BIND 9.8.1-P1 with OpenSSL 1.0.0 issues..

Matthew Seaman m.seaman at
Wed Nov 23 15:27:42 UTC 2011

On 23/11/2011 14:01, Jerry wrote:
> On Wed, 23 Nov 2011 13:18:45 +0000
> Matthew Seaman articulated:
>> I've been using the attached patch with the dns/bind98 port and
>> openssl-1.0.x from ports for months.  This disables using the GOST
>> cipher plugins -- which is no big deal as far as I'm concerned.  GOST
>> ciphers are only supplied as plugin modules unlike all other ciphers
>> in openssl, which is a new thing with version 1.0.0 in ports.  It's
>> that plugin shlib not playing well with chroot that
>> apparently causes named to crash.
> Mathew, has anyone filed a PR either here or upstream regarding this
> phenomena?

I sent my patch to Doug Barton (bind maintainer in src/ports) but he
didn't accept it.  Discussions I've seen around this are that the
OpenSSL guys say that it's not a bug from their side, and that bind is
doing it wrong.  I believe the ISC guys are aware but I don't know if
they have a fix in the works or not.  Possibly some advanced combination
of LDFLAGS at compile-time might sort things,  but I really have no idea.



Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP:     Ramsgate
JID: matthew at               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list