Make sure you have the following set:
It fails to build with error (for more details see here: http://pkg.fechner.net/data/112amd64-default/2018-10-05_15h32m09s/logs/errors/bind912-9.12.2P2.log):
checking for OpenSSL ECDSA support... yes
checking for OpenSSL GOST support... no
configure: error: gost not supported
===> Script "configure" failed unexpectedly.
Please report the problem to mat@FreeBSD.org [maintainer] and attach the
"/wrkdirs/usr/ports/dns/bind912/work/bind-9.12.2-P2/config.log" including the
output of the failure of your make command. Also, it might be a good idea to
provide an overview of all packages installed on your system (e.g. a
/usr/local/sbin/pkg-static info -g -Ea).
*** Error code 1
GOST support is enabled for security/openssl111:
# This file is auto-generated by 'make config'.
# Options for openssl111-1.1.1_1
_FILE_COMPLETE_OPTIONS_LIST=ASYNC CT MAN3 RFC3779 SHARED ZLIB ARIA DES GOST IDEA SM2 SM3 SM4 RC2 RC4 RC5 MD2 MD4 MDC2 RMD160 ASM SSE2 THREADS EC NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2
I'm not sure if the problem is related to OpenSSL or bind.
Exactly same problem with dns/bind911.
The port dns/bind913 builds fine.
FWIW, gost is not supported in OpenSSL 1.1, from https://www.openssl.org/news/cl110.txt
*) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
(In reply to candrews from comment #1)
Thanks a lot for this tip, removing GOST fixes the problem.
I hope that does not break DNSSEC.
Should be maybe disable this option for openssl111?
GOST was never widely used in DNSSEC, I think it is mostly there because it was an algorithm developped by Russia.
GOST support has been removed after 9.12 anyway. I think I will remove it from previous versions too.
A commit references this bug:
Date: Fri Nov 2 10:13:15 UTC 2018
New revision: 483798
Remove GOST support from BIND9 9.11 and 9.12.
It was never (widely|really) used, and support for it has been dropped
in OpenSSL starting at 1.1, and BIND9 starting at 9.13.
Reported by: mfechner
Thanks a lot!