I am using a prebuilt binary will give compiling it myself a try and see what that yields.
Larry Stewart, CISSP Contractor - ManTech Network Engineer Office: 520-538-4227 DSN: 879-4227 Cell phone: 520-227-8251 larry.c.stewart....@mail.mil -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ted Mittelstaedt Sent: Friday, July 24, 2015 12:28 PM To: bind-users@lists.isc.org Subject: Re: Crypto failure Issues Did you compile both openssl and bind or are you using a prebuilt binary? There are (apparently) problems with OpenSSL 1.0.2 on the 32 bit Solaris 10 platform. This was discussed on the openssl-users mailing list a few months ago. The "fix" was building with an openssl 1.0.1 version on that platform. I would try that myself. Ted On 7/24/2015 10:31 AM, Stewart, Larry C Sr CTR DISA JITC (US) wrote: > All > > It occurred to me that you may need more info to assist me the logs show the > following: > > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] starting > BIND 9.10.2-P2 -t /nithr -u nithr -d 2 -f > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] built with > '--prefix=/' '--with-openssl=/usr/local/ssl' '--enable-threads' > 'CC=/usr/sfw/bin/gcc' > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] > ---------------------------------------------------- > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] BIND 9 is > maintained by Internet Systems Consortium, > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] Inc. (ISC), > a non-profit 501(c)(3) public-benefit > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] corporation. > Support and training for BIND 9 are > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] available at > https://www.isc.org/support > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.notice] > ---------------------------------------------------- > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.warning] > ENGINE_by_id failed (crypto failure) > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] initializing > DST: crypto failure > Jul 23 15:55:11 nit-dns2 named[20169]: [ID 873579 daemon.crit] exiting (due > to fatal error) > > > As you can see I am running named in a chroot jail. I compile it the same as > when I am using the older version of openssl. Looking on line this issue > seems to have raised its head with the release of openssl 1.0.0, but I have > yet to discover a solution on line. > > Larry Stewart, CISSP > Contractor - ManTech > Network Engineer > Office: 520-538-4227 > DSN: 879-4227 > Cell phone: 520-227-8251 > larry.c.stewart....@mail.mil > > > -----Original Message----- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Stewart, Larry C Sr > CTR DISA JITC (US) > Sent: Friday, July 24, 2015 9:22 AM > To: bind-users@lists.isc.org > Subject: Crypto failure Issues > > I am having issues with bind failing to start due to a crypto failure when I > compile with the --with-openssl option when I have openssl version 1.0.2d or > 1.0.2c > > Is anyone aware of any compatibility issues between bind and openssl version > 1.0.2? I have no issues when I use openssl version 0.9.8zf. > > My system is a Solaris 10 x86 OS > > Larry Stewart, CISSP > Contractor - ManTech > Network Engineer > Office: 520-538-4227 > DSN: 879-4227 > Cell phone: 520-227-8251 > larry.c.stewart....@mail.mil > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
