BIND 9.8.0 + openssl 1.0.0d + chroot == "issues"

Tony Finch dot at dotat.at
Wed Apr 20 00:31:18 UTC 2011


On 20 Apr 2011, at 01:11, Mark Andrews <marka at isc.org> wrote:
> In message <4DADFB29.6080508 at dougbarton.us>, Doug Barton writes:
>> I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled 
>> against openssl 1.0.0d not being able to chroot unless they copy 
>> $PREFIX/lib/engines/libgost.so into the chroot environment. 
> 
> It's a matter of how OpenSSL is built.  You can build openssl with
> gost as a dynamically loaded engine or you can build openssl with
> the engines already linked in.
> 
> Gost, unlike the rest of the crypto, is implemented as a engine.

I have encountered exactly the problem Doug described. I'll have to have a closer look at my OpenSSL build. I sent a message to bind9-bugs asking for a bit more flexibility in BIND's build configuration for GOST support, so it can be turned off easily in BIND even if OpenSSL supports it. (At the moment I bodge config.h to do this.)

Tony.
--
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/


More information about the bind-users mailing list