MIME-Version: 1.0
From jakob@kirei.se  Tue Dec 12 14:59:34 2017
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kirei.se; s=spg20100524; h=received:from:to:subject:date:x-mailer:message-id:in-reply-to:references: mime-version:content-type:content-transfer-encoding; bh=uP07bAKweEHZk1q8axbB0i6Kh+d7Q+2XhTwkSS5EDqs=; b=zi3V32x2Kc9clIcXZatrzktQGMNX/SnPgLys31y722SqIp6Vi+tNbGZTUh2+sLPmD8ma0oIq6CXio G28lSv0fEENhhL761HeXk+1Yx7ofDE+LEmeUqnXzpOTxgpTuyt3+LOS8aKtWwzeVX9CZb4BLffXuOC eS460Hhi7EXBI2CQ=
Return-Path: <jakob@kirei.se>
Content-Transfer-Encoding: 8bit
References: <RT-Ticket-46837@isc.org> <1DA1C912-9120-4467-B78D-7E73C21AB4C0@kirei.se> <rt-4.4.1-58223-1513090641-1040.46837-5-0@isc.org>
X-RT-Original-Encoding: utf-8
Delivered-To: bind9-confidential@bugs.isc.org
In-Reply-To: <rt-4.4.1-58223-1513090641-1040.46837-5-0@isc.org>
Subject: Re: [ISC-Bugs #46837] BIND 9 with GOST & OpenSSL 1.1
To: "Michał Kępień via RT" <bind9-confidential@isc.org>
From: "Jakob Schlyter" <jakob@kirei.se>
X-RT-Interface: Email
Message-ID: <C0E4FBFA-3F22-4B94-A128-8740E62B36AA@kirei.se>
X-RT-Incoming-Encryption: Not encrypted
content-type: text/plain; charset="utf-8"; format="flowed"
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mx.pao1.isc.org
Date: Tue, 12 Dec 2017 15:59:28 +0100
X-Original-To: bind9-confidential@bugs.isc.org
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 211CED78B0B for <bind9-confidential@bugs.isc.org>; Tue, 12 Dec 2017 14:59:34 +0000 (UTC)
Received: from spg.kirei.se (spg.kirei.se [IPv6:2001:67c:394:15::9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 194533B82FF for <bind9-confidential@isc.org>; Tue, 12 Dec 2017 14:59:31 +0000 (UTC)
Received: from mail.kirei.se (unknown [91.206.174.10]) by spg-relay.kirei.se (Halon) with ESMTPS id 0e0102e2-df4d-11e7-afe1-294b6222eb65; Tue, 12 Dec 2017 15:59:29 +0100 (CET)
X-Mailer: MailMate (1.9.7r5441)
X-Spam-Status: No, score=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD autolearn=unavailable autolearn_force=no version=3.4.1
RT-Message-ID: <rt-4.4.1-58212-1513090775-643.46837-0-0@isc.org>
Content-Length: 737

On 2017-12-12 at 15:57, Michał Kępień via RT wrote:

> Thank you for reaching out.  I am not sure I fully understand your
> report, though.  OpenSSL 1.1 indeed does not support GOST, but could 
> you
> please explain what you meant by "rewriting the autoconf test"?
> "./configure --with-gost" fails hard when attempted with OpenSSL 1.1
> whereas a plain "./configure" properly detects that GOST is 
> unavailable
> and thus disables GOST support in BIND.
>
> In light of the above, could you please provide a more detailed
> explanation of the problem that you are observing?

Ah, I somehow got the impression the GOST curves was moved into the 
non-engine, now I see they are external. Sorry - please close and ignore 
:-)

	jakob