Compiling bind 9.17.15 with alternate OpenSSL library

Ondřej Surý ondrej at isc.org
Mon Jul 5 17:07:24 UTC 2021


Oh, you are right. That will get only used when pkg-config based method doesn’t work. We probably should remove that as openssl.pc is now widely available.

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 5. 7. 2021, at 18:57, Eric Germann <ekgermann at semperen.com> wrote:
> 
> I’m confused
> 
> ./configure --help | grep openssl
> 
>   --with-openssl=DIR      root of the OpenSSL directory
> 
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
> 
> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
> 
> 
> 
> 
> 
> 
> 
>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý <ondrej at isc.org> wrote:
>> 
>> Eric,
>> 
>> configure uses pkg-config to detect OpenSSL version thus you need to point pkg-config to the right directory.
>> 
>> There’s no such option to configure.
>> 
>> Ondřej
>> --
>> Ondřej Surý — ISC (He/Him)
>> 
>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>> 
>>>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users <bind-users at lists.isc.org> wrote:
>>>> 
>>> I’m in the process of building a custom version of bind with DoH and would also like to add DNSSEC algorithm 15 for experimental purposes
>>> 
>>> DoH works just fine on the servers I have configured.
>>> 
>>> My “configure" command is
>>> 
>>>   ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace --sysconfdir=/etc/namedb
>>> 
>>> When I override the SSL library, it doesn’t pick it up.  It uses the system library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>> 
>>> I know when I build nginx, I can override the SSL library by pointing to the OpenSSL directory and it shows and functions with the correct library (1.1.1k).
>>> 
>>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done a “make install” because it will trash the system.
>>> 
>>> Is there anyway to build against 1.1.1k without doing a “make install” on the newer OpenSSL library?
>>> 
>>> Thanks
>>> 
>>> ---
>>> Eric Germann
>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>> Twitter: @ekgermann
>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>> 
>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>> 
>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>> 
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210705/ee0762a2/attachment-0001.htm>


More information about the bind-users mailing list