Re: OpenSSL problem: bind98-base FreeBSD port

Mon, 09 Jul 2012 00:25:01 -0700 

On 09/07/2012 01:40, Doug Barton wrote:
> On 07/08/2012 17:33, Matthew Pounsett wrote:
>>
>> On 2012/07/08, at 20:29, Matthew Pounsett wrote:
>>
>>>
>>> On 2012/07/08, at 20:26, Mark Andrews wrote:
>>>
>>>>
>>>> One can also build named w/o GOST support if one wants.  We statically
>>>> link all the engines when building named on Windows.
>>>
>>> Unfortunately the port doesn't provide the config hooks to disable GOST 
>>> support.
>>
>> Actually.. how do you go about doing that anyway?  I was just taking a look 
>> at writing a patch for the port to allow GOST to be turned off, but BIND's 
>> configure script doesn't have any information in it about disabling 
>> individual ciphers.
> 
> I wouldn't accept it anyway. For better or worse, GOST is part of the
> protocol.

GOST is not available in the version of OpenSSL in the FreeBSD base.

Here's a patch to turn off GOST from the dns/bind99 port when used with
openssl 1.0.x also from ports:

cvs diff: Diffing .
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/dns/bind99/Makefile,v
retrieving revision 1.9
diff -u -u -r1.9 Makefile
--- Makefile    4 Jun 2012 21:51:34 -0000       1.9
+++ Makefile    9 Jun 2012 08:59:45 -0000
@@ -209,6 +209,11 @@
                ${WRKSRC}/bin/named/Makefile.in.Dist > \
                ${WRKSRC}/bin/named/Makefile.in

+.if defined(WITH_OPENSSL_PORT)
+post-configure:
+       ${SED} -i~ -e 's:^#define HAVE_OPENSSL_GOST.*:/* #undef
HAVE_OPENSSL_GOST */:' ${WRKSRC}/config.h
+.endif
+
 PORTDOCS=      *
 PKGMESSAGE=    ${.CURDIR}/../bind97/pkg-message
 PKGINSTALL=    ${.CURDIR}/../bind97/pkg-install

The equivalent for dns/bind98 is almost identical.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matt...@infracaninophile.co.uk               Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to