Make sure you have the following set: DEFAULT_VERSIONS=ssl=openssl111 It fails to build with error (for more details see here: http://pkg.fechner.net/data/112amd64-default/2018-10-05_15h32m09s/logs/errors/bind912-9.12.2P2.log): checking for OpenSSL ECDSA support... yes checking for OpenSSL GOST support... no configure: error: gost not supported ===> Script "configure" failed unexpectedly. Please report the problem to mat@FreeBSD.org [maintainer] and attach the "/wrkdirs/usr/ports/dns/bind912/work/bind-9.12.2-P2/config.log" including the output of the failure of your make command. Also, it might be a good idea to provide an overview of all packages installed on your system (e.g. a /usr/local/sbin/pkg-static info -g -Ea). *** Error code 1 GOST support is enabled for security/openssl111: # This file is auto-generated by 'make config'. # Options for openssl111-1.1.1_1 _OPTIONS_READ=openssl111-1.1.1_1 _FILE_COMPLETE_OPTIONS_LIST=ASYNC CT MAN3 RFC3779 SHARED ZLIB ARIA DES GOST IDEA SM2 SM3 SM4 RC2 RC4 RC5 MD2 MD4 MDC2 RMD160 ASM SSE2 THREADS EC NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 OPTIONS_FILE_SET+=ASYNC OPTIONS_FILE_SET+=CT OPTIONS_FILE_SET+=MAN3 OPTIONS_FILE_UNSET+=RFC3779 OPTIONS_FILE_SET+=SHARED OPTIONS_FILE_UNSET+=ZLIB OPTIONS_FILE_UNSET+=ARIA OPTIONS_FILE_SET+=DES OPTIONS_FILE_SET+=GOST OPTIONS_FILE_SET+=IDEA OPTIONS_FILE_UNSET+=SM2 OPTIONS_FILE_UNSET+=SM3 OPTIONS_FILE_UNSET+=SM4 OPTIONS_FILE_SET+=RC2 OPTIONS_FILE_SET+=RC4 OPTIONS_FILE_UNSET+=RC5 OPTIONS_FILE_UNSET+=MD2 OPTIONS_FILE_SET+=MD4 OPTIONS_FILE_UNSET+=MDC2 OPTIONS_FILE_SET+=RMD160 OPTIONS_FILE_SET+=ASM OPTIONS_FILE_SET+=SSE2 OPTIONS_FILE_SET+=THREADS OPTIONS_FILE_SET+=EC OPTIONS_FILE_SET+=NEXTPROTONEG OPTIONS_FILE_SET+=SCTP OPTIONS_FILE_UNSET+=SSL3 OPTIONS_FILE_SET+=TLS1 OPTIONS_FILE_SET+=TLS1_1 OPTIONS_FILE_SET+=TLS1_2 I'm not sure if the problem is related to OpenSSL or bind. Exactly same problem with dns/bind911. The port dns/bind913 builds fine.
FWIW, gost is not supported in OpenSSL 1.1, from https://www.openssl.org/news/cl110.txt --- *) The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). [Matt Caswell] ---
(In reply to candrews from comment #1) Thanks a lot for this tip, removing GOST fixes the problem. I hope that does not break DNSSEC. Should be maybe disable this option for openssl111?
GOST was never widely used in DNSSEC, I think it is mostly there because it was an algorithm developped by Russia. GOST support has been removed after 9.12 anyway. I think I will remove it from previous versions too.
A commit references this bug: Author: mat Date: Fri Nov 2 10:13:15 UTC 2018 New revision: 483798 URL: https://svnweb.freebsd.org/changeset/ports/483798 Log: Remove GOST support from BIND9 9.11 and 9.12. It was never (widely|really) used, and support for it has been dropped in OpenSSL starting at 1.1, and BIND9 starting at 9.13. PR: 231980 Reported by: mfechner Changes: head/dns/bind911/Makefile head/dns/bind912/Makefile
Thanks a lot!