Re: Improved SSL Error Logging [RT #29932]

Evan Hunt Wed, 10 Oct 2012 11:46:36 -0700

> BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging.
> Unfortunately, our logs are now filling up with "RSA_verify failed"
> messages.


Yeah, oops, we made that one too noisy.  You're not the first one
who's noticed. :/

> How does one go about tracking down the source of these failures and
> correcting them? (We are running OpenSSL 1.0.1c.)

In BIND9, in lib/dns/opensslrsa_link.c, change this:

                return (dst__openssl_toresult2("RSA_verify",
                                               DST_R_VERIFYFAILURE));

to this:

                return (dst__openssl_toresult(DST_R_VERIFYFAILURE));

-- 
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Improved SSL Error Logging [RT #29932]

Reply via email to