patches to make bind9 with TKEY/GSS updates easier to configure

tridge at tridge at
Fri Dec 3 00:48:21 UTC 2010

Hi Michael,

Thanks for access to your NetBSD box. I found a bug in
lib/dns/openssl_link.c in entropy_get() and entropy_getpseudo(). They
should be returning 1 on success, not num (see the RAND_bytes(3) man
page). It looks like this bug has been found before:

I've put a patch for this in my patch set:

with the change, the tsiggss test passes for me on your box.

If it still fails for you, can you tell me what options you are
passing to configure? I am using:

  ./configure --with-gssapi=/usr --prefix=$HOME/prefix --with-openssl=/usr --with-randomdev=/dev/urandom

and I am testing tsiggss like this:

 (cd bin/tests/system/ && sh tsiggss)

the source tree I am using is in /home/tridge/bind9 on your machine,
and is a clone of:


this is just the 9.7.2-P1 tarball, plus the patches from

Cheers, Tridge

 > On my NetBSD machine:
 > S:tsiggss:Thu Dec  2 18:00:39 UTC 2010
 > T:tsiggss:1:A
 > A:System test tsiggss
 > I:testing updates as administrator
 > I:testing update for testdc1.example.nil. A 86400 A
 > Check your Kerberos ticket, it may have expired.

More information about the bind-workers mailing list