net/unbound/patches/200-remove-SSL-unexpected-eof-messages.patch

   1 --- a/util/net_help.c
   2 +++ b/util/net_help.c
   3 @@ -1005,6 +1005,16 @@ listen_sslctx_setup(void* ctxt)
   4                         log_crypto_err("could not set cipher list with SSL_CTX_set_cipher_list");
   5         }
   6  #endif
   7 +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
   8 +       /* ignore errors when peers do not send the mandatory close_notify
   9 +        * alert on shutdown.
  10 +        * Relevant for openssl >= 3 */
  11 +       if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
  12 +               SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
  13 +               log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
  14 +               return 0;
  15 +       }
  16 +#endif
  17
  18         if((SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE) &
  19                 SSL_OP_CIPHER_SERVER_PREFERENCE) !=
  20 @@ -1233,6 +1243,17 @@ void* connect_sslctx_create(char* key, c
  21                 SSL_CTX_free(ctx);
  22                 return 0;
  23         }
  24 +#endif
  25 +#if defined(SSL_OP_IGNORE_UNEXPECTED_EOF)
  26 +       /* ignore errors when peers do not send the mandatory close_notify
  27 +        * alert on shutdown.
  28 +        * Relevant for openssl >= 3 */
  29 +       if((SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF) &
  30 +               SSL_OP_IGNORE_UNEXPECTED_EOF) != SSL_OP_IGNORE_UNEXPECTED_EOF) {
  31 +               log_crypto_err("could not set SSL_OP_IGNORE_UNEXPECTED_EOF");
  32 +               SSL_CTX_free(ctx);
  33 +               return 0;
  34 +       }
  35  #endif
  36         if(key && key[0]) {
  37                 if(!SSL_CTX_use_certificate_chain_file(ctx, pem)) {