On Thu, Aug 20, 2020 at 11:59:01AM +0300, Dmitry Belyavsky wrote:
> OpenSSL uses gethostbyname/gethostbyaddr
Also getaddrinfo(3), I hope in preference to the obsolete interfaces.
There is no explicit use of DNS in OpenSSL, and many OpenSSL
applications open their own TCP connections, and then ask OpenSSL
to perform a handshake over an already connected socket, in which
case OpenSSL does no name lookups at all.
On Thu, Aug 20, 2020 at 11:56:45PM +0200, David von Oheimb wrote:
> OpenSSL has one function, namely BIO_lookup_ex(), that uses DNS lookup
> functions. Since commit 28a0841bf58e3813b2e07ad22f19484308e2f70a of
> 02 Feb 2016 it uses getaddrinfo().
Right, but even this is not "DNS lookup". It is hostname + service name
resolution via the operating system's mechanisms for resolving hostnames
and service names. This may, or may not, involve DNS lookups. There is
no code in OpenSSL that *directly* performs DNS lookups.