Fix issue #903 TXT, SRV, record failed.

when `./Configure --api=1.0.0`, we should not use CRYPTO_set_id_callback().

ReadMe_en.md

@@ -528,6 +528,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |whitelist-ip|ip whitelist|None|[ip/subnet], Repeatable，When the filtering server responds IPs in the IP whitelist, only result in whitelist will be accepted| whitelist-ip 1.2.3.4/16
 |blacklist-ip|ip blacklist|None|[ip/subnet], Repeatable，When the filtering server responds IPs in the IP blacklist, The result will be discarded directly| blacklist-ip 1.2.3.4/16
 |force-AAAA-SOA|force AAAA query return SOA|no|[yes\|no]|force-AAAA-SOA yes
+|force-qtype-SOA|force specific qtype return SOA|qtype id|[qtypeid | ...]|force-qtype-SOA 65 28
 |prefetch-domain|domain prefetch feature|no|[yes\|no]|prefetch-domain yes
 |serve-expired|Cache serve expired feature|no|[yes\|no], Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish.|serve-expired yes
 |serve-expired-ttl|Cache serve expired limite TTL|0|second，0：disable，> 0  seconds after expiration|serve-expired-ttl 0
@@ -638,7 +639,7 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
     Enable cache serve expired feature with `serve-expired yes` to improve the cache hit rate and reduce the CPU consumption.
     This feature will return TTL = 0 to the client after the TTL timeout, and send a new query request again at the same time, and cache the new results for later query.
 
-1. How does the second DNS customize more behavior?
+1. How does the second DNS customize more behavior?  
     The second DNS can be used as the upstream of other DNS servers to provide more query behaviors. Bind configuration support can bind multiple ports. Different ports can be set with different flags to implement different functions, such as
 
     ```sh
@@ -646,6 +647,13 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
     bind [::]:6053 -no-speed-check -group office -no-rule-addr
     ```
 
+1. How to get SPKI of DOT  
+    The SPKI can be obtained from the page published by the DNS service provider. If it is not published, it can be obtained by the following command, replace IP with your own IP.
+
+    ````sh
+    echo | openssl s_client -connect '1.0.0.1:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
+    ````
+
 ## Compile
 
 smartdns contains scripts for compiling packages, supports compiling luci, debian, openwrt, opare installation packages, and can execute `package/build-pkg.sh` compilation.

etc/smartdns/smartdns.conf

@@ -84,6 +84,10 @@ cache-size 4096
 # force AAAA query return SOA
 # force-AAAA-SOA [yes|no]
 
+# force specific qtype return soa
+# force-qtype-SOA [qtypeid |...]
+# force-qtype-SOA 65 28
+
 # Enable IPV4, IPV6 dual stack IP optimization selection strategy
 # dualstack-ip-selection-threshold [num] (0~1000)
 # dualstack-ip-selection [yes|no]

src/dns.c

@@ -1369,6 +1369,38 @@ static int _dns_decode_opt_ecs(struct dns_context *context, struct dns_opt_ecs *
 	return 0;
 }
 
+
+static int _dns_decode_opt_cookie(struct dns_context *context, struct dns_opt_cookie *cookie)
+{
+	// TODO
+	int len = _dns_left_len(context);
+	if (len < 8) {
+		return -1;
+	}
+
+	len = 8;
+	memcpy(cookie->client_cookie, context->ptr, len);
+	context->ptr += len;
+
+	len = _dns_left_len(context);
+	if (len == 0) {
+		cookie->server_cookie_len = 0;
+		return 0;
+	}
+
+	if (len < 8) {
+		return -1;
+	}
+
+	memcpy(cookie->server_cookie, context->ptr, len);
+	cookie->server_cookie_len = len;
+	context->ptr += len;
+
+	tlog(TLOG_DEBUG, "OPT COOKIE");
+	return 0;
+}
+
+
 static int _dns_encode_OPT(struct dns_context *context, struct dns_rrs *rrs)
 {
 	int ret;
@@ -1551,6 +1583,14 @@ static int _dns_decode_opt(struct dns_context *context, dns_rr_type type, unsign
 				return -1;
 			}
 		} break;
+		case DNS_OPT_T_COOKIE: {
+			struct dns_opt_cookie cookie;
+			ret = _dns_decode_opt_cookie(context, &cookie);
+			if (ret != 0) {
+				tlog(TLOG_ERROR, "decode cookie failed.");
+				return -1;
+			}
+		} break;
 		default:
 			context->ptr += opt_len;
 			tlog(TLOG_DEBUG, "DNS opt type = %d not supported", opt_code);

src/dns.h

@@ -68,6 +68,7 @@ typedef enum dns_type {
 
 typedef enum dns_opt_code {
 	DNS_OPT_T_ECS = 8, // OPT ECS
+	DNS_OPT_T_COOKIE = 10, //OPT Cookie
 	DNS_OPT_T_TCP_KEEPALIVE = 11,
 	DNS_OPT_T_ALL = 255
 } dns_opt_code_t;
@@ -171,6 +172,13 @@ struct dns_opt_ecs {
 	unsigned char addr[DNS_RR_AAAA_LEN];
 };
 
+/* OPT COOLIE */
+struct dns_opt_cookie {
+	char server_cookie_len;
+	unsigned char client_cookie[8];
+	unsigned char server_cookie[32];
+};
+
 /* OPT */
 struct dns_opt {
 	unsigned short code;

src/dns_cache.c

@@ -412,7 +412,37 @@ int dns_cache_get_ttl(struct dns_cache *dns_cache)
 	return ttl;
 }
 
-int dns_cache_is_soa(struct dns_cache *dns_cache) {
+int dns_cache_get_cname_ttl(struct dns_cache *dns_cache) 
+{
+	time_t now;
+	int ttl = 0;
+	time(&now);
+
+	struct dns_cache_addr *cache_addr = (struct dns_cache_addr *)dns_cache_get_data(dns_cache);
+
+	if (cache_addr->head.cache_type != CACHE_TYPE_ADDR) {
+		return 0;
+	}
+
+	ttl = dns_cache->info.insert_time + cache_addr->addr_data.cname_ttl - now;
+	if (ttl < 0) {
+		return 0;
+	}
+
+	int addr_ttl = dns_cache_get_ttl(dns_cache);
+	if (ttl < addr_ttl && ttl < 0) {
+		return addr_ttl;
+	}
+
+	if (ttl < 0) {
+		return 0;
+	}
+
+	return ttl;	
+}
+
+int dns_cache_is_soa(struct dns_cache *dns_cache) 
+{
 	if (dns_cache == NULL) {
 		return 0;
 	}

src/dns_cache.h

@@ -143,6 +143,8 @@ void dns_cache_invalidate(dns_cache_preinvalid_callback callback, int ttl_pre);
 
 int dns_cache_get_ttl(struct dns_cache *dns_cache);
 
+int dns_cache_get_cname_ttl(struct dns_cache *dns_cache);
+
 int dns_cache_is_soa(struct dns_cache *dns_cache);
 
 struct dns_cache_data *dns_cache_new_data(void);

src/dns_conf.c

@@ -37,6 +37,8 @@ struct dns_ipset_table {
 };
 static struct dns_ipset_table dns_ipset_table;
 
+struct dns_qtype_soa_table dns_qtype_soa_table;
+
 /* dns groups */
 struct dns_group_table dns_group_table;
 
@@ -1171,6 +1173,42 @@ static int _config_iplist_rule(char *subnet, enum address_rule rule)
 	return 0;
 }
 
+static int _config_qtype_soa(void *data, int argc, char *argv[])
+{
+	struct dns_qtype_soa_list *soa_list;
+	if (argc <= 1) {
+		return -1;
+	}
+
+	for (int i = 1; i < argc; i++) {
+		soa_list = malloc(sizeof(*soa_list));
+		if (soa_list == NULL) {
+			tlog(TLOG_ERROR, "cannot malloc memory");
+			return -1;
+		}
+
+		memset(soa_list, 0, sizeof(*soa_list));
+		soa_list->qtypeid = atol(argv[i]);
+		uint32_t key = hash_32_generic(soa_list->qtypeid, 32);
+		hash_add(dns_qtype_soa_table.qtype, &soa_list->node, key);
+	}
+
+	return 0;
+}
+
+static void _config_qtype_soa_table_destroy(void)
+{
+	struct dns_qtype_soa_list *soa_list = NULL;
+	struct hlist_node *tmp = NULL;
+	int i;
+
+	hash_for_each_safe(dns_qtype_soa_table.qtype, i, tmp, soa_list, node)
+	{
+		hlist_del_init(&soa_list->node);
+		free(soa_list);
+	}
+}
+
 static int _config_blacklist_ip(void *data, int argc, char *argv[])
 {
 	if (argc <= 1) {
@@ -1448,6 +1486,7 @@ static struct config_item _config_item[] = {
 	CONF_INT("rr-ttl-min", &dns_conf_rr_ttl_min, 0, CONF_INT_MAX),
 	CONF_INT("rr-ttl-max", &dns_conf_rr_ttl_max, 0, CONF_INT_MAX),
 	CONF_YESNO("force-AAAA-SOA", &dns_conf_force_AAAA_SOA),
+	CONF_CUSTOM("force-qtype-SOA", _config_qtype_soa, NULL),
 	CONF_CUSTOM("blacklist-ip", _config_blacklist_ip, NULL),
 	CONF_CUSTOM("whitelist-ip", _conf_whitelist_ip, NULL),
 	CONF_CUSTOM("bogus-nxdomain", _conf_bogus_nxdomain, NULL),
@@ -1518,6 +1557,7 @@ static int _dns_server_load_conf_init(void)
 	art_tree_init(&dns_conf_domain_rule);
 
 	hash_init(dns_ipset_table.ipset);
+	hash_init(dns_qtype_soa_table.qtype);
 	hash_init(dns_group_table.group);
 
 	return 0;
@@ -1530,6 +1570,7 @@ void dns_server_load_exit(void)
 	Destroy_Radix(dns_conf_address_rule.ipv6, _config_address_destroy, NULL);
 	_config_ipset_table_destroy();
 	_config_group_table_destroy();
+	_config_qtype_soa_table_destroy();
 }
 
 static int _dns_conf_speed_check_mode_verify(void)

src/dns_conf.h

@@ -203,6 +203,16 @@ struct dns_bind_ip {
 	const char *group;
 };
 
+struct dns_qtype_soa_list {
+	struct hlist_node node;
+	uint32_t qtypeid;
+};
+
+struct dns_qtype_soa_table {
+	DECLARE_HASHTABLE(qtype, 8);
+};
+extern struct dns_qtype_soa_table dns_qtype_soa_table;
+
 extern struct dns_bind_ip dns_conf_bind_ip[DNS_MAX_BIND_IP];
 extern int dns_conf_bind_ip_num;
 

src/dns_server.c

@@ -586,6 +586,7 @@ static int _dns_reply(struct dns_request *request)
 	}
 
 	/* send request */
+	atomic_inc_return(&request->notified);
 	return _dns_reply_inpacket(request, inpacket, encode_len);
 }
 
@@ -809,7 +810,7 @@ static int _dns_server_request_complete_A(struct dns_request *request)
 			request->ttl_v4 = DNS_SERVER_TMOUT_TTL;
 		}
 		dns_cache_set_data_addr(cache_data, request->server_flags, cname, cname_ttl, request->ipv4_addr, DNS_RR_A_LEN);
-	} else {
+	} else if (request->has_soa) {
 		dns_cache_set_data_soa(cache_data, request->server_flags, cname, cname_ttl);
 	}
 
@@ -867,7 +868,7 @@ static int _dns_server_request_complete_AAAA(struct dns_request *request)
 		dns_cache_set_data_addr(cache_data, request->server_flags, cname, cname_ttl, request->ipv6_addr, DNS_T_AAAA);
 
 		request->has_soa = 0;
-	} else {
+	} else if (request->has_soa) {
 		dns_cache_set_data_soa(cache_data, request->server_flags, cname, cname_ttl);
 	}
 
@@ -936,11 +937,6 @@ static int _dns_server_request_complete(struct dns_request *request)
 		return 0;
 	}
 
-	/* if passthrouth, return */
-	if (request->passthrough) {
-		return 0;
-	}
-
 	if (request->qtype == DNS_T_A) {
 		if (_dns_server_request_complete_A(request) != 0) {
 			tlog(TLOG_ERROR, "complete DNS A failed.");
@@ -1062,6 +1058,9 @@ static void _dns_server_select_possible_ipaddress(struct dns_request *request)
 static void _dns_server_delete_request(struct dns_request *request)
 {
 	if (request->conn) {
+		if (atomic_read(&request->notified) == 0) {
+			_dns_server_request_complete(request);
+		}
 		_dns_server_conn_release(request->conn);
 	}
 	pthread_mutex_destroy(&request->ip_map_lock);
@@ -1667,6 +1666,7 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 	int j = 0;
 	struct dns_rrs *rrs = NULL;
 	int ip_check_result = 0;
+	int is_result_discard = 0;
 
 	if (packet->head.rcode != DNS_RC_NOERROR && packet->head.rcode != DNS_RC_NXDOMAIN) {
 		if (request->rcode == DNS_RC_SERVFAIL) {
@@ -1680,6 +1680,11 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 	for (j = 1; j < DNS_RRS_END; j++) {
 		rrs = dns_get_rrs_start(packet, j, &rr_count);
 		for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) {
+			if ((rrs->type == DNS_T_A || rrs->type == DNS_T_AAAA) &&
+				(request->qtype != DNS_T_A && request->qtype != DNS_T_AAAA)) {
+				is_result_discard = 1;
+			}
+
 			switch (rrs->type) {
 			case DNS_T_A: {
 				unsigned char addr[4];
@@ -1740,6 +1745,10 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 		}
 	}
 
+	if (is_result_discard == 1) {
+		return 0;
+	}
+
 	return -1;
 }
 
@@ -1795,7 +1804,7 @@ static int _dns_server_get_answer(struct dns_request *request, struct dns_packet
 				dns_get_CNAME(rrs, name, DNS_MAX_CNAME_LEN, &ttl, cname, DNS_MAX_CNAME_LEN);
 				tlog(TLOG_DEBUG, "name:%s ttl: %d cname: %s\n", name, ttl, cname);
 				safe_strncpy(request->cname, cname, DNS_MAX_CNAME_LEN);
-				request->ttl_cname = ttl;
+				request->ttl_cname = _dns_server_get_conf_ttl(ttl);
 				request->has_cname = 1;
 			} break;
 			case DNS_T_SOA: {
@@ -1929,13 +1938,13 @@ static int _dns_server_reply_passthrouth(struct dns_request *request, struct dns
 		_dns_result_callback(request);
 	}
 
-	if (request->conn == NULL) {
-		return 0;
-	}
+	_dns_server_audit_log(request);
 
-	/* When passthrough, modify the id to be the id of the client request. */
-	dns_server_update_reply_packet_id(request, inpacket, inpacket_len);
-	ret = _dns_reply_inpacket(request, inpacket, inpacket_len);
+	if (request->conn) {
+		/* When passthrough, modify the id to be the id of the client request. */
+		dns_server_update_reply_packet_id(request, inpacket, inpacket_len);
+		ret = _dns_reply_inpacket(request, inpacket, inpacket_len);
+	}
 
 	if (packet->head.rcode != DNS_RC_NOERROR && packet->head.rcode != DNS_RC_NXDOMAIN) {
 		return ret;
@@ -2328,6 +2337,25 @@ errout:
 	return -1;
 }
 
+static int _dns_server_qtype_soa(struct dns_request *request)
+{
+	struct dns_qtype_soa_list *soa_list = NULL;
+
+	uint32_t key = hash_32_generic(request->qtype, 32);
+	hash_for_each_possible(dns_qtype_soa_table.qtype, soa_list, node, key)
+	{
+		if (request->qtype != soa_list->qtypeid) {
+			continue;
+		}
+
+		_dns_server_reply_SOA(DNS_RC_NOERROR, request);
+		tlog(TLOG_DEBUG, "force qtype %d soa", request->qtype);
+		return 0;
+	}
+
+	return -1;
+}
+
 static void _dns_server_process_speed_check_rule(struct dns_request *request)
 {
 	struct dns_domain_check_order *check_order = NULL;
@@ -2351,6 +2379,16 @@ static int _dns_server_get_expired_ttl_reply(struct dns_cache *dns_cache)
 	return dns_conf_serve_expired_reply_ttl;
 }
 
+static int _dns_server_get_expired_cname_ttl_reply(struct dns_cache *dns_cache)
+{
+	int ttl = dns_cache_get_cname_ttl(dns_cache);
+	if (ttl > 0) {
+		return ttl;
+	}
+
+	return _dns_server_get_expired_ttl_reply(dns_cache);
+}
+
 static int _dns_server_process_cache_addr(struct dns_request *request, struct dns_cache *dns_cache)
 {
 	struct dns_cache_addr *cache_addr = (struct dns_cache_addr *)dns_cache_get_data(dns_cache);
@@ -2378,7 +2416,7 @@ static int _dns_server_process_cache_addr(struct dns_request *request, struct dn
 	if (cache_addr->addr_data.cname[0] != 0) {
 		safe_strncpy(request->cname, cache_addr->addr_data.cname, DNS_MAX_CNAME_LEN);
 		request->has_cname = 1;
-		request->ttl_cname = cache_addr->addr_data.cname_ttl;
+		request->ttl_cname = _dns_server_get_expired_cname_ttl_reply(dns_cache);
 	}
 
 	request->rcode = DNS_RC_NOERROR;
@@ -2410,15 +2448,17 @@ static int _dns_server_process_cache_packet(struct dns_request *request, struct
 		return 0;
 	}
 
+	unsigned char packet_buff[DNS_PACKSIZE];
+	struct dns_packet *packet = (struct dns_packet *)packet_buff;
+
+	if (dns_decode(packet, DNS_PACKSIZE, cache_packet->data, cache_packet->head.size) != 0) {
+		goto errout;
+	}
+
+	_dns_server_get_answer(request, packet);
+
+	_dns_server_audit_log(request);
 	if (request->result_callback) {
-		unsigned char packet_buff[DNS_PACKSIZE];
-		struct dns_packet *packet = (struct dns_packet *)packet_buff;
-
-		if (dns_decode(packet, DNS_PACKSIZE, cache_packet->data, cache_packet->head.size) != 0) {
-			goto errout;
-		}
-
-		_dns_server_get_answer(request, packet);
 		_dns_result_callback(request);
 	}
 
@@ -2689,6 +2729,11 @@ static int _dns_server_do_query(struct dns_request *request, const char *domain,
 		goto clean_exit;
 	}
 
+	/* process qtype soa */
+	if (_dns_server_qtype_soa(request) == 0) {
+		goto clean_exit;
+	}
+
 	/* process speed check rule */
 	_dns_server_process_speed_check_rule(request);
 

src/tlog.c

@@ -317,7 +317,7 @@ int tlog_localtime(struct tlog_time *tm)
     return _tlog_gettime(tm);
 }
 
-tlog_log *tlog_get_root()
+tlog_log *tlog_get_root(void)
 {
     return tlog.root;
 }
@@ -1395,6 +1395,35 @@ static int _tlog_root_write_log(struct tlog_log *log, const char *buff, int buff
     return tlog.output_func(&empty_info.info, buff, bufflen, tlog_get_private(log));
 }
 
+static void tlog_wait_zip_fini(void)
+{
+    tlog_log *next;
+    if (tlog.root == NULL) {
+        return;
+    }
+
+    int wait_zip = 1;
+    int time_out = 0;
+    while (wait_zip) {
+        wait_zip = 0;
+        time_out++;
+        next = tlog.log;
+        while (next) {
+            if (next->zip_pid > 0 && wait_zip == 0) {
+                wait_zip = 1;
+                usleep(1000);
+            }
+
+            if (kill(next->zip_pid, 0) != 0 || time_out >= 5000) {
+                next->zip_pid = -1;
+            }
+            next = next->next;
+        }
+    }
+
+    return;
+}
+
 static void *_tlog_work(void *arg)
 {
     int log_len = 0;
@@ -1408,6 +1437,9 @@ static void *_tlog_work(void *arg)
 
     unused = arg;
 
+    // for child process
+    tlog_wait_zip_fini();
+
     while (1) {
         log_len = 0;
         log_extlen = 0;
@@ -1680,6 +1712,12 @@ static void tlog_fork_prepare(void)
     }
 
     pthread_mutex_lock(&tlog.lock);
+    tlog_log *next;
+    next = tlog.log;
+    while (next) {
+        next->multi_log = 1;
+        next = next->next;
+    }
 }
 
 static void tlog_fork_parent(void)
@@ -1699,6 +1737,16 @@ static void tlog_fork_child(void)
         return;
     }
 
+    next = tlog.log;
+    while (next) {
+        next->start = 0;
+        next->end = 0;
+        next->ext_end = 0;
+        next->dropped = 0;
+        next->filesize = 0;
+        next = next->next;
+    }
+
     pthread_attr_init(&attr);
     int ret = pthread_create(&tlog.tid, &attr, _tlog_work, NULL);
     if (ret != 0) {

src/tlog.h

@@ -78,7 +78,9 @@ level: Current log Levels
 format: Log formats
 */
 #ifndef BASE_FILE_NAME
-#define BASE_FILE_NAME __FILE__
+#define BASE_FILE_NAME                                                     \
+  (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 \
+                                    : __FILE__)
 #endif
 #define tlog(level, format, ...) tlog_ext(level, BASE_FILE_NAME, __LINE__, __func__, NULL, format, ##__VA_ARGS__)
 

src/util.c

@@ -28,6 +28,7 @@
 #include <fcntl.h>
 #include <inttypes.h>
 #include <linux/capability.h>
+#include <linux/limits.h>
 #include <linux/netlink.h>
 #include <netinet/tcp.h>
 #include <openssl/crypto.h>
@@ -517,6 +518,7 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
 	ssize_t rc;
 	int af = 0;
 	static const struct sockaddr_nl snl = {.nl_family = AF_NETLINK};
+	uint32_t expire;
 
 	if (addr_len != IPV4_ADDR_LEN && addr_len != IPV6_ADDR_LEN) {
 		errno = EINVAL;
@@ -571,8 +573,8 @@ static int _ipset_operate(const char *ipsetname, const unsigned char addr[], int
 	nested[1]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[1];
 
 	if (timeout > 0 && _ipset_support_timeout(ipsetname) == 0) {
-		timeout = htonl(timeout);
-		_ipset_add_attr(netlink_head, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(timeout), &timeout);
+		expire = htonl(timeout);
+		_ipset_add_attr(netlink_head, IPSET_ATTR_TIMEOUT | NLA_F_NET_BYTEORDER, sizeof(expire), &expire);
 	}
 
 	nested[0]->len = (void *)buffer + NETLINK_ALIGN(netlink_head->nlmsg_len) - (void *)nested[0];
@@ -607,15 +609,22 @@ int ipset_del(const char *ipsetname, const unsigned char addr[], int addr_len)
 
 unsigned char *SSL_SHA256(const unsigned char *d, size_t n, unsigned char *md)
 {
-	SHA256_CTX c;
 	static unsigned char m[SHA256_DIGEST_LENGTH];
 
 	if (md == NULL)
 		md = m;
-	SHA256_Init(&c);
-	SHA256_Update(&c, d, n);
-	SHA256_Final(md, &c);
-	OPENSSL_cleanse(&c, sizeof(c));
+
+	EVP_MD_CTX* ctx = EVP_MD_CTX_create();
+	if (ctx == NULL) {
+		return NULL;
+	}
+
+	EVP_MD_CTX_init(ctx);
+	EVP_DigestInit_ex(ctx, EVP_sha256(), NULL);
+	EVP_DigestUpdate(ctx, d, n);
+	EVP_DigestFinal_ex(ctx, m, NULL);
+	EVP_MD_CTX_destroy(ctx);
+
 	return (md);
 }
 
@@ -736,7 +745,11 @@ void SSL_CRYPTO_thread_setup(void)
 		pthread_mutex_init(&(lock_cs[i]), NULL);
 	}
 
+#if OPENSSL_API_COMPAT < 0x10000000
 	CRYPTO_set_id_callback(_pthreads_thread_id);
+#else
+	CRYPTO_THREADID_set_callback(_pthreads_thread_id);
+#endif
 	CRYPTO_set_locking_callback(_pthreads_locking_callback);
 }
 
@@ -1058,4 +1071,4 @@ void print_stack(void)
 		void *offset = (void *)((char *)(addr) - (char *)(info.dli_fbase));
 		tlog(TLOG_FATAL, "#%.2d: %p %s from %s+%p", idx + 1, addr, symbol, info.dli_fname, offset);
 	}
-}
+}

systemd/smartdns.service

@@ -1,19 +0,0 @@
-[Unit]
-Description=SmartDNS Server
-After=network.target 
-StartLimitBurst=0
-StartLimitIntervalSec=60
-
-[Service]
-Type=forking
-PIDFile=/var/run/smartdns.pid
-EnvironmentFile=/etc/default/smartdns
-ExecStart=/usr/sbin/smartdns -p /var/run/smartdns.pid $SMART_DNS_OPTS 
-KillMode=process
-Restart=always
-RestartSec=2
-TimeoutStopSec=5
-
-[Install]
-WantedBy=multi-user.target
-Alias=smartdns.service