On Wed, 2012-10-10 at 18:44 +0000, Evan Hunt wrote:
> > BIND 9.7.7, 9.8.4 and 9.9.2 have "improved" OpenSSL error logging.
> > Unfortunately, our logs are now filling up with "RSA_verify failed"
> > messages.
>
> Yeah, oops, we made that one too noisy. You're not the first one
> who's noticed. :/
>
> > How does one go about tracking down the source of these failures and
> > correcting them? (We are running OpenSSL 1.0.1c.)
>
> In BIND9, in lib/dns/opensslrsa_link.c, change this:
>
> return (dst__openssl_toresult2("RSA_verify",
> DST_R_VERIFYFAILURE));
>
> to this:
>
> return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
> Evan, After applying this change the logs still fill up with some crud (9.9.2) now still fills up with Oct 12 04:13:46 ns1 named[18293]: sucessfully validated after lower casing signer 'US' Oct 12 04:36:35 ns1 named[18293]: sucessfully validated after lower casing signer 'CO' Oct 12 04:36:35 ns1 last message repeated 4 times ... any method to disable this? Is it in its own category we can null out without affecting any other logging? Cheers
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
