TLS certificate question about Unbound 1.9.2

Thu Apr 4 17:49:12 UTC 2019

But in this hypothesis (with TLS 1.2) I am personally prevented from
believing the abuse on the syntax of the configuration file. I strongly
suspect that binary files are not completely updated.

Correct version should eat config file (in case of TLS 1.2, in
suggestion) and blame to connections, not to config keywords.

Logically?

04.04.2019 23:35, rollingonchrome via Unbound-users пишет:
> Hi Wouter,
>
> Thank you for taking a look at my config file.
>
> Sorry for any confusion. I am running Unbound 1.9.1. That should
> support the tls-cert-bundle option, correct?
>
> I had initially tried my config file with 1.9.2, but at Yuri's
> suggestion, I downgraded to the latest stable version, 1.9.1.
>
> The tls-cert-bundle option did not work with either 1.9.2 or 1.9.1.
>
> I am running Unbound compiled from source on a Raspberry Pi (Raspbian
> Jessie).
>
> I now think the problem may be in the OpenSSL version on Raspbian,
> which only supports TLS 1.2.
>
> Thank you for your help.
>
> Best,
>
> RoC
> *
> *
> *Wouter Wijngaards* wouter at nlnetlabs.nl 
> <mailto:unbound-users%40nlnetlabs.nl?Subject=Re%3A%20TLS%20certificate%20question%20about%20Unbound%201.9.2&In-Reply-To=%3Caf5612a5-9698-4e0e-19d7-722013bcb885%40nlnetlabs.nl%3E>
> /Thu Apr 4 09:04:46 CEST 2019/
> Hi,
>
> So this config file is fine, the tls-cert-bundle should work find with a
> version of unbound that supports the options (eg. 1.9.2).  Like, for me,
> it works.  I guess you downgraded and are now using an older version
> that does not support the tls-cert-bundle option, so the unknown keyword
> error is accurate?
>
> Best regards, Wouter
>
> On 4/3/19 7:52 PM, rollingonchrome via Unbound-users wrote:
> >/Hello, />//>/Thank you for the replies. I believe I have the tls-cert-bundle />/information correctly indented now. But, I am still getting the same />/errors as before about unknown keywords and strays. />//>/It is indented like this: />//>/server: />/      />/      [a few lines omitted] />/      />/     #Added for DoT />/     tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt" />//>/Here is a link to my actual conf file if anyone would be willing to take />/a look:  />/https://send.firefox.com/download/83192a35d41caf47/#G4NxNtajpM1KmZgLI-boBg
> />//>/I've read that OpenSSL on Jessie doesn't support any TLS except 1.2, so />/I'm wondering if that might be this issue. Not sure what version of TLS />/Unbound 1.9.1 uses (I downgraded). />//>/Thank you for your help. />//>/Best, />//>/RoC/
>
-- 
"C++ seems like a language suitable for firing other people's legs."

*****************************
* C++20 : Bug to the future *
*****************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190404/1afd59d7/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190404/1afd59d7/attachment.bin>