On 20 Apr 2011, at 01:11, Mark Andrews <ma...@isc.org> wrote: > In message <4dadfb29.6080...@dougbarton.us>, Doug Barton writes: >> I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled >> against openssl 1.0.0d not being able to chroot unless they copy >> $PREFIX/lib/engines/libgost.so into the chroot environment. > > It's a matter of how OpenSSL is built. You can build openssl with > gost as a dynamically loaded engine or you can build openssl with > the engines already linked in. > > Gost, unlike the rest of the crypto, is implemented as a engine.
I have encountered exactly the problem Doug described. I'll have to have a closer look at my OpenSSL build. I sent a message to bind9-bugs asking for a bit more flexibility in BIND's build configuration for GOST support, so it can be turned off easily in BIND even if OpenSSL supports it. (At the moment I bodge config.h to do this.) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
