status openssl v1.1 support?
PGNet Dev
pgnet.dev at gmail.com
Tue Mar 7 00:52:36 UTC 2017
In Bind 9.11.0-P3's "CHANGES"
grep -i openssl CHANGES | grep "1\.1"
4129. [port] Address API changes in OpenSSL 1.1.0. [RT #39532]
seems the bug DB is private/closed, so can't see the status of that^.
Trying to build against openssl v11x fails @ configure
...
checking for OpenSSL library... using OpenSSL from /usr/local/openssl11/lib and /usr/local/openssl11/include
checking whether linking with OpenSSL works... yes
checking whether linking with OpenSSL requires -ldl... unknown
configure: error: OpenSSL has unsupported dynamic loading
...
Searching on that bug leads to
http://superuser.com/questions/1182479/configure-error-openssl-has-unsupported-dynamic-loading-when-building-bind9
"It turns out that bind does not yet support OpenSSL 1.1 (see OPenssl 1.1 and Bind on bind-users mailing list)."
and to the ML
OPenssl 1.1 and Bind
https://lists.isc.org/pipermail/bind-users/2016-August/097391.html
Where the last comment from marka at isc.org discusses direction
It was mostly accessor functions were missing which I wasn't worried
about as I expected them to turn up which they have. You then have
to recode everything to deal with all the structures being opaque.
There is also the issue of making a code base that will compile w/
OpenSSL 1.1 and OpenSSL 1.0 (and 0.9 despite it being EOL). I
suspect we will have static versions of the OpenSSL 1.1 accessor
functions so we can build w/ OpenSSL 1.0 and not have too many
#if/#else/#endif. Aim to have all the code be written for OpenSSL 1.1.
Need to figure out how GOST is now done.
PKCS11 will most probably not be via OpenSSL anymore.
Then there is the gssapi support libraries that also need to support
OpenSSL 1.1.
but, afaict, nothing further.
What *IS* the current state/status of openssl 1.1 support in bind9?
Is it yet targeted for a specific release? or available as a current patchset?
More information about the bind-users
mailing list