[EXT] Re: query on freeradius-server ocsp function and rlm_unbound
Brian Julin
BJulin at clarku.edu
Wed Aug 19 21:05:45 CEST 2020
SIMON BABY <simonkbaby at gmail.com> wrote:
> I was looking into the openssl code flow to understand how the DNS
> resolution is handled inside OpenSSL. I see the API below but could not
> find the final DNS resolution code. Could you please send me some part of
> the code/APIs/files I can start looking into?
It is almost certain that openSSL uses OS services to resolve. If your RADIUS server
does not need to look up non-DNSSec hostnames, you could shortcut
this whole problem by setting up the server to use unbound as its local
DNS resolver and configuring it to secure-only lookups, or point it to an unbound
resolver on another (securely connected) machine which is configured as such.
You'd probably want to ask on an OpenSSL group for answers to those other questions.
More information about the Freeradius-Users
mailing list