BIND 9.8.0 + openssl 1.0.0d + chroot == "issues"
Doug Barton
dougb at dougbarton.us
Fri Apr 22 21:55:41 UTC 2011
On 04/19/2011 17:11, Mark Andrews wrote:
> In message<4DADFB29.6080508 at dougbarton.us>, Doug Barton writes:
>> I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled
>> against openssl 1.0.0d not being able to chroot unless they copy
>> $PREFIX/lib/engines/libgost.so into the chroot environment.
>> Traditionally, copying libs into the chroot directory has not been
>> necessary, so I'm curious. Building 9.8 against the default openssl in
>> the FreeBSD base (0.9.8q) I have not experienced this problem.
>>
>> I haven't actually tried this with 1.0.0d myself yet, so I thought I'd
>> ask about it here first before filing a bug report. Could this be a
>> (previously unknown form of) user error? Or is it an actual BIND bug (or
>> an openssl bug for that matter)?
>
> It's a matter of how OpenSSL is built. You can build openssl with
> gost as a dynamically loaded engine or you can build openssl with
> the engines already linked in.
>
> Gost, unlike the rest of the crypto, is implemented as a engine.
I finally had a chance to test this, and using the enable-static-engine
build option didn't have any effect. That was the only relevant-looking
option I was able to find after a non-trivial amount of time looking
through the openssl code and web-searching, do you have any other
suggestions? :)
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the bind-users
mailing list