Does anyone else have unbound working with TLS? I’m getting the error
libunbound[27787:0] error: no name verification functionality in ssl library, ignored name for 22.214.171.124@853#dns.google
It’s puzzling, though, because the Changelog for 1.9.0 makes it sound as though this bug did not affect openssl-1.1, and also was fixed in 1.9.0.
Things I haven’t yet figured out:
- are the 2 bugs above still relevant to unbound-1.9.4 (latest upstream, already in Nixpkgs)
- are the 2 bugs relevent with openssl-1.1.1 (used by Nixpkgs
- would it help to apply the patch from the FreeBSD thread?
- are there compile-time options to
opensslthat affect this behavior?
Relevant lines from my
server: tls-upstream: yes tls-cert-bundle: /etc/pki/tls/certs/ca-bundle.crt forward-zone: name: . forward-addr: 126.96.36.199@853#dns.google