Summary: | dns/bind912 does not build with OpenSSL 1.1.1 | ||
---|---|---|---|
Product: | Ports & Packages | Reporter: | Matthias Fechner <mfechner> |
Component: | Individual Port(s) | Assignee: | Mathieu Arnold <mat> |
Status: | Closed FIXED | ||
Severity: | Affects Only Me | CC: | candrews |
Priority: | --- | Flags: | bugzilla:
maintainer-feedback?
(mat) |
Version: | Latest | ||
Hardware: | Any | ||
OS: | Any |
Description
Matthias Fechner
2018-10-05 13:49:46 UTC
FWIW, gost is not supported in OpenSSL 1.1, from https://www.openssl.org/news/cl110.txt --- *) The GOST engine was out of date and therefore it has been removed. An up to date GOST engine is now being maintained in an external repository. See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains support for GOST ciphersuites (these are only activated if a GOST engine is present). [Matt Caswell] --- (In reply to candrews from comment #1) Thanks a lot for this tip, removing GOST fixes the problem. I hope that does not break DNSSEC. Should be maybe disable this option for openssl111? GOST was never widely used in DNSSEC, I think it is mostly there because it was an algorithm developped by Russia. GOST support has been removed after 9.12 anyway. I think I will remove it from previous versions too. A commit references this bug: Author: mat Date: Fri Nov 2 10:13:15 UTC 2018 New revision: 483798 URL: https://svnweb.freebsd.org/changeset/ports/483798 Log: Remove GOST support from BIND9 9.11 and 9.12. It was never (widely|really) used, and support for it has been dropped in OpenSSL starting at 1.1, and BIND9 starting at 9.13. PR: 231980 Reported by: mfechner Changes: head/dns/bind911/Makefile head/dns/bind912/Makefile Thanks a lot! |