I made a new snapshot build r13871 today (came from r13500).
I saw that stubby (0.26->0.3) got upgraded.
Stubby is not starting anymore. The only error I get is (log got spammed):
This version of OpenSSL does not support configuring cipher suites.
The library did not have the requested API feature implemented.
My first question: Is this an OpenSSL or a Stubby related issue? Or did I simply missed a package dependency?
I did not found any bug entry so far. But maybe I've missed sth. and it is already in a mailing list? Where is the best place to report this issue if necessary https://bugs.openwrt.org/ or https://github.com/openwrt/packages/issues?
EDIT: I have found this:
and
So it seems a getdns issue. I will try to reconfigure OpenSSL according to that was discussed there.
Well I've read through the linked threads and it seems it is a getdns issue. The developer is claiming that it is working on his setup compliling on SDK. I'm not using SDK. So I think the reason is probably to search there.
My environment is locally built, packages/x86_64/base/ but it is true libopenssl is a few days old.
I'll do a clean build and see whether there is any difference, although I'm leaning more towards a different openssl build configuration.
But the guy posting this didn't post any result. I'm building for ipq806x on x86_64.
I've compiled with getdns 1.52 now because this setup is to be working according to statements in this threads. I will report back in a few minutes ...
EDIT: stubby is working here with getdns v1.52. That was the only change on my build settings. The most recent version 1.6.0-2 is not working.
It was built from scratch today. But I have to say that I'm building with:
-O2, glibc, libcstdc, gcc10, binutils2.34
Maybe it is a glibc issue as so often. Because the developer is writing:
I didn't change anything regarding openssl config when building the packages using the SDK, so the packages I used presumably have the "default" configuration for OpenWRT, whatever that is.
For now I will stick with v1.52 and hope the best it will change in future.
After commenting out the line stubby 1.6.0-2 is working with my buildsettings.
# Set the acceptable ciphers for DNS over TLS. With OpenSSL 1.1.1 this list is
# for TLS1.2 and older only. Ciphers for TLS1.3 should be set with the
# tls_ciphersuites option. This option can also be given per upstream.
# tls_cipher_list: "EECDH+AESGCM:EECDH+CHACHA20"
# Set the acceptable cipher for DNS over TLS1.3. OpenSSL >= 1.1.1 is required
# for this option. This option can also be given per upstream.
# tls_ciphersuites: #"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
So the line should work with OpenSSL 1.1.1g. But it doesn't. I'm still not sure which side is causing the error. Getdns or Stubby.