Created attachment 154909 [details]
svn diff for dns/knot
dns/knot fails to build with LibreSSL due to missing ENGINE_load_gost method. There is a detection mechanism in the code but that did't pick up LibreSSL, attached patch fixes that.
Upstreamed to https://gitlab.labs.nic.cz/labs/knot/issues/335
Created attachment 154910 [details]
Poudirere build log of dns/knot
Has upstream been notified?
That's nice, thank you very much for this patch!
I'm enthousiast to see automatic DNSSEC signing with an alternative next to OpenSSL.
But, if I read correct; using GHOST will not be possible when using LibreSSL?
If so, then I think users should be aware of that (to prevent auto-signing suddenly breaking on an unexpected later moment).
I will try to also fix the configure-option-dialog (and requirements accordingly) later today.
LibreSSL initially removed GOST due to potential problems with intellectual property or licences. Later GOST support was added again, but I'd have to look up the details. My work primarily involves making ports work with both OpenSSL and LibreSSL for now...
Check http://marc.info/?l=openbsd-announce&m=141809396501638 for more info...
If you find anything, please let me know so I can add it to the wiki article
Created attachment 155170 [details]
libressl patch, lmdb backend, and minor cleanups
Thanks for your efforts in pushing LibreSSL into the ports.
Above includes the same patch, but prevents possible unaware breaking GOST in DNSSEC.
Further it adds the LMDB backend.
Yes, upstream is notified; reporting issues trough Github is preferred over email.
Once PR 199292 is committed I could also add support for dnstap - see http://dnstap.info
This PR is superseded by PR 199298: knot 1.6.3 was released today.
Further CZ.NIC confirmed to take care that the LibreSSL patch will be absolete in their next release.
Superseded by bug 199298
*** This bug has been marked as a duplicate of bug 199298 ***