Compiling bind 9.17.15 with alternate OpenSSL library

Eric Germann ekgermann at semperen.com
Mon Jul 5 17:33:19 UTC 2021 

Bummer.

Thanks for the quick turnaround though!

---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712

GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1







> On Jul 5, 2021, at 1:07 PM, Ondřej Surý <ondrej at isc.org> wrote:
> 
> Oh, you are right. That will get only used when pkg-config based method doesn’t work. We probably should remove that as openssl.pc is now widely available.
> 
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
> 
> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> 
>> On 5. 7. 2021, at 18:57, Eric Germann <ekgermann at semperen.com> wrote:
>> 
>> I’m confused
>> 
>> ./configure --help | grep openssl
>> 
>>   --with-openssl=DIR      root of the OpenSSL directory
>> 
>> ---
>> Eric Germann
>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>> LinkedIn: https://www.linkedin.com/in/ericgermann <https://www.linkedin.com/in/ericgermann>
>> Twitter: @ekgermann
>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>> 
>> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý <ondrej at isc.org <mailto:ondrej at isc.org>> wrote:
>>> 
>>> Eric,
>>> 
>>> configure uses pkg-config to detect OpenSSL version thus you need to point pkg-config to the right directory.
>>> 
>>> There’s no such option to configure.
>>> 
>>> Ondřej
>>> --
>>> Ondřej Surý — ISC (He/Him)
>>> 
>>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>> 
>>>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users <bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>> wrote:
>>>> 
>>>> I’m in the process of building a custom version of bind with DoH and would also like to add DNSSEC algorithm 15 for experimental purposes
>>>> 
>>>> DoH works just fine on the servers I have configured.
>>>> 
>>>> My “configure" command is
>>>> 
>>>>   ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace --sysconfdir=/etc/namedb
>>>> 
>>>> When I override the SSL library, it doesn’t pick it up.  It uses the system library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>>> 
>>>> I know when I build nginx, I can override the SSL library by pointing to the OpenSSL directory and it shows and functions with the correct library (1.1.1k).
>>>> 
>>>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done a “make install” because it will trash the system.
>>>> 
>>>> Is there anyway to build against 1.1.1k without doing a “make install” on the newer OpenSSL library?
>>>> 
>>>> Thanks
>>>> 
>>>> ---
>>>> Eric Germann
>>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>>> LinkedIn: https://www.linkedin.com/in/ericgermann <https://www.linkedin.com/in/ericgermann>
>>>> Twitter: @ekgermann
>>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>> 
>>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list
>>>> 
>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ <https://www.isc.org/contact/> for more information.
>>>> 
>>>> 
>>>> bind-users mailing list
>>>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>>>> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users>
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210705/f3cddb30/attachment-0001.htm>

More information about the bind-users mailing list