Abstract context DANE initialisation.

src/context.c

@@ -3572,14 +3572,7 @@ _getdns_context_prepare_for_resolution(getdns_context *context)
 				if (context->tls_auth_min == GETDNS_AUTHENTICATION_REQUIRED) 
 					return GETDNS_RETURN_BAD_CONTEXT;
 			}
-#   if defined(STUB_DEBUG) && STUB_DEBUG
+			_getdns_tls_context_dane_init(context->tls_ctx);
-			int osr =
-#   else
-			(void)
-#   endif
-				SSL_CTX_dane_enable(context->tls_ctx->ssl);
-			DEBUG_STUB("%s %-35s: DEBUG: SSL_CTX_dane_enable() -> %d\n"
-			          , STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
 		}
 	}
 

src/openssl/tls.c

@@ -216,6 +216,18 @@ getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_cont
 	return GETDNS_RETURN_GOOD;
 }
 
+void _getdns_tls_context_dane_init(_getdns_tls_context* ctx)
+{
+#   if defined(STUB_DEBUG) && STUB_DEBUG
+	int osr =
+#   else
+	(void)
+#   endif
+		SSL_CTX_dane_enable(ctx->ssl);
+		DEBUG_STUB("%s %-35s: DEBUG: SSL_CTX_dane_enable() -> %d\n"
+		          , STUB_DEBUG_SETUP_TLS, __FUNC__, osr);
+}
+
 getdns_return_t _getdns_tls_context_set_min_proto_1_2(_getdns_tls_context* ctx)
 {
 #ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION

src/tls.h

@@ -70,6 +70,13 @@ _getdns_tls_context* _getdns_tls_context_new(struct mem_funcs* mfs);
  */
 getdns_return_t _getdns_tls_context_free(struct mem_funcs* mfs, _getdns_tls_context* ctx);
 
+/**
+ * Initialise any shared state for DANE checking.
+ *
+ * @param ctx	the context to initialise.
+ */
+void _getdns_tls_context_dane_init(_getdns_tls_context* ctx);
+
 /**
  * Set TLS 1.2 as minimum TLS version.
  *
@@ -103,7 +110,6 @@ getdns_return_t _getdns_tls_context_set_cipher_list(_getdns_tls_context* ctx, co
  */
 getdns_return_t _getdns_tls_context_set_curves_list(_getdns_tls_context* ctx, const char* list);
 
-
 /**
  * Set certificate authority details.
  *