OpenSSL problem: bind98-base FreeBSD port

Michael Sinatra michael at
Sun Jul 8 19:04:26 UTC 2012

On 07/08/12 09:54, Matthew Pounsett wrote:
> 08-Jul-2012 16:45:00.352 initializing DST: openssl failure
> 08-Jul-2012 16:45:00.352 exiting (due to fatal error)

In particular the logs above suggest that named is unable to find the 
necessary openssl libraries.  In the case where openssl 1.x.x is 
compiled with shared libraries enabled, named can't see the openssl 
engines (necessary for GOST crypto support) in its chrooted environment.

What makes me doubt what I just said is that this has been an issue for 
more than a year now, so I am not sure why you have escaped it for so 
long.  I assume you had openssl 1.0.x installed before you upgraded 
it--or was it an earlier version?

At any rate, if you run make config in /usr/ports/security/openssl, it 
gives you the option of compiling the libraries statically.  I have 
successfully done this in the past and it has worked.  However, anything 
else that is currently depending on the openssl shared library from 
ports (as opposed to the bundled system) will need to be recompiled 
before it will work, as will bind 9.8.

Doug Barton may have some better ideas as to how best to make it all work.


More information about the bind-users mailing list