Crypto failure Issues
Stewart, Larry C Sr CTR DISA JITC (US)
larry.c.stewart.ctr at mail.mil
Fri Jul 24 17:31:53 UTC 2015
All
It occurred to me that you may need more info to assist me the logs show the following:
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] starting BIND 9.10.2-P2 -t /nithr -u nithr -d 2 -f
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] built with '--prefix=/' '--with-openssl=/usr/local/ssl' '--enable-threads' 'CC=/usr/sfw/bin/gcc'
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium,
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] corporation. Support and training for BIND 9 are
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] available at https://www.isc.org/support
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ----------------------------------------------------
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure)
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] initializing DST: crypto failure
Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] exiting (due to fatal error)
As you can see I am running named in a chroot jail. I compile it the same as when I am using the older version of openssl. Looking on line this issue seems to have raised its head with the release of openssl 1.0.0, but I have yet to discover a solution on line.
Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart.ctr at mail.mil
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Stewart, Larry C Sr CTR DISA JITC (US)
Sent: Friday, July 24, 2015 9:22 AM
To: bind-users at lists.isc.org
Subject: Crypto failure Issues
I am having issues with bind failing to start due to a crypto failure when I compile with the --with-openssl option when I have openssl version 1.0.2d or 1.0.2c
Is anyone aware of any compatibility issues between bind and openssl version 1.0.2? I have no issues when I use openssl version 0.9.8zf.
My system is a Solaris 10 x86 OS
Larry Stewart, CISSP
Contractor - ManTech
Network Engineer
Office: 520-538-4227
DSN: 879-4227
Cell phone: 520-227-8251
larry.c.stewart.ctr at mail.mil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5605 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150724/d8d61fda/attachment-0001.bin>
More information about the bind-users
mailing list