BIND 9.8.0 + openssl 1.0.0d + chroot == "issues"
Mark Andrews
marka at isc.org
Wed Apr 20 00:11:21 UTC 2011
In message <4DADFB29.6080508 at dougbarton.us>, Doug Barton writes:
> I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled
> against openssl 1.0.0d not being able to chroot unless they copy
> $PREFIX/lib/engines/libgost.so into the chroot environment.
> Traditionally, copying libs into the chroot directory has not been
> necessary, so I'm curious. Building 9.8 against the default openssl in
> the FreeBSD base (0.9.8q) I have not experienced this problem.
>
> I haven't actually tried this with 1.0.0d myself yet, so I thought I'd
> ask about it here first before filing a bug report. Could this be a
> (previously unknown form of) user error? Or is it an actual BIND bug (or
> an openssl bug for that matter)?
It's a matter of how OpenSSL is built. You can build openssl with
gost as a dynamically loaded engine or you can build openssl with
the engines already linked in.
Gost, unlike the rest of the crypto, is implemented as a engine.
> Thanks,
>
> Doug
>
> --
>
> Nothin' ever doesn't change, but nothin' changes much.
> -- OK Go
>
> Breadth of IT experience, and depth of knowledge in the DNS.
> Yours for the right price. :) http://SupersetSolutions.com/
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list