Re: Compiling Unbound for algorithm 15 on Ubuntu 16.04

2017-12-07 Thread W.C.A. Wijngaards via Unbound-users 
Hi Marco,

The right way is to use openssl 1.1.1, but it is maybe not available.

With libnettle, unbound has to compile --with-libunbound-only for it to
work.  But then you don't have the daemon.  So that was not what you
wanted, instead you wanted a very new openssl.

You can compile --with-ssl=, but then you'd
need to compile a different openssl and install it somewhere.  Because
of dynamic libraries, something like --enable-rpath is then good too (so
that the binary would find your custom compiled libraries, rpath is
disabled by default because that is nicer for installs).

Best regards, Wouter

On 07/12/17 10:07, Marco Davids (SIDN) via Unbound-users wrote:
> Hi,
> 
> I'd like to enable support for algorithm 15 (ED25519) with Unbound on
> Ubuntu 16.04. Algo 16 (ED448) too, but that may not be possible.
> 
> Apparently I need OpenSSL 1.1.1, which is not present on Ubuntu 16.04,
> or libnettle (as indicated on https://ed25519.nl/).
> 
> So, I tried:
> 
> ./configure --enable-ed25519 --with-nettle
> 
> The compile fails (see attachment for errors).
> 
> I must be doing something wrong here. Any help is appreciated.
> 
> Example domains:
>   ed25519.nl (algo 15)
>   dnssec-check.nl (algo 16)
> 
> Source: Unbound 1.6.7
> OS: Ubuntu 16.04.3 LTS
> nettle-dev 3.2-1ubuntu0.16.04.1
> openssl 1.0.2g-1ubuntu4.9
> 




signature.asc
Description: OpenPGP digital signature

Compiling Unbound for algorithm 15 on Ubuntu 16.04

2017-12-07 Thread Marco Davids (SIDN) via Unbound-users 
Hi,

I'd like to enable support for algorithm 15 (ED25519) with Unbound on
Ubuntu 16.04. Algo 16 (ED448) too, but that may not be possible.

Apparently I need OpenSSL 1.1.1, which is not present on Ubuntu 16.04,
or libnettle (as indicated on https://ed25519.nl/).

So, I tried:

./configure --enable-ed25519 --with-nettle

The compile fails (see attachment for errors).

I must be doing something wrong here. Any help is appreciated.

Example domains:
  ed25519.nl (algo 15)
  dnssec-check.nl (algo 16)

Source: Unbound 1.6.7
OS: Ubuntu 16.04.3 LTS
nettle-dev 3.2-1ubuntu0.16.04.1
openssl 1.0.2g-1ubuntu4.9

-- 
Marco
~/src/unbound/unbound-1.6.7$ make
./libtool --tag=CC --mode=compile gcc -I.  -I/usr/include/nettle -g -O2 -flto 
-pthread  -o cachedump.lo -c daemon/cachedump.c
libtool: compile:  gcc -I. -I/usr/include/nettle -g -O2 -flto -pthread -c 
daemon/cachedump.c  -fPIC -DPIC -o .libs/cachedump.o
In file included from /usr/include/openssl/x509.h:107:0,
 from /usr/include/openssl/ssl.h:156,
 from daemon/cachedump.c:43:
/usr/include/openssl/sha.h:191:3: error: conflicting types for ‘SHA512_CTX’
 } SHA512_CTX;
   ^
In file included from daemon/cachedump.c:42:0:
./config.h:1164:3: note: previous declaration of ‘SHA512_CTX’ was here
 } SHA512_CTX;
   ^
In file included from /usr/include/openssl/x509.h:107:0,
 from /usr/include/openssl/ssl.h:156,
 from daemon/cachedump.c:43:
/usr/include/openssl/sha.h:203:5: error: conflicting types for ‘SHA512_Init’
 int SHA512_Init(SHA512_CTX *c);
 ^
In file included from daemon/cachedump.c:42:0:
./config.h:1166:6: note: previous declaration of ‘SHA512_Init’ was here
 void SHA512_Init(SHA512_CTX*);
  ^
In file included from /usr/include/openssl/x509.h:107:0,
 from /usr/include/openssl/ssl.h:156,
 from daemon/cachedump.c:43:
/usr/include/openssl/sha.h:204:5: error: conflicting types for ‘SHA512_Update’
 int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
 ^
In file included from daemon/cachedump.c:42:0:
./config.h:1167:6: note: previous declaration of ‘SHA512_Update’ was here
 void SHA512_Update(SHA512_CTX*, void*, size_t);
  ^
In file included from /usr/include/openssl/x509.h:107:0,
 from /usr/include/openssl/ssl.h:156,
 from daemon/cachedump.c:43:
/usr/include/openssl/sha.h:205:5: error: conflicting types for ‘SHA512_Final’
 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
 ^
In file included from daemon/cachedump.c:42:0:
./config.h:1168:6: note: previous declaration of ‘SHA512_Final’ was here
 void SHA512_Final(uint8_t[SHA512_DIGEST_LENGTH], SHA512_CTX*);
  ^
In file included from /usr/include/openssl/x509.h:107:0,
 from /usr/include/openssl/ssl.h:156,
 from daemon/cachedump.c:43:
/usr/include/openssl/sha.h:206:16: error: conflicting types for ‘SHA512’
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
^
In file included from daemon/cachedump.c:42:0:
./config.h:1169:16: note: previous declaration of ‘SHA512’ was here
 unsigned char *SHA512(void* data, unsigned int data_len, unsigned char 
*digest);
^
daemon/cachedump.c: In function ‘dump_rrset_line’:
daemon/cachedump.c:69:10: warning: implicit declaration of function 
‘ssl_printf’ [-Wimplicit-function-declaration]
   return ssl_printf(ssl, "BADRR\n");
  ^
daemon/cachedump.c: In function ‘ssl_read_buf’:
daemon/cachedump.c:306:9: warning: implicit declaration of function 
‘ssl_read_line’ [-Wimplicit-function-declaration]
  return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf),
 ^
Makefile:282: recipe for target 'cachedump.lo' failed
make: *** [cachedump.lo] Error 1



signature.asc
Description: OpenPGP digital signature