04.04.2019 23:35, rollingonchrome via Unbound-users пишет: > Hi Wouter, > > Thank you for taking a look at my config file. > > Sorry for any confusion. I am running Unbound 1.9.1. That should > support the tls-cert-bundle option, correct? > > I had initially tried my config file with 1.9.2, but at Yuri's > suggestion, I downgraded to the latest stable version, 1.9.1. > > The tls-cert-bundle option did not work with either 1.9.2 or 1.9.1. > > I am running Unbound compiled from source on a Raspberry Pi (Raspbian > Jessie). > > I now think the problem may be in the OpenSSL version on Raspbian, > which only supports TLS 1.2. Assume that it is. However, as I know, support for TLS is a function of the openssl library. Who prevents to build the version with the necessary protocol (for example, openssl 1.0.2o) and re-build Unbound with it? > > Thank you for your help. > > Best, > > RoC > * > * > *Wouter Wijngaards* wouter at nlnetlabs.nl > <mailto:unbound-users%40nlnetlabs.nl?Subject=Re%3A%20TLS%20certificate%20question%20about%20Unbound%201.9.2&In-Reply-To=%3Caf5612a5-9698-4e0e-19d7-722013bcb885%40nlnetlabs.nl%3E> > /Thu Apr 4 09:04:46 CEST 2019/ > Hi, > > So this config file is fine, the tls-cert-bundle should work find with a > version of unbound that supports the options (eg. 1.9.2). Like, for me, > it works. I guess you downgraded and are now using an older version > that does not support the tls-cert-bundle option, so the unknown keyword > error is accurate? > > Best regards, Wouter > > On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote: > >/Hello, />//>/Thank you for the replies. I believe I have the > >tls-cert-bundle />/information correctly indented now. But, I am still > >getting the same />/errors as before about unknown keywords and strays. > >/>//>/It is indented like this: />//>/server: />/ />/ [a few lines > >omitted] />/ />/ #Added for DoT />/ tls-cert-bundle: > >"/etc/ssl/certs/ca-certificates.crt" />//>/Here is a link to my actual conf > >file if anyone would be willing to take />/a look: > >/>/https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg > />//>/I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so > />/I'm wondering if that might be this issue. Not sure what version of TLS > />/Unbound 1.9.1 uses (I downgraded). />//>/Thank you for your help. > />//>/Best, />//>/RoC/ > -- "C++ seems like a language suitable for firing other people's legs."
***************************** * C++20 : Bug to the future * *****************************
signature.asc
Description: OpenPGP digital signature
