From 7940e854e61a58f4f53f273d3a441c16bfb145f3 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Mon, 1 May 2017 07:34:48 +0000 Subject: [PATCH] - Fix #1259: "--disable-ecdsa" argument overwritten by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". git-svn-id: file:///svn/unbound/trunk@4137 be551aaa-1e26-0410-a405-d3ace91eadb9 --- daemon/remote.c | 2 +- doc/Changelog | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/daemon/remote.c b/daemon/remote.c index 7467c6ba5..2c53d8b38 100644 --- a/daemon/remote.c +++ b/daemon/remote.c @@ -260,7 +260,7 @@ daemon_remote_create(struct config_file* cfg) return NULL; } #endif -#ifdef SHA256_DIGEST_LENGTH +#if defined(SHA256_DIGEST_LENGTH) && defined(USE_ECDSA) /* if we have sha256, set the cipher list to have no known vulns */ if(!SSL_CTX_set_cipher_list(rc->ctx, "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256")) log_crypto_err("coult not set cipher list with SSL_CTX_set_cipher_list"); diff --git a/doc/Changelog b/doc/Changelog index 2cd29f2ae..e92d62738 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +1 May 2017: Wouter + - Fix #1259: "--disable-ecdsa" argument overwritten + by "#ifdef SHA256_DIGEST_LENGTH@daemon/remote.c". + 26 April 2017: Ralph - Implemented trust anchor signaling using key tag query.