Merge branch 'develop' into release/1.1.0-alpha3

configure.ac

@@ -563,10 +563,16 @@ fi
 
 # Checks for libraries.
 found_all_libs=1
+MISSING_DEPS=""
+MISSING_SEP=""
 if test $my_with_libidn = 1
 then
 	AC_MSG_NOTICE([Checking for dependency libidn])
-	AC_CHECK_LIB([idn], [idna_to_ascii_8z], [], [found_all_libs=0])
+	AC_CHECK_LIB([idn], [idna_to_ascii_8z], [], [
+		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libidn"
+		MISSING_SEP=", "
+		found_all_libs=0
+	])
 fi
 
 AC_ARG_ENABLE(unbound-event-api, AC_HELP_STRING([--disable-unbound-event-api], [Disable usage of libunbounds event API]))
@@ -595,12 +601,16 @@ then
 			])
 		fi
 		AC_CHECK_FUNCS([ub_ctx_set_stub])
-	], [found_all_libs=0])
+	], [
+		MISSING_DEPS="${MISSING_DEPS}${MISSING_SEP}libunbound"
+		MISSING_SEP=", "
+		found_all_libs=0
+	])
 fi
 
 if test $found_all_libs = 0
 then
-    AC_MSG_ERROR([One more dependencies is missing])
+    AC_MSG_ERROR([Missing dependencies: $MISSING_DEPS])
 fi
 
 AC_PATH_PROG([DOXYGEN], [doxygen])

src/context.c

@@ -3797,8 +3797,7 @@ getdns_context_get_suffix(getdns_context *context, getdns_list **value)
 			r = GETDNS_RETURN_GENERIC_ERROR;
 			break;
 		}
-		if ((r = _getdns_list_append_const_bindata(
+		if ((r = _getdns_list_append_string(list, name)))
-		    list, strlen(name) + 1, name)))
 			break;
 		dname += dname_len;
 		dname_len = *dname++;

src/pubkey-pinning.c

@@ -56,7 +56,7 @@
 #include "context.h"
 #include "util-internal.h"
 
-#ifndef X509_STORE_CTX_get0_untrusted
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 #define X509_STORE_CTX_get0_untrusted(store) store->untrusted
 #endif
 
@@ -314,15 +314,27 @@ _getdns_get_pubkey_pinset_list(getdns_context *ctx,
    see doc/HOWTO/proxy_certificates.txt as an example
 */
 static int
-_get_ssl_getdns_upstream_idx()
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+_get_ssl_getdns_upstream_idx(void)
+#else
+_get_ssl_getdns_upstream_idx(X509_STORE *store)
+#endif
 {
 	static volatile int idx = -1;
 	if (idx < 0) {
-		/* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+#else
+		X509_STORE_lock(store);
+#endif
 		if (idx < 0)
 			idx = SSL_get_ex_new_index(0, "associated getdns upstream",
 						   NULL,NULL,NULL);
-		/* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
+		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+#else
+		X509_STORE_unlock(store);
+#endif
 	}
 	return idx;
 }
@@ -330,7 +342,11 @@ _get_ssl_getdns_upstream_idx()
 getdns_upstream*
 _getdns_upstream_from_x509_store(X509_STORE_CTX *store)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 	int uidx = _get_ssl_getdns_upstream_idx();
+#else
+	int uidx = _get_ssl_getdns_upstream_idx(X509_STORE_CTX_get0_store(store));
+#endif
 	int sslidx = SSL_get_ex_data_X509_STORE_CTX_idx();
 	const SSL *ssl;
 
@@ -348,7 +364,11 @@ getdns_return_t
 _getdns_associate_upstream_with_SSL(SSL *ssl,
 				    getdns_upstream *upstream)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
 	int uidx = _get_ssl_getdns_upstream_idx();
+#else
+	int uidx = _get_ssl_getdns_upstream_idx(SSL_CTX_get_cert_store(SSL_get_SSL_CTX(ssl)));
+#endif
 	if (SSL_set_ex_data(ssl, uidx, upstream))
 		return GETDNS_RETURN_GOOD;
 	else