On 04/19/2011 17:11, Mark Andrews wrote:
In message<4dadfb29.6080...@dougbarton.us>, Doug Barton writes:
I have had 2 reports now of people using BIND 9.8.0 on FreeBSD compiled
against openssl 1.0.0d not being able to chroot unless they copy
$PREFIX/lib/engines/libgost.so into the chroot environment.
Traditionally, copying libs into the chroot directory has not been
necessary, so I'm curious. Building 9.8 against the default openssl in
the FreeBSD base (0.9.8q) I have not experienced this problem.
I haven't actually tried this with 1.0.0d myself yet, so I thought I'd
ask about it here first before filing a bug report. Could this be a
(previously unknown form of) user error? Or is it an actual BIND bug (or
an openssl bug for that matter)?
It's a matter of how OpenSSL is built. You can build openssl with
gost as a dynamically loaded engine or you can build openssl with
the engines already linked in.
Gost, unlike the rest of the crypto, is implemented as a engine.
I finally had a chance to test this, and using the enable-static-engine
build option didn't have any effect. That was the only relevant-looking
option I was able to find after a non-trivial amount of time looking
through the openssl code and web-searching, do you have any other
suggestions? :)
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
