Bug 198981 - [PATCH] dns/knot: Fix build with LibreSSL
Summary: [PATCH] dns/knot: Fix build with LibreSSL
Status: Closed DUPLICATE of bug 199298
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
Keywords: patch
Depends on:
Reported: 2015-03-28 10:45 UTC by Bernard Spil
Modified: 2015-04-09 05:53 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (freebsd)

svn diff for dns/knot (1.02 KB, patch)
2015-03-28 10:45 UTC, Bernard Spil
no flags Details | Diff
Poudirere build log of dns/knot (45.31 KB, text/plain)
2015-03-28 10:46 UTC, Bernard Spil
no flags Details
libressl patch, lmdb backend, and minor cleanups (3.09 KB, patch)
2015-04-04 00:27 UTC, Leo Vandewoestijne
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2015-03-28 10:45:59 UTC
Created attachment 154909 [details]
svn diff for dns/knot

dns/knot fails to build with LibreSSL due to missing ENGINE_load_gost method. There is a detection mechanism in the code but that did't pick up LibreSSL, attached patch fixes that.

Upstreamed to https://gitlab.labs.nic.cz/labs/knot/issues/335
Comment 1 Bernard Spil freebsd_committer 2015-03-28 10:46:37 UTC
Created attachment 154910 [details]
Poudirere build log of dns/knot
Comment 2 Mark Felder freebsd_committer 2015-03-31 14:51:13 UTC
Has upstream been notified?
Comment 3 Leo Vandewoestijne 2015-03-31 16:51:58 UTC
That's nice, thank you very much for this patch!
I'm enthousiast to see automatic DNSSEC signing with an alternative next to OpenSSL.
But, if I read correct; using GHOST will not be possible when using LibreSSL?
If so, then I think users should be aware of that (to prevent auto-signing suddenly breaking on an unexpected later moment).

I will try to also fix the configure-option-dialog (and requirements accordingly) later today.
Comment 4 Bernard Spil freebsd_committer 2015-03-31 18:26:49 UTC

LibreSSL initially removed GOST due to potential problems with intellectual property or licences. Later GOST support was added again, but I'd have to look up the details. My work primarily involves making ports work with both OpenSSL and LibreSSL for now...

Check http://marc.info/?l=openbsd-announce&m=141809396501638 for more info...

If you find anything, please let me know so I can add it to the wiki article 

Thanks! Bernard.
Comment 5 Leo Vandewoestijne 2015-04-04 00:27:35 UTC
Created attachment 155170 [details]
libressl patch, lmdb backend, and minor cleanups
Comment 6 Leo Vandewoestijne 2015-04-04 00:29:53 UTC
Thanks for your efforts in pushing LibreSSL into the ports.

Above includes the same patch, but prevents possible unaware breaking GOST in DNSSEC.

Further it adds the LMDB backend.

@Mark Felder:
Yes, upstream is notified; reporting issues trough Github is preferred over email.
Comment 7 Leo Vandewoestijne 2015-04-08 14:05:48 UTC
Once PR 199292 is committed I could also add support for dnstap - see http://dnstap.info
Comment 8 Leo Vandewoestijne 2015-04-08 16:27:13 UTC
This PR is superseded by PR 199298: knot 1.6.3 was released today.

Further CZ.NIC confirmed to take care that the LibreSSL patch will be absolete in their next release.
Comment 9 Kubilay Kocak freebsd_committer freebsd_triage 2015-04-09 05:46:57 UTC
Superseded by bug 199298

*** This bug has been marked as a duplicate of bug 199298 ***