Report information
The Basics
Id:
46837
Status:
rejected
Priority:
Medium/Medium
Queue:
bind9-public
People
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
(no value)
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
(no value)
Dates
Created:Tue, 12 Dec 2017 04:44:20 -0500
Updated:Tue, 12 Dec 2017 14:44:09 -0500
Closed:Tue, 12 Dec 2017 14:43:53 -0500

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Tue, 12 Dec 2017 04:44:20 -0500 Jakob Schlyter <jakob@kirei.se> - Ticket created
Subject: BIND 9 with GOST & OpenSSL 1.1
To: bind-bugs@isc.org
From: "Jakob Schlyter" <jakob@kirei.se>
Date: Tue, 12 Dec 2017 10:44:07 +0100

Greetings, I cannot get BIND 9.12.0b1 to build with OpenSSL 1.1 and GOST. It seems that GOST is no longer an engine in OpenSSL 1.1, so the autoconf test must be rewritten. Building with OpenSSL 1.0 works (but then I can't get eddsa). jakob (trying to build a signer that can support all algorithms) -- Jakob Schlyter Kirei AB - www.kirei.se
  Tue, 12 Dec 2017 09:57:21 -0500 Michał Kępień <michal@isc.org> - Correspondence added

Hi Jakob, Thank you for reaching out. I am not sure I fully understand your report, though. OpenSSL 1.1 indeed does not support GOST, but could you please explain what you meant by "rewriting the autoconf test"? "./configure --with-gost" fails hard when attempted with OpenSSL 1.1 whereas a plain "./configure" properly detects that GOST is unavailable and thus disables GOST support in BIND. In light of the above, could you please provide a more detailed explanation of the problem that you are observing?
Tue, 12 Dec 2017 09:57:22 -0500 The RT System itself - Status changed from 'new' to 'open'
  Tue, 12 Dec 2017 09:59:35 -0500 Jakob Schlyter <jakob@kirei.se> - Correspondence added
Subject: Re: [ISC-Bugs #46837] BIND 9 with GOST & OpenSSL 1.1
To: "Michał Kępień via RT" <bind9-confidential@isc.org>
From: "Jakob Schlyter" <jakob@kirei.se>
Date: Tue, 12 Dec 2017 15:59:28 +0100

On 2017-12-12 at 15:57, Michał Kępień via RT wrote: > Thank you for reaching out. I am not sure I fully understand your > report, though. OpenSSL 1.1 indeed does not support GOST, but could > you > please explain what you meant by "rewriting the autoconf test"? > "./configure --with-gost" fails hard when attempted with OpenSSL 1.1 > whereas a plain "./configure" properly detects that GOST is > unavailable > and thus disables GOST support in BIND. > > In light of the above, could you please provide a more detailed > explanation of the problem that you are observing? Ah, I somehow got the impression the GOST curves was moved into the non-engine, now I see they are external. Sorry - please close and ignore :-) jakob
  Tue, 12 Dec 2017 11:28:58 -0500 Francis Dupont <Francis_Dupont@isc.org> - Correspondence added

OpenSSL 1.1 does not support GOST and the free source GOST engine does not work with OpenSSL 1.1 new API... so there is no easy way to recover.
Tue, 12 Dec 2017 14:43:53 -0500 Michał Kępień <michal@isc.org> - Status changed from 'open' to 'rejected'
Tue, 12 Dec 2017 14:43:53 -0500 Michał Kępień <michal@isc.org> - Taken
Tue, 12 Dec 2017 14:44:09 -0500 Michał Kępień <michal@isc.org> - Queue changed from #6 to bind9-public