patches to make bind9 with TKEY/GSS updates easier to configure
tridge at samba.org
tridge at samba.org
Fri Dec 3 00:48:21 UTC 2010
Hi Michael,
Thanks for access to your NetBSD box. I found a bug in
lib/dns/openssl_link.c in entropy_get() and entropy_getpseudo(). They
should be returning 1 on success, not num (see the RAND_bytes(3) man
page). It looks like this bug has been found before:
http://comments.gmane.org/gmane.comp.encryption.kerberos.heimdal.general/5601
I've put a patch for this in my patch set:
http://samba.org/tridge/bind9-patches/0009-openssl-RAND_bytes-should-return-1-on-success-not-nu.patch
with the change, the tsiggss test passes for me on your box.
If it still fails for you, can you tell me what options you are
passing to configure? I am using:
./configure --with-gssapi=/usr --prefix=$HOME/prefix --with-openssl=/usr --with-randomdev=/dev/urandom
and I am testing tsiggss like this:
(cd bin/tests/system/ && sh run.sh tsiggss)
the source tree I am using is in /home/tridge/bind9 on your machine,
and is a clone of:
git://git.samba.org/tridge/bind9
this is just the 9.7.2-P1 tarball, plus the patches from
http://samba.org/tridge/bind9-patches/
Cheers, Tridge
> On my NetBSD machine:
>
> S:tsiggss:Thu Dec 2 18:00:39 UTC 2010
> T:tsiggss:1:A
> A:System test tsiggss
> I:testing updates as administrator
> I:testing update for testdc1.example.nil. A 86400 A 10.53.0.10
> Check your Kerberos ticket, it may have expired.
More information about the bind-workers
mailing list