Compiling bind 9.17.15 with alternate OpenSSL library
Ondřej Surý
ondrej at isc.org
Mon Jul 5 18:05:03 UTC 2021
Setting PKG_CONFIG_PATH should work as charm…
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
> On 5. 7. 2021, at 19:33, Eric Germann <ekgermann at semperen.com> wrote:
>
> Bummer.
>
> Thanks for the quick turnaround though!
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
>> On Jul 5, 2021, at 1:07 PM, Ondřej Surý <ondrej at isc.org> wrote:
>>
>> Oh, you are right. That will get only used when pkg-config based method doesn’t work. We probably should remove that as openssl.pc is now widely available.
>>
>> Ondřej
>> --
>> Ondřej Surý — ISC (He/Him)
>>
>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>
>>>> On 5. 7. 2021, at 18:57, Eric Germann <ekgermann at semperen.com> wrote:
>>>>
>>> I’m confused
>>>
>>> ./configure --help | grep openssl
>>>
>>> --with-openssl=DIR root of the OpenSSL directory
>>>
>>> ---
>>> Eric Germann
>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>> Twitter: @ekgermann
>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>
>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý <ondrej at isc.org> wrote:
>>>>
>>>> Eric,
>>>>
>>>> configure uses pkg-config to detect OpenSSL version thus you need to point pkg-config to the right directory.
>>>>
>>>> There’s no such option to configure.
>>>>
>>>> Ondřej
>>>> --
>>>> Ondřej Surý — ISC (He/Him)
>>>>
>>>> My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
>>>>
>>>>>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users <bind-users at lists.isc.org> wrote:
>>>>>>
>>>>> I’m in the process of building a custom version of bind with DoH and would also like to add DNSSEC algorithm 15 for experimental purposes
>>>>>
>>>>> DoH works just fine on the servers I have configured.
>>>>>
>>>>> My “configure" command is
>>>>>
>>>>> ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace --sysconfdir=/etc/namedb
>>>>>
>>>>> When I override the SSL library, it doesn’t pick it up. It uses the system library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>>>>
>>>>> I know when I build nginx, I can override the SSL library by pointing to the OpenSSL directory and it shows and functions with the correct library (1.1.1k).
>>>>>
>>>>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done a “make install” because it will trash the system.
>>>>>
>>>>> Is there anyway to build against 1.1.1k without doing a “make install” on the newer OpenSSL library?
>>>>>
>>>>> Thanks
>>>>>
>>>>> ---
>>>>> Eric Germann
>>>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>>>> Twitter: @ekgermann
>>>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>>>
>>>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>>>
>>>>> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>>>>>
>>>>>
>>>>> bind-users mailing list
>>>>> bind-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210705/eeb25113/attachment-0001.htm>
More information about the bind-users
mailing list