upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-07 07:19:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Extra consistency check to make sure that when TLS is requested, either we

Browse source 
set up a TLS connection or we return an error.
This commit is contained in:
Philip Homburg 2023-03-23 15:00:10 +01:00
parent e850ca67f1
commit eb7eff4fc7
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
services/outside_network.c
View file

@ -620,6 +620,15 @@ outnet_tcp_take_into_use(struct waiting_tcp* w)
log_assert(w->addrlen > 0);
pend->c->tcp_do_toggle_rw = 0;
pend->c->tcp_do_close = 0;
/* Consistency check, if we have ssl_upstream but no sslctx, then
* log an error and return failure.
*/
if (w->ssl_upstream && !w->outnet->sslctx) {
log_err("SSL upstream requested but no SSL context");
return 0;
}
/* open socket */
s = outnet_get_tcp_fd(&w->addr, w->addrlen, w->outnet->tcp_mss, w->outnet->ip_dscp);