Did you compile both openssl and bind or are you using a prebuilt binary?
There are (apparently) problems with OpenSSL 1.0.2 on the 32 bit Solaris 10 platform. This was discussed on the openssl-users mailing list a few months ago. The "fix" was building with an openssl 1.0.1 version on that platform. I would try that myself. Ted On 7/24/2015 10:31 AM, Stewart, Larry C Sr CTR DISA JITC (US) wrote:
All It occurred to me that you may need more info to assist me the logs show the following: Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] starting BIND 9.10.2-P2 -t /nithr -u nithr -d 2 -f Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] built with '--prefix=/' '--with-openssl=/usr/local/ssl' '--enable-threads' 'CC=/usr/sfw/bin/gcc' Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ---------------------------------------------------- Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] BIND 9 is maintained by Internet Systems Consortium, Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] Inc. (ISC), a non-profit 501(c)(3) public-benefit Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] corporation. Support and training for BIND 9 are Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] available at https://www.isc.org/support Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] ---------------------------------------------------- Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.warning] ENGINE_by_id failed (crypto failure) Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] initializing DST: crypto failure Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] exiting (due to fatal error) As you can see I am running named in a chroot jail. I compile it the same as when I am using the older version of openssl. Looking on line this issue seems to have raised its head with the release of openssl 1.0.0, but I have yet to discover a solution on line. Larry Stewart, CISSP Contractor - ManTech Network Engineer Office: 520-538-4227 DSN: 879-4227 Cell phone: 520-227-8251 larry.c.stewart....@mail.mil -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Stewart, Larry C Sr CTR DISA JITC (US) Sent: Friday, July 24, 2015 9:22 AM To: bind-users@lists.isc.org Subject: Crypto failure Issues I am having issues with bind failing to start due to a crypto failure when I compile with the --with-openssl option when I have openssl version 1.0.2d or 1.0.2c Is anyone aware of any compatibility issues between bind and openssl version 1.0.2? I have no issues when I use openssl version 0.9.8zf. My system is a Solaris 10 x86 OS Larry Stewart, CISSP Contractor - ManTech Network Engineer Office: 520-538-4227 DSN: 879-4227 Cell phone: 520-227-8251 larry.c.stewart....@mail.mil _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
