Re: Compiling bind 9.17.15 with alternate OpenSSL library
Setting PKG_CONFIG_PATH should work as charm…
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 7. 2021, at 19:33, Eric Germann wrote:
>
> Bummer.
>
> Thanks for the quick turnaround though!
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
>> On Jul 5, 2021, at 1:07 PM, Ondřej Surý wrote:
>>
>> Oh, you are right. That will get only used when pkg-config based method
>> doesn’t work. We probably should remove that as openssl.pc is now widely
>> available.
>>
>> Ondřej
>> --
>> Ondřej Surý — ISC (He/Him)
>>
>> My working hours and your working hours may be different. Please do not feel
>> obligated to reply outside your normal working hours.
>>
On 5. 7. 2021, at 18:57, Eric Germann wrote:
>>> I’m confused
>>>
>>> ./configure --help | grep openssl
>>>
>>> --with-openssl=DIR root of the OpenSSL directory
>>>
>>> ---
>>> Eric Germann
>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>> Twitter: @ekgermann
>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>
>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>>
>>>
>>>
>>>
>>>
>>>
>>>
On Jul 5, 2021, at 12:55 PM, Ondřej Surý wrote:
Eric,
configure uses pkg-config to detect OpenSSL version thus you need to point
pkg-config to the right directory.
There’s no such option to configure.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not
feel obligated to reply outside your normal working hours.
>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users
>> wrote:
>>
> I’m in the process of building a custom version of bind with DoH and
> would also like to add DNSSEC algorithm 15 for experimental purposes
>
> DoH works just fine on the servers I have configured.
>
> My “configure" command is
>
> ./configure --with-openssl=../openssl-1.1.1k --with-libxml2
> --with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace
> --sysconfdir=/etc/namedb
>
> When I override the SSL library, it doesn’t pick it up. It uses the
> system library of 1.0.2k-fips from the system (Centos 7
> 10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
> x86_64 x86_64 GNU/Linux)
>
> I know when I build nginx, I can override the SSL library by pointing to
> the OpenSSL directory and it shows and functions with the correct library
> (1.1.1k).
>
> I’ve built OpenSSL in the directory spec’d in the config line, but
> haven’t done a “make install” because it will trash the system.
>
> Is there anyway to build against 1.1.1k without doing a “make install” on
> the newer OpenSSL library?
>
> Thanks
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>>>
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Compiling bind 9.17.15 with alternate OpenSSL library
Bummer.
Thanks for the quick turnaround though!
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
> On Jul 5, 2021, at 1:07 PM, Ondřej Surý wrote:
>
> Oh, you are right. That will get only used when pkg-config based method
> doesn’t work. We probably should remove that as openssl.pc is now widely
> available.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> On 5. 7. 2021, at 18:57, Eric Germann wrote:
>>
>> I’m confused
>>
>> ./configure --help | grep openssl
>>
>> --with-openssl=DIR root of the OpenSSL directory
>>
>> ---
>> Eric Germann
>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>
>> Twitter: @ekgermann
>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>
>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>
>>
>>
>>
>>
>>
>>
>>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý >> > wrote:
>>>
>>> Eric,
>>>
>>> configure uses pkg-config to detect OpenSSL version thus you need to point
>>> pkg-config to the right directory.
>>>
>>> There’s no such option to configure.
>>>
>>> Ondřej
>>> --
>>> Ondřej Surý — ISC (He/Him)
>>>
>>> My working hours and your working hours may be different. Please do not
>>> feel obligated to reply outside your normal working hours.
>>>
On 5. 7. 2021, at 18:24, Eric Germann via bind-users
mailto:bind-users@lists.isc.org>> wrote:
I’m in the process of building a custom version of bind with DoH and
would also like to add DNSSEC algorithm 15 for experimental purposes
DoH works just fine on the servers I have configured.
My “configure" command is
./configure --with-openssl=../openssl-1.1.1k --with-libxml2
--with-json-c --disable-dnstap --enable-fixed-rrset --enable-querytrace
--sysconfdir=/etc/namedb
When I override the SSL library, it doesn’t pick it up. It uses the
system library of 1.0.2k-fips from the system (Centos 7
10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64
x86_64 x86_64 GNU/Linux)
I know when I build nginx, I can override the SSL library by pointing to
the OpenSSL directory and it shows and functions with the correct library
(1.1.1k).
I’ve built OpenSSL in the directory spec’d in the config line, but haven’t
done a “make install” because it will trash the system.
Is there anyway to build against 1.1.1k without doing a “make install” on
the newer OpenSSL library?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users
to unsubscribe from
this list
ISC funds the development of this software with paid support
subscriptions. Contact us at https://www.isc.org/contact/
https://lists.isc.org/mailman/listinfo/bind-users
>>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Compiling bind 9.17.15 with alternate OpenSSL library
Oh, you are right. That will get only used when pkg-config based method doesn’t
work. We probably should remove that as openssl.pc is now widely available.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 7. 2021, at 18:57, Eric Germann wrote:
>
> I’m confused
>
> ./configure --help | grep openssl
>
> --with-openssl=DIR root of the OpenSSL directory
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
>> On Jul 5, 2021, at 12:55 PM, Ondřej Surý wrote:
>>
>> Eric,
>>
>> configure uses pkg-config to detect OpenSSL version thus you need to point
>> pkg-config to the right directory.
>>
>> There’s no such option to configure.
>>
>> Ondřej
>> --
>> Ondřej Surý — ISC (He/Him)
>>
>> My working hours and your working hours may be different. Please do not feel
>> obligated to reply outside your normal working hours.
>>
On 5. 7. 2021, at 18:24, Eric Germann via bind-users
wrote:
>>> I’m in the process of building a custom version of bind with DoH and would
>>> also like to add DNSSEC algorithm 15 for experimental purposes
>>>
>>> DoH works just fine on the servers I have configured.
>>>
>>> My “configure" command is
>>>
>>> ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c
>>> --disable-dnstap --enable-fixed-rrset --enable-querytrace
>>> --sysconfdir=/etc/namedb
>>>
>>> When I override the SSL library, it doesn’t pick it up. It uses the system
>>> library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64
>>> #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>>
>>> I know when I build nginx, I can override the SSL library by pointing to
>>> the OpenSSL directory and it shows and functions with the correct library
>>> (1.1.1k).
>>>
>>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t
>>> done a “make install” because it will trash the system.
>>>
>>> Is there anyway to build against 1.1.1k without doing a “make install” on
>>> the newer OpenSSL library?
>>>
>>> Thanks
>>>
>>> ---
>>> Eric Germann
>>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>> Twitter: @ekgermann
>>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>>
>>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> ISC funds the development of this software with paid support subscriptions.
>>> Contact us at https://www.isc.org/contact/ for more information.
>>>
>>>
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Compiling bind 9.17.15 with alternate OpenSSL library
I’m confused
./configure --help | grep openssl
--with-openssl=DIR root of the OpenSSL directory
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
> On Jul 5, 2021, at 12:55 PM, Ondřej Surý wrote:
>
> Eric,
>
> configure uses pkg-config to detect OpenSSL version thus you need to point
> pkg-config to the right directory.
>
> There’s no such option to configure.
>
> Ondřej
> --
> Ondřej Surý — ISC (He/Him)
>
> My working hours and your working hours may be different. Please do not feel
> obligated to reply outside your normal working hours.
>
>> On 5. 7. 2021, at 18:24, Eric Germann via bind-users
>> wrote:
>>
>> I’m in the process of building a custom version of bind with DoH and would
>> also like to add DNSSEC algorithm 15 for experimental purposes
>>
>> DoH works just fine on the servers I have configured.
>>
>> My “configure" command is
>>
>> ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c
>> --disable-dnstap --enable-fixed-rrset --enable-querytrace
>> --sysconfdir=/etc/namedb
>>
>> When I override the SSL library, it doesn’t pick it up. It uses the system
>> library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64
>> #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>>
>> I know when I build nginx, I can override the SSL library by pointing to the
>> OpenSSL directory and it shows and functions with the correct library
>> (1.1.1k).
>>
>> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t
>> done a “make install” because it will trash the system.
>>
>> Is there anyway to build against 1.1.1k without doing a “make install” on
>> the newer OpenSSL library?
>>
>> Thanks
>>
>> ---
>> Eric Germann
>> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
>> LinkedIn: https://www.linkedin.com/in/ericgermann
>>
>> Twitter: @ekgermann
>> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>>
>> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>>
>>
>>
>>
>>
>>
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> ISC funds the development of this software with paid support subscriptions.
>> Contact us at https://www.isc.org/contact/ for more information.
>>
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Compiling bind 9.17.15 with alternate OpenSSL library
Eric,
configure uses pkg-config to detect OpenSSL version thus you need to point
pkg-config to the right directory.
There’s no such option to configure.
Ondřej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to reply outside your normal working hours.
> On 5. 7. 2021, at 18:24, Eric Germann via bind-users
> wrote:
>
> I’m in the process of building a custom version of bind with DoH and would
> also like to add DNSSEC algorithm 15 for experimental purposes
>
> DoH works just fine on the servers I have configured.
>
> My “configure" command is
>
> ./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c
> --disable-dnstap --enable-fixed-rrset --enable-querytrace
> --sysconfdir=/etc/namedb
>
> When I override the SSL library, it doesn’t pick it up. It uses the system
> library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1
> SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
>
> I know when I build nginx, I can override the SSL library by pointing to the
> OpenSSL directory and it shows and functions with the correct library
> (1.1.1k).
>
> I’ve built OpenSSL in the directory spec’d in the config line, but haven’t
> done a “make install” because it will trash the system.
>
> Is there anyway to build against 1.1.1k without doing a “make install” on the
> newer OpenSSL library?
>
> Thanks
>
> ---
> Eric Germann
> ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
> LinkedIn: https://www.linkedin.com/in/ericgermann
> Twitter: @ekgermann
> Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
>
> GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
>
>
>
>
>
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Compiling bind 9.17.15 with alternate OpenSSL library
I’m in the process of building a custom version of bind with DoH and would also
like to add DNSSEC algorithm 15 for experimental purposes
DoH works just fine on the servers I have configured.
My “configure" command is
./configure --with-openssl=../openssl-1.1.1k --with-libxml2 --with-json-c
--disable-dnstap --enable-fixed-rrset --enable-querytrace
--sysconfdir=/etc/namedb
When I override the SSL library, it doesn’t pick it up. It uses the system
library of 1.0.2k-fips from the system (Centos 7 10.0-1160.25.1.el7.x86_64 #1
SMP Wed Apr 28 21:49:45 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux)
I know when I build nginx, I can override the SSL library by pointing to the
OpenSSL directory and it shows and functions with the correct library (1.1.1k).
I’ve built OpenSSL in the directory spec’d in the config line, but haven’t done
a “make install” because it will trash the system.
Is there anyway to build against 1.1.1k without doing a “make install” on the
newer OpenSSL library?
Thanks
---
Eric Germann
ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com
LinkedIn: https://www.linkedin.com/in/ericgermann
Twitter: @ekgermann
Telegram || Signal || Phone +1 {dash} 419 {dash} 513 {dash} 0712
GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
signature.asc
Description: Message signed with OpenPGP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
