OpenSSL problem: bind98-base FreeBSD port
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Jul 9 07:23:27 UTC 2012
On 09/07/2012 01:40, Doug Barton wrote:
> On 07/08/2012 17:33, Matthew Pounsett wrote:
>>
>> On 2012/07/08, at 20:29, Matthew Pounsett wrote:
>>
>>>
>>> On 2012/07/08, at 20:26, Mark Andrews wrote:
>>>
>>>>
>>>> One can also build named w/o GOST support if one wants. We statically
>>>> link all the engines when building named on Windows.
>>>
>>> Unfortunately the port doesn't provide the config hooks to disable GOST support.
>>
>> Actually.. how do you go about doing that anyway? I was just taking a look at writing a patch for the port to allow GOST to be turned off, but BIND's configure script doesn't have any information in it about disabling individual ciphers.
>
> I wouldn't accept it anyway. For better or worse, GOST is part of the
> protocol.
GOST is not available in the version of OpenSSL in the FreeBSD base.
Here's a patch to turn off GOST from the dns/bind99 port when used with
openssl 1.0.x also from ports:
cvs diff: Diffing .
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/bind99/Makefile,v
retrieving revision 1.9
diff -u -u -r1.9 Makefile
--- Makefile 4 Jun 2012 21:51:34 -0000 1.9
+++ Makefile 9 Jun 2012 08:59:45 -0000
@@ -209,6 +209,11 @@
${WRKSRC}/bin/named/Makefile.in.Dist > \
${WRKSRC}/bin/named/Makefile.in
+.if defined(WITH_OPENSSL_PORT)
+post-configure:
+ ${SED} -i~ -e 's:^#define HAVE_OPENSSL_GOST.*:/* #undef
HAVE_OPENSSL_GOST */:' ${WRKSRC}/config.h
+.endif
+
PORTDOCS= *
PKGMESSAGE= ${.CURDIR}/../bind97/pkg-message
PKGINSTALL= ${.CURDIR}/../bind97/pkg-install
The equivalent for dns/bind98 is almost identical.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120709/09e25c47/attachment.bin>
More information about the bind-users
mailing list