On 09/07/2012 01:40, Doug Barton wrote: > On 07/08/2012 17:33, Matthew Pounsett wrote: >> >> On 2012/07/08, at 20:29, Matthew Pounsett wrote: >> >>> >>> On 2012/07/08, at 20:26, Mark Andrews wrote: >>> >>>> >>>> One can also build named w/o GOST support if one wants. We statically >>>> link all the engines when building named on Windows. >>> >>> Unfortunately the port doesn't provide the config hooks to disable GOST >>> support. >> >> Actually.. how do you go about doing that anyway? I was just taking a look >> at writing a patch for the port to allow GOST to be turned off, but BIND's >> configure script doesn't have any information in it about disabling >> individual ciphers. > > I wouldn't accept it anyway. For better or worse, GOST is part of the > protocol.
GOST is not available in the version of OpenSSL in the FreeBSD base.
Here's a patch to turn off GOST from the dns/bind99 port when used with
openssl 1.0.x also from ports:
cvs diff: Diffing .
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/bind99/Makefile,v
retrieving revision 1.9
diff -u -u -r1.9 Makefile
--- Makefile 4 Jun 2012 21:51:34 -0000 1.9
+++ Makefile 9 Jun 2012 08:59:45 -0000
@@ -209,6 +209,11 @@
${WRKSRC}/bin/named/Makefile.in.Dist > \
${WRKSRC}/bin/named/Makefile.in
+.if defined(WITH_OPENSSL_PORT)
+post-configure:
+ ${SED} -i~ -e 's:^#define HAVE_OPENSSL_GOST.*:/* #undef
HAVE_OPENSSL_GOST */:' ${WRKSRC}/config.h
+.endif
+
PORTDOCS= *
PKGMESSAGE= ${.CURDIR}/../bind97/pkg-message
PKGINSTALL= ${.CURDIR}/../bind97/pkg-install
The equivalent for dns/bind98 is almost identical.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: [email protected] Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
