status openssl v1.1 support?

PGNet Dev at
Tue Mar 7 00:52:36 UTC 2017

In Bind 9.11.0-P3's "CHANGES"

	grep -i openssl CHANGES | grep "1\.1"
	4129.   [port]          Address API changes in OpenSSL 1.1.0. [RT #39532]

seems the bug DB is private/closed, so can't see the status of that^.

Trying to build against openssl v11x fails @ configure

	checking for OpenSSL library... using OpenSSL from /usr/local/openssl11/lib and /usr/local/openssl11/include
	checking whether linking with OpenSSL works... yes
	checking whether linking with OpenSSL requires -ldl... unknown
	configure: error: OpenSSL has unsupported dynamic loading

Searching on that bug leads to

		"It turns out that bind does not yet support OpenSSL 1.1 (see OPenssl 1.1 and Bind on bind-users mailing list)."

and to the ML

	OPenssl 1.1 and Bind

Where the last comment from marka at discusses direction

	It was mostly accessor functions were missing which I wasn't worried
	about as I expected them to turn up which they have.  You then have
	to recode everything to deal with all the structures being opaque.

	There is also the issue of making a code base that will compile w/
	OpenSSL 1.1 and OpenSSL 1.0 (and 0.9 despite it being EOL).  I
	suspect we will have static versions of the OpenSSL 1.1 accessor
	functions so we can build w/ OpenSSL 1.0 and not have too many
	#if/#else/#endif.  Aim to have all the code be written for OpenSSL 1.1.

	Need to figure out how GOST is now done.

	PKCS11 will most probably not be via OpenSSL anymore.

	Then there is the gssapi support libraries that also need to support
	OpenSSL 1.1.

but, afaict, nothing further.

What *IS* the current state/status of openssl 1.1 support in bind9?

Is it yet targeted for a specific release? or available as a current patchset?

More information about the bind-users mailing list