I’m in the process of building a custom version of bind with DoH and would also like to add DNSSEC algorithm 15 for experimental purposes
DoH works just fine on the servers I have configured.
My “configure" command is
./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c
--disable-dnstap --enable-fixed-rrset --enable-querytrace
--sysconfdir=/etc/namedb
When I override the SSL library, it doesn’t pick it up. It uses the system
library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1
SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
I know when I build nginx, I can override the SSL library by pointing to the
OpenSSL directory and it shows and functions with the correct library (1.1.1k).
I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done
a “make install” because it will trash the system.
Is there anyway to build against 1.1.1k without doing a “make install” on the
newer OpenSSL library?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
