth_name)
 {

util/net_help.h

@@ -442,6 +442,13 @@ void* incoming_ssl_fd(void* sslctx, int fd);
  */
 void* outgoing_ssl_fd(void* sslctx, int fd);
 
+/**
+ * check if authname SSL functionality is available, false if not
+ * @param auth_name: the name for the remote server, used for error print.
+ * @return false if SSL functionality to check the SSL name is not available.
+ */
+int check_auth_name_for_ssl(char* auth_name);
+
 /**
  * set auth name on SSL for verification
  * @param ssl: SSL* to set