DNS-over-TLS with unbound

Does anyone else have unbound working with TLS? I’m getting the error libunbound[27787:0] error: no name verification functionality in ssl library, ignored name for

I think this is the same error reported in
and Unbound upstream

It’s puzzling, though, because the Changelog for 1.9.0 makes it sound as though this bug did not affect openssl-1.1, and also was fixed in 1.9.0.

Things I haven’t yet figured out:

  • are the 2 bugs above still relevant to unbound-1.9.4 (latest upstream, already in Nixpkgs)
  • are the 2 bugs relevent with openssl-1.1.1 (used by Nixpkgs unbound)
  • would it help to apply the patch from the FreeBSD thread?
  • are there compile-time options to openssl that affect this behavior?

Relevant lines from my unbound.conf:

  tls-upstream: yes
  tls-cert-bundle: /etc/pki/tls/certs/ca-bundle.crt

    name: .