OpenSSL problem: bind98-base FreeBSD port

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Jul 9 07:23:27 UTC 2012 

On 09/07/2012 01:40, Doug Barton wrote:
> On 07/08/2012 17:33, Matthew Pounsett wrote:
>>
>> On 2012/07/08, at 20:29, Matthew Pounsett wrote:
>>
>>>
>>> On 2012/07/08, at 20:26, Mark Andrews wrote:
>>>
>>>>
>>>> One can also build named w/o GOST support if one wants.  We statically
>>>> link all the engines when building named on Windows.
>>>
>>> Unfortunately the port doesn't provide the config hooks to disable GOST support.
>>
>> Actually.. how do you go about doing that anyway?  I was just taking a look at writing a patch for the port to allow GOST to be turned off, but BIND's configure script doesn't have any information in it about disabling individual ciphers.
> 
> I wouldn't accept it anyway. For better or worse, GOST is part of the
> protocol.

GOST is not available in the version of OpenSSL in the FreeBSD base.

Here's a patch to turn off GOST from the dns/bind99 port when used with
openssl 1.0.x also from ports:

cvs diff: Diffing .
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/bind99/Makefile,v
retrieving revision 1.9
diff -u -u -r1.9 Makefile
--- Makefile	4 Jun 2012 21:51:34 -0000	1.9
+++ Makefile	9 Jun 2012 08:59:45 -0000
@@ -209,6 +209,11 @@
 		${WRKSRC}/bin/named/Makefile.in.Dist > \
 		${WRKSRC}/bin/named/Makefile.in

+.if defined(WITH_OPENSSL_PORT)
+post-configure:
+	${SED} -i~ -e 's:^#define HAVE_OPENSSL_GOST.*:/* #undef
HAVE_OPENSSL_GOST */:' ${WRKSRC}/config.h
+.endif
+
 PORTDOCS=	*
 PKGMESSAGE=	${.CURDIR}/../bind97/pkg-message
 PKGINSTALL=	${.CURDIR}/../bind97/pkg-install

The equivalent for dns/bind98 is almost identical.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120709/09e25c47/attachment.bin>

More information about the bind-users mailing list