>I have found there is no need to link to different library. What is >needed is just different *configuration*. I found a very simple method >to share with you: > >Use OPENSSL_CONF environment to point to conf file containing: > >.include = /etc/ssl/openssl.cnf >[evp_properties] >rh-allow-sha1-signatures = yes > >That is all needed to get SHA1 verification in DNSSEC back, without >accepting SHA1 in TLS connections at the same time. Cool, eh?
At the risk of going off-topic, it seems that Red Hat is shipping packages with unbound is compiled without support for RSASHA1. So this trick is unlikely help. _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
