Compiling bind 9.17.15 with alternate OpenSSL library

Ondřej Surý ondrej at isc.org
Mon Jul 5 18:05:03 UTC 2021 

Setting PKG_CONFIG_PATH should work as charm…

--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.

> On 5. 7. 2021, at 19:33, Eric Germann <ekgermann at semperen.com> wrote:
> 
> Bummer.
> 
> Thanks for the quick turnaround though!
> 
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
> 
> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
> 
> 
> 
> 
> 
> 
> 
>> On Jul 5, 2021, at 1:07 PM, Ondřej Surý <ondrej at isc.org> wrote:
>> 
>> Oh, you are right. That will get only used when pkg-config based method doesn’t work. We probably should remove that as openssl.pc is now widely available.
>> 
>> Ondřej
>> --
>> Ondřej Surý — ISC (He/Him)
>> 
>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>> 
>>>> On 5. 7. 2021, at 18:57, Eric Germann <ekgermann at semperen.com> wrote:
>>>> 
>>> I’m confused
>>> 
>>> ./configure --help | grep openssl
>>> 
>>>   --with-openssl=DIR      root of the OpenSSL directory
>>> 
>>> ---
>>> Eric Germann
>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>> Twitter: @ekgermann
>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>> 
>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý <ondrej at isc.org> wrote:
>>>> 
>>>> Eric,
>>>> 
>>>> configure uses pkg-config to detect OpenSSL version thus you need to point pkg-config to the right directory.
>>>> 
>>>> There’s no such option to configure.
>>>> 
>>>> Ondřej
>>>> --
>>>> Ondřej Surý — ISC (He/Him)
>>>> 
>>>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>>> 
>>>>>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users <bind-users at lists.isc.org> wrote:
>>>>>> 
>>>>> I’m in the process of building a custom version of bind with DoH and would also like to add DNSSEC algorithm 15 for experimental purposes
>>>>> 
>>>>> DoH works just fine on the servers I have configured.
>>>>> 
>>>>> My “configure" command is
>>>>> 
>>>>>   ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace --sysconfdir=/etc/namedb
>>>>> 
>>>>> When I override the SSL library, it doesn’t pick it up.  It uses the system library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>>>> 
>>>>> I know when I build nginx, I can override the SSL library by pointing to the OpenSSL directory and it shows and functions with the correct library (1.1.1k).
>>>>> 
>>>>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done a “make install” because it will trash the system.
>>>>> 
>>>>> Is there anyway to build against 1.1.1k without doing a “make install” on the newer OpenSSL library?
>>>>> 
>>>>> Thanks
>>>>> 
>>>>> ---
>>>>> Eric Germann
>>>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>>>> Twitter: @ekgermann
>>>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>>> 
>>>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390  60A9 E30D 9B9B 3EBF F1A1
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>>> 
>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>> 
>>>>> 
>>>>> bind-users mailing list
>>>>> bind-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210705/eeb25113/attachment-0001.htm>

More information about the bind-users mailing list